ldap - LDAP / SASL Client "unable to canonify user and get auxprops"
问题描述
I'm trying to get some simple username / password authentification against a LDAP / AD server. To test my code I setup a openLDAP Server on my local Ubuntu 18.04. The Application is based on QT 5.12, but this shouldn't have a big influence.
My Goal is to get some wrapper with minimal reliance on system configuration.
To authenticate I tried this code:
int main(int argc, char *argv[])
{
qDebug() << "starting";
QCoreApplication a(argc, argv);
auto* testInst = new ldap_wrapper("ldap:///localhost");
try {
testInst->init();
testInst->authenticate("manager", "manager!");
} catch (char* e) {
qDebug() << "Error: " << e;
}
return a.exec();
}
void ldap_wrapper::authenticate(QString username, QString password) {
this->username = username;
this->password = password;
qDebug() << "starting bind";
int err = ldap_sasl_interactive_bind_s
(
this->handle,
nullptr, // const char * dn
nullptr, // pass null as mechs list, mech negotiated with server.
nullptr, // LDAPControl * sctrls[]
nullptr, // LDAPControl * cctrls[]
LDAP_SASL_QUIET, // unsigned flags
ldapexample_sasl_interact, // LDAP_SASL_INTERACT_PROC * interact
this // void* accessable in callback, we pass ourself.
);
if (err != LDAP_SUCCESS)
{
fprintf(stderr, "ldap_sasl_interactive_bind_s(): %s\n", ldap_err2string(err));
char* errmsg;
ldap_get_option(this->handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&errmsg);
fprintf(stderr, "ldap_sasl_interactive_bind_s(): %s\n", errmsg);
ldap_memfree(errmsg);
}
}
int ldap_wrapper::ldapexample_sasl_interact(LDAP * ld, unsigned flags, void * defaults, void * sin) {
ldap_wrapper * ldap_inst;
sasl_interact_t * interact;
if (!(ld))
return(LDAP_PARAM_ERROR);
if (!(defaults))
return(LDAP_PARAM_ERROR);
if (!(sin))
return(LDAP_PARAM_ERROR);
switch(flags)
{
case LDAP_SASL_AUTOMATIC:
case LDAP_SASL_INTERACTIVE:
case LDAP_SASL_QUIET:
default:
break;
};
ldap_inst = (ldap_wrapper*)defaults;
for(interact = (sasl_interact_t*)sin; (interact->id != SASL_CB_LIST_END); interact++)
{
qDebug() << "Callback fired";
interact->result = NULL;
interact->len = 0;
switch(interact->id)
{
case SASL_CB_GETREALM:
qDebug() << "realm";
interact->result = ldap_inst->realm.toStdString().c_str();
interact->len = (unsigned)ldap_inst->realm.length();
break;
case SASL_CB_AUTHNAME:
qDebug() << "auth";
case SASL_CB_USER:
qDebug() << "username";
interact->result = ldap_inst->username.toStdString().c_str();
interact->len = (unsigned)ldap_inst->username.length();
break;
case SASL_CB_PASS:
qDebug() << "password";
interact->result = ldap_inst->password.toStdString().c_str();
interact->len = (unsigned)ldap_inst->password.length();
break;
case SASL_CB_NOECHOPROMPT:
qDebug() << "SASL Data: SASL_CB_NOECHOPROMPT";
break;
case SASL_CB_ECHOPROMPT:
qDebug() << "SASL Data: SASL_CB_ECHOPROMPT";
break;
default:
qDebug() << "SASL Data: unknown option: %lu", interact->id;
break;
};
};
return(LDAP_SUCCESS);
}
with this result:
starting bind
Callback fired
username
Callback fired
auth
username
Callback fired
password
ldap_sasl_interactive_bind_s(): Insufficient access
ldap_sasl_interactive_bind_s(): SASL(-14): authorization failure: unable to canonify user and get auxprops
I tries reading the man ldap and googled for hours, but still have absolutly no clue what causes this result.
解决方案
推荐阅读
- regex - Dreamweaver 中的正则表达式:错误?
- javascript - 您可以在不参考运行或编译时间的情况下定义静态和动态语言吗?
- c# - StackOverflow 与 C# 中的随机名称生成器
- java - 函数而不是静态实用程序方法
- r - 如何在 r 中生成混合分布?
- google-cloud-platform - 数据流 - 状态持久性?
- angular - ASP .NET Core 中的 RDLC 报告,无需使用 webform 或其他 .NET Standard 项目
- sqlite - 可以在 cordova-sqlite-storage / ionic-native/sqlite 中更改页面大小、同步或其他 pragma 设置吗?
- javascript - 我可以从网络工作者的节点模块导入库吗?
- swift - macCatalyst 中的 SIGABRT “以下金属对象正在被破坏,但命令缓冲区仍需要其存活”