Fatal编程技术网
  • ldap/
  • LDAP/SASL客户端“;无法规范化用户并获取auxprops“;

LDAP/SASL客户端“;无法规范化用户并获取auxprops“;

ldap

LDAP/SASL客户端“;无法规范化用户并获取auxprops“;,ldap,openldap,pam,sasl,Ldap,Openldap,Pam,Sasl,我正在尝试对LDAP/AD服务器进行一些简单的用户名/密码身份验证。为了测试我的代码,我在本地Ubuntu 18.04上设置了一个openLDAP服务器。该应用程序基于Qt5.12,但这不会有太大影响 我的目标是获得一些对系统配置依赖性最小的包装器 要进行身份验证,我尝试了以下代码: int main(int argc, char *argv[]) { qDebug() << "starting"; QCoreApplication a(argc,

我正在尝试对LDAP/AD服务器进行一些简单的用户名/密码身份验证。为了测试我的代码,我在本地Ubuntu 18.04上设置了一个openLDAP服务器。该应用程序基于Qt5.12,但这不会有太大影响

我的目标是获得一些对系统配置依赖性最小的包装器

要进行身份验证,我尝试了以下代码:

int main(int argc, char *argv[])
{
    qDebug() << "starting";
    QCoreApplication a(argc, argv);
    auto* testInst = new ldap_wrapper("ldap:///localhost");
    try {
        testInst->init();
        testInst->authenticate("manager", "manager!");
    } catch (char* e) {
        qDebug() << "Error: " << e;
    }

    return a.exec();
}


void ldap_wrapper::authenticate(QString username, QString password) {
    this->username = username;
    this->password = password;

    qDebug() << "starting bind";
    int err = ldap_sasl_interactive_bind_s
    (
     this->handle,
     nullptr,                       // const char              * dn
     nullptr,                       // pass null as mechs list, mech negotiated with server.
     nullptr,                       // LDAPControl             * sctrls[]
     nullptr,                       // LDAPControl             * cctrls[]
     LDAP_SASL_QUIET,               // unsigned                  flags
     ldapexample_sasl_interact,     // LDAP_SASL_INTERACT_PROC * interact
     this                           // void* accessable in callback, we pass ourself.
    );
    if (err != LDAP_SUCCESS)
    {
     fprintf(stderr, "ldap_sasl_interactive_bind_s(): %s\n", ldap_err2string(err));

     char* errmsg;
     ldap_get_option(this->handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&errmsg);
     fprintf(stderr, "ldap_sasl_interactive_bind_s(): %s\n", errmsg);
     ldap_memfree(errmsg);
    }
}

int ldap_wrapper::ldapexample_sasl_interact(LDAP * ld, unsigned flags, void * defaults, void * sin) {
    ldap_wrapper    * ldap_inst;
    sasl_interact_t * interact;

    if (!(ld))
        return(LDAP_PARAM_ERROR);

    if (!(defaults))
        return(LDAP_PARAM_ERROR);

    if (!(sin))
        return(LDAP_PARAM_ERROR);

    switch(flags)
    {
        case LDAP_SASL_AUTOMATIC:
        case LDAP_SASL_INTERACTIVE:
        case LDAP_SASL_QUIET:
        default:
        break;
    };

    ldap_inst = (ldap_wrapper*)defaults;

    for(interact = (sasl_interact_t*)sin; (interact->id != SASL_CB_LIST_END); interact++)
    {
        qDebug() << "Callback fired";
        interact->result = NULL;
        interact->len    = 0;
        switch(interact->id)
        {
         case SASL_CB_GETREALM:
            qDebug() << "realm";
            interact->result = ldap_inst->realm.toStdString().c_str();
            interact->len    = (unsigned)ldap_inst->realm.length();
            break;
         case SASL_CB_AUTHNAME:
            qDebug() << "auth";
         case SASL_CB_USER:
            qDebug() << "username";
            interact->result = ldap_inst->username.toStdString().c_str();
            interact->len    = (unsigned)ldap_inst->username.length();
            break;
         case SASL_CB_PASS:
            qDebug() << "password";
            interact->result = ldap_inst->password.toStdString().c_str();
            interact->len    = (unsigned)ldap_inst->password.length();
            break;
         case SASL_CB_NOECHOPROMPT:
            qDebug() << "SASL Data: SASL_CB_NOECHOPROMPT";
            break;
         case SASL_CB_ECHOPROMPT:
            qDebug() << "SASL Data: SASL_CB_ECHOPROMPT";
            break;
         default:
            qDebug() << "SASL Data: unknown option: %lu", interact->id;
            break;
        };
    };

    return(LDAP_SUCCESS);
}
我试着读了几个小时的人的ldap和谷歌,但仍然完全不知道是什么导致了这个结果

starting bind
Callback fired
username
Callback fired
auth
username
Callback fired
password
ldap_sasl_interactive_bind_s(): Insufficient access
ldap_sasl_interactive_bind_s(): SASL(-14): authorization failure: unable to canonify user and get auxprops