我目前正在Linux上针对AD域实施授权机制。我用于授权OpenLDAP库。现在我尝试使用ldap_sasl_bind_s函数执行绑定操作,并且作为来自服务器的响应,我的应用程序正在接受挑战,但我不确定如何解决它。所以我坚持这个:
berval creds; // User creds
berval *srv = NULL; // Server challenge
creds.bv_val = (char*)password.c_str();
creds.bv_len = password.length();
ret = ldap_sasl_bind_s(
ldapConnection,
username.c_str(),
"DIGEST-MD5",
&creds,
NULL,
NULL,
&srv
);
if((srv != NULL) && (ret == LDAP_SASL_BIND_IN_PROGRESS)) // If challenge has been received
{
// Challenge solving mechanism goes there.
ret = ldap_sasl_bind_s(
ldapConnection,
username.c_str(),
"DIGEST-MD5",
srv, // Not sure if it's the right place
NULL,
NULL,
NULL
);
if(ret != LDAP_SUCCESS) // Here I get 0x31 (LDAP_INVALID_CREDENTIALS)
{
ldap_unbind_ext(ldapConnection, NULL, NULL);
return false;
}
}
答案 0 :(得分:0)
好的,感谢IBM Knowledge Center我想到了如何绑定凭据。使用简单的auth机制我们可以通过调用
来完成ret = ldap_sasl_bind_s(
ldapConnection,
"username@example.com",
NULL, // Simple bind mechanism
&creds,
NULL,
NULL,
NULL
);