<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">Hi,<br>

      <br>

      SASL-GSSAPI support is mostly a matter of Apache Directory API.

      That is the LDAP API that the connector is using. I'm not entirely

      sure whether the API supports SASL-GSSAPI. What I can tell for

      sure is that I'm not aware of any midPoint deployment that is

      using that. Anyway, even if it is supported by the directory API

      it was never tested with midPoint LDAP connector. Therefore it is

      likely that some connector code changes will be needed. And from

      my experience there is a slight chance that even Apache Directory

      API changes might be needed to fully support your use-case. We

      will gladly accept pull request in case you have the capacity to

      make the code changes. Otherwise I can recommend to purchase

      midPoint platform subscription which is designed to address such

      issues.<br>

      <br>

      <pre class="moz-signature" cols="72">-- 

Radovan Semancik

Software Architect

evolveum.com

</pre>

      <br>

      <br>

      On 01/03/2018 12:02 AM, Christopher Hoskin wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAEjvcd9h_78jU7TG8FJHDEw4z0UHNFLbG7Mq0HeTNGDOkUCtbw@mail.gmail.com">

      <div dir="ltr">

        <div>

          <div>

            <div>According to the documentation [1], the LDAP Connector

              should support SASL-GSSAPI as an authentication type.<br>

              <br>

            </div>

            I was wondering if this has actually been implemented?

            Looking at the code [2],[3], it's not obvious to me that

            setting authenticationType to SASL-GSSAPI actually has any

            affect. From a quick scan of [4], I was expecting to find a

            call to bindSaslGssApi or bindSasl.<br>

            <br>

          </div>

          Is the use of this authenticationType documented anywhere?<br>

          <br>

        </div>

        Thanks.<br>

        <div>

          <div>

            <div><br>

              [1] <a

href="https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Migration"

                moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/LDAP+Connector+Migration</a><br>

              [2] <a

href="https://github.com/Evolveum/connector-ldap/search?l=Java&q=sasl"

                moz-do-not-send="true">https://github.com/Evolveum/connector-ldap/search?l=Java&q=sasl</a><br>

              [3] <a

href="https://github.com/Evolveum/connector-ldap/search?l=Java&q=authenticationType"

                moz-do-not-send="true">https://github.com/Evolveum/connector-ldap/search?l=Java&q=authenticationType</a><br>

              [4] <a

                href="http://directory.apache.org/api/user-guide/5.3-sasl-bind.html"

                moz-do-not-send="true">http://directory.apache.org/api/user-guide/5.3-sasl-bind.html</a><br>

              <br>

            </div>

            <div>Christopher Hoskin<br>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

midPoint mailing list

<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>

<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>

</pre>

    </blockquote>

    <br>

    <br>

  </body>

</html>