On 29 Jun 2015, at 09:06, Michael Ströder <michael@stroeder.com> wrote:
Arran Cudbard-Bell wrote:
On 29 Jun 2015, at 04:56, Michael Ströder <michael@stroeder.com> wrote:
But now for checking the password there is no Session Tracking Control sent along with the bind request (conn=1044, err=49 is ok because I deliberately used a wrong password):
int ldap_bind(LDAP *ld, const char *who, const char *cred, int method);
int ldap_bind_s(LDAP *ld, const char *who, const char *cred, int method);
int ldap_simple_bind(LDAP *ld, const char *who, const char *passwd);
int ldap_simple_bind_s(LDAP *ld, const char *who, const char *passwd);
int ldap_sasl_bind(LDAP *ld, const char *dn, const char *mechanism, struct berval *cred, LDAPControl *sctrls[], LDAPControl *cctrls[], int *msgidp);
Because there's no libldap bind function which takes client or server controls, ug I guess we should set them on the handle and then remove them again.
Despite its misleading name you can also send simple bind requests with ldap_sasl_bind() which has arguments for controls. AFAICS that's what libldap does internally and this is was also python-ldap does.
Ah, yes, as done here: https://github.com/arr2036/ldapperf/blob/master/ldapperf.c#L359 It's actually in the C API draft too https://tools.ietf.org/html/draft-ietf-ldapext-ldap-c-api-05#section-11.4 Ok, pushed that to v3.1.x. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2