HP-UX Directory Server 8.1 plug-in reference

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Table Of Contents

slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,(void *)&bindpdesc ) != 0 ||

slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_BIND_FN,(void *) test_bind ) != 0 )

{

slapi_log_error( SLAPI_LOG_PLUGIN, "testbind_init" , "Failed to set

version and function\n" );

return( -1 );

}

return( 0 );

}

8.5.3.3 Registering the plug-in

To register the plug-in, add the following to the end of the

/etc/opt/dirsrv/slapd-instance_name/dse.ldif file:

dn: cn=Test Bind,cn=plugins,cn=config

objectClass: top

objectClass: nsSlapdPlugin

objectClass: extensibleObject

cn: Test Bind

nsslapd-pluginPath: \

/opt/dirsrv/devel/example/libtest-plugin.so

nsslapd-pluginInitfunc: testbind_init

nsslapd-pluginType: preoperation

nsslapd-pluginEnabled: on

nsslapd-plugin-depends-on-type: database

nsslapd-pluginId: test-bind

Refer to the following source file for an example of a preoperation plug-in function that handles

authentication:

/opt/dirsrv/devel/example/testbind.c

8.6 Using SASL with an LDAP client

If you intend to use SASL as the method for authenticating clients, you need to enable your LDAP

clients to use SASL.

In your client, call the ldap_sasl_bind() or ldap_sasl_bind_s() function to request

authentication using SASL. To parse credentials from an asynchronous SASL bind operation,

call ldap_parse_sasl_bind_result(). These functions are part of LDAP C SDK 3.0.

The syntax for these functions is listed below:

LDAP_API(int) LDAP_CALL ldap_sasl_bind( LDAP *ld, const char *dn, const char *mechanism,

struct berval *cred, LDAPControl **serverctrls, LDAPControl

**clientctrls, int *msgidp );

LDAP_API(int) LDAP_CALL ldap_sasl_bind_s( LDAP *ld, const char *dn, const

char *mechanism,

struct berval *cred, LDAPControl **serverctrls, LDAPControl

**clientctrls, struct berval **servercredp );

The parameters are described below:

• ld is the connection handle, which is a pointer to the LDAP structure containing information

about the connection to the LDAP server.

• dn is the distinguished name (DN) that your client is attempting to authenticate as.

• mechanism is the name of the SASL mechanism that you want to use for authentication

(the mechanism that you register in the initialization function for your server plug-in).

• cred is a pointer to the berval structure containing the credentials that you want to use

for authentication.

• serverctrls is a pointer to an array of LDAPControl structures representing the LDAPv3

server controls that you want passed to the server for the bind operation.

• clientctrls is a pointer to an array of LDAPControl structures representing the LDAPv3

client controls applicable to the bind operation.

78 Defining functions for authentication