I am trying to write a small LDAP...

Articles and Tips: qna

01 Aug 2001

I am trying to write a small LDAP client that connects to a NetWare 5.1 server and retrieves information from it through LDAP. Establishing the connection to the server is successful, but my authentication keeps failing no matter what I try. This is the code that tries to authenticate:

if ( (rc = ldap_bind_s(ldap_ptr, L"CN=admin, OU=team, O=CORE", L"*****",
LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS)
{ 
wprintf(L"ldap_simple_bind_s failed
- %s\n, ldap_err2string(rc));
return 1;
}

The error code from the API resolves to "Strong Authentication Required." Any ideas about what I am doing wrong?

You do not have the LDAP server set to accept unencrypted passwords. You can either set that (it's a setting in the LDAP Server object in ConsoleOne), or change your code to do an SSL-enabled bind to the server (and of course make sure your LDAP server is configured to use SSL, also in ConsoleOne.)

To expand on this, it is easily done through Console- One. Find the LDAP Group object and open its properties. Under the General tab you will see a check box to allow clear text passwords. Check the box and click on the Apply button.

If you want to do it in LDAP, you need to set the "allowClearTextPasswords" attribute on the LDAP Group object associated with the LDAP server. To change this attribute, you'll need to do an SSL-enabled LDAP bind. You can do that with the LDAP SDK, but you'll need a certificate, which you'll have to go into ConsoleOne to export. While you're there, you might as well set the flag on the LDAP Group object.

If you want to do an authenticated bind to LDAP, hthis sslbind.c from the SDK examples shows you how:

/* $Novell: /ldap/src/cldap/samples/sslbind.c,v 1.4 2000/10/09 21:31:29
dsteck Exp $ */
/*************************************************************************
Copyright 1999, 2000, 2001 Novell, Inc.  All Rights Reserved.
With respect to this file, Novell hereby grants to Developer a
royalty-free, non-exclusive license to include this sample code
and derivative binaries in its product. Novell grants to Developer
worldwide distribution rights to market, distribute or sell this
sample code file and derivative binaries as a component of Developer's
product(s).  Novell shall have no obligations to Developer or
Developer's customers with respect to this code.
DISCLAIMER:
Novell disclaims and excludes any and all express, implied, and
statutory warranties, including, without limitation, warranties of
good title, warranties against infringement, and the implied warranties
of merchantability and fitness for a particular purpose.  Novell does
not warrant that the software will satisfy customer's requirements
or that the licensed works are without defect or erroror that the
operation of the software will be uninterrupted.  Novell makes no
warranties respecting any technical services or support tools provided
under the agreement, and disclaims all other warranties, including the
implied warranties of merchantability and fitness for a particular
purpose.
***************************************************************************
sslbind.c
***************************************************************************
Description: sslbind.c makes a ssl bind to the server
***************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include "ldap_ssl.h"
static char usage[] =
"\n Usage:   sslbind <host name> <port number> <login dn> <password>"
"\n\t<key file> \n"
"\n Example: sslbind Acme.com 636 cn=admin,o=Acme secret myKey.der\n";
void main(int argc, char *argv[])
{
int  rc, ldapPort;
char *ldapHost;
char *loginDN;
char *password;
char *keyFile;
LDAP *ld;
if (argc != 6)
{
printf("%s", usage); 
exit(1);
}
ldapHost = argv[1];
ldapPort = atoi(argv[2]);
loginDN = argv[3];
password = argv[4];
keyFile = argv[5];
/*
* initialize the ssl library
*/
rc = ldapssl_client_init( keyFile,
/* key file */ NULL ); /* reserverd,
just use NULL */
if (rc != LDAP_SUCCESS)
{
printf("ldapssl_client_init
error: %d\n", rc);
exit(1);
}
/*
* create a LDAP session handle that is enabled for ssl connection
*/
ld = ldapssl_init(/* host name */ ldapHost,
/* port number */ ldapPort, 
/* 0- clear text,1-enable for ssl*/ 1 ); 
1-enable for ssl*/
if (ld == NULL )
{
printf("ldapssl_init error\n" );
ldapssl_client_deinit();
exit(1);
}
rc = ldap_simple_bind_s( ld, 
loginDN, password);
if (rc != LDAP_SUCCESS )
{
printf("ldap_simple_bind_s error:
%s\n", ldap_err2string( rc ));
ldap_unbind_s( ld );
ldapssl_client_deinit();
exit(1);
}
printf("SSL bind successful\n");
ldap_unbind_s( ld );
/*
* Uninitialize the LDAP ssl library
*/
ldapssl_client_deinit();
}

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.