LDAP/SASL客户端“;无法规范化用户并获取auxprops“;
我正在尝试对LDAP/AD服务器进行一些简单的用户名/密码身份验证。为了测试我的代码,我在本地Ubuntu 18.04上设置了一个openLDAP服务器。该应用程序基于Qt5.12,但这不会有太大影响 我的目标是获得一些对系统配置依赖性最小的包装器 要进行身份验证,我尝试了以下代码:LDAP/SASL客户端“;无法规范化用户并获取auxprops“;,ldap,openldap,pam,sasl,Ldap,Openldap,Pam,Sasl,我正在尝试对LDAP/AD服务器进行一些简单的用户名/密码身份验证。为了测试我的代码,我在本地Ubuntu 18.04上设置了一个openLDAP服务器。该应用程序基于Qt5.12,但这不会有太大影响 我的目标是获得一些对系统配置依赖性最小的包装器 要进行身份验证,我尝试了以下代码: int main(int argc, char *argv[]) { qDebug() << "starting"; QCoreApplication a(argc,
int main(int argc, char *argv[])
{
qDebug() << "starting";
QCoreApplication a(argc, argv);
auto* testInst = new ldap_wrapper("ldap:///localhost");
try {
testInst->init();
testInst->authenticate("manager", "manager!");
} catch (char* e) {
qDebug() << "Error: " << e;
}
return a.exec();
}
void ldap_wrapper::authenticate(QString username, QString password) {
this->username = username;
this->password = password;
qDebug() << "starting bind";
int err = ldap_sasl_interactive_bind_s
(
this->handle,
nullptr, // const char * dn
nullptr, // pass null as mechs list, mech negotiated with server.
nullptr, // LDAPControl * sctrls[]
nullptr, // LDAPControl * cctrls[]
LDAP_SASL_QUIET, // unsigned flags
ldapexample_sasl_interact, // LDAP_SASL_INTERACT_PROC * interact
this // void* accessable in callback, we pass ourself.
);
if (err != LDAP_SUCCESS)
{
fprintf(stderr, "ldap_sasl_interactive_bind_s(): %s\n", ldap_err2string(err));
char* errmsg;
ldap_get_option(this->handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&errmsg);
fprintf(stderr, "ldap_sasl_interactive_bind_s(): %s\n", errmsg);
ldap_memfree(errmsg);
}
}
int ldap_wrapper::ldapexample_sasl_interact(LDAP * ld, unsigned flags, void * defaults, void * sin) {
ldap_wrapper * ldap_inst;
sasl_interact_t * interact;
if (!(ld))
return(LDAP_PARAM_ERROR);
if (!(defaults))
return(LDAP_PARAM_ERROR);
if (!(sin))
return(LDAP_PARAM_ERROR);
switch(flags)
{
case LDAP_SASL_AUTOMATIC:
case LDAP_SASL_INTERACTIVE:
case LDAP_SASL_QUIET:
default:
break;
};
ldap_inst = (ldap_wrapper*)defaults;
for(interact = (sasl_interact_t*)sin; (interact->id != SASL_CB_LIST_END); interact++)
{
qDebug() << "Callback fired";
interact->result = NULL;
interact->len = 0;
switch(interact->id)
{
case SASL_CB_GETREALM:
qDebug() << "realm";
interact->result = ldap_inst->realm.toStdString().c_str();
interact->len = (unsigned)ldap_inst->realm.length();
break;
case SASL_CB_AUTHNAME:
qDebug() << "auth";
case SASL_CB_USER:
qDebug() << "username";
interact->result = ldap_inst->username.toStdString().c_str();
interact->len = (unsigned)ldap_inst->username.length();
break;
case SASL_CB_PASS:
qDebug() << "password";
interact->result = ldap_inst->password.toStdString().c_str();
interact->len = (unsigned)ldap_inst->password.length();
break;
case SASL_CB_NOECHOPROMPT:
qDebug() << "SASL Data: SASL_CB_NOECHOPROMPT";
break;
case SASL_CB_ECHOPROMPT:
qDebug() << "SASL Data: SASL_CB_ECHOPROMPT";
break;
default:
qDebug() << "SASL Data: unknown option: %lu", interact->id;
break;
};
};
return(LDAP_SUCCESS);
}
我试着读了几个小时的人的ldap和谷歌,但仍然完全不知道是什么导致了这个结果
starting bind
Callback fired
username
Callback fired
auth
username
Callback fired
password
ldap_sasl_interactive_bind_s(): Insufficient access
ldap_sasl_interactive_bind_s(): SASL(-14): authorization failure: unable to canonify user and get auxprops