winldap，Qt，ldap_search_ext_s在ldap_sasl_bind_s之后返回“操作错误”

Question

I am trying to search on an openldap server using the winldap library in Qt on windows. The response I get is (replaced the values with "some*"):

"LDAP using normal connection to ldap://someip:someport" [10:37:30][Debug]"Connected to LDAP successfully" [10:37:30][Debug]"base:ou=someou,dc=somedc,dc=someotherdc, scope:1, filter:(objectClass=*)" [10:37:30][Warning]"Failed to search entries in LDAP server: Operations Error"

The server has the following error:

Jan 21 05:38:35 someservername slapd[2348]: connection_operation: error: SASL bind in progress (tag=99).
Jan 21 05:38:35 someservername slapd[2348]: connection_operation: error: SASL bind in progress (tag=66).

The code responible for the connection is:

int LdapInstance::connectToServer()
{
int ret = -1;
int ldapVersion = LDAP_VERSION3;

if(!access.isValid())
{
    qWarning() << QString("Failed to bind LDAP server. Access information invalid");
    lastErrorString = QString("Access information invalid");

    return -4;
}

QString uri;

if(access.useSsl())
{
    uri = QString("ldaps://%1:%2").arg(access.getServer()).arg(access.getPort());
    qDebug() << QString("LDAP using TLS connection to %1").arg(uri);
}
else
{
    uri = QString("ldap://%1:%2").arg(access.getServer()).arg(access.getPort());
    qDebug() << QString("LDAP using normal connection to %1").arg(uri);
}

ld = ldap_init((const PWCHAR)access.getServer().utf16(), access.getPort());

if(ld == NULL)
{
    qWarning() << QString("Failed to init LDAP instance: %1").arg(QString::fromWCharArray(ldap_err2string(ret)));
    lastErrorString = QString::fromWCharArray(ldap_err2string(ret));

    return -1;
}

if((ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldapVersion)) != LDAP_SUCCESS)
{
    qWarning() << QString("Failed to set LDAP option: %1").arg(QString::fromWCharArray(ldap_err2string(ret)));
    lastErrorString = QString::fromWCharArray(ldap_err2string(ret));

    return -2;
}

if((ret = ldap_connect(ld, NULL)) != LDAP_SUCCESS)
{
    qWarning() << QString("Failed to connect to LDAP instance: %1").arg(QString::fromWCharArray(ldap_err2string(ret)));
    lastErrorString = QString::fromWCharArray(ldap_err2string(ret));

    return -1;
}

struct berval cred;
cred.bv_len = access.getPasswd().length();
cred.bv_val = (const PCHAR)access.getPasswd().utf16();

if(( ret = ldap_sasl_bind_s(ld,
                            (const PWCHAR)access.getLoginDn().utf16(),
                            L"DIGEST-MD5",
                            &cred,
                            NULL,
                            NULL,
                            NULL)) != LDAP_SUCCESS)
{
    qWarning() << QString("Failed to bind LDAP server %1: %2").arg(access.getLoginDn()).arg(QString::fromWCharArray(ldap_err2string(ret)));
    lastErrorString = QString::fromWCharArray(ldap_err2string(ret));

    return -3;
}

qDebug() << QString("Connected to LDAP successfully");

return 0;
}

The search funktion is:

QList<SimpleFriend *> LdapInstance::getSimpleFriendsByGroup(const QString &group, int *response)
{
Q_ASSERT(!group.isEmpty() && response);

LDAPMessage *message = NULL;

PWCHAR attrList[] = {
    L"displayName",
    L"givenName",
    L"sn",
    L"o",
    L"telephoneNumber",
    L"homePhone",
    L"mobile",
    NULL
};

QList<SimpleFriend *> simpleFrList;

int ret = connectToServer();

if(ret != 0)
{
    qWarning() << QString("Failed to get simple friend list from LDAP server. Connection failed.");
    *response = ret;

    return simpleFrList;
}

QString base = QString("%1,%2").arg(group).arg(access.getBaseDc());

qDebug() << QString("base:%1, scope:%2, filter:%3")
            .arg(base)
            .arg(LDAP_SCOPE_ONELEVEL)
            .arg(access.getSearchFilter());

// HERE BE DRAGONS =(
if((ret = ldap_search_ext_s(ld,
                            (const PWCHAR)base.utf16(),
                            LDAP_SCOPE_ONELEVEL,
                            (const PWCHAR)access.getSearchFilter().utf16(),
                            NULL,//attrList,
                            0,
                            NULL,
                            NULL,
                            NULL,
                            0,
                            &message)) != LDAP_SUCCESS)
{
    qWarning() << QString("Failed to search entries in LDAP server: %1").arg(QString::fromWCharArray(ldap_err2string(ret)));
    lastErrorString = QString::fromWCharArray(ldap_err2string(ret));
    *response = ret;

    closeConnection();
    return simpleFrList;
}

//... some processing

ldap_msgfree(message);
closeConnection();
*response = 0;

return simpleFrList;
}

I do not know what I am doing wrong. I am converting everything to PCHAR and PWCHAR before passing it to winldap functions.

I ported this to windows from my Linux implementation using the openldap library (There everything workes fine... naturally =))

Could it be that server is requireing some additional information to fully bind? ... but what?

Please help me... Would save my day.

Answer 1

The errormessage from winldap is not verry good. Turns out you will need to aktivate sasl on the LDAP server =). In addition winldap needs you to implement the sasl handshake yourself.