ldap_sasl_bind_s with ISC_REQ_INTEGRITY as part of InitializeSecurityContext

[Peter Fernandez]

Hi,

I am trying to use the ldap_sasl_bind_s from Wldap32.dll and I am running
into a problem when using the ISC_REQ_INTEGRITY flag on the call to
InitializeSecurityContext.

The problem is that once the bind completes, any ldap_search_s requests
simply hang.

If I use ldap_sasl_bind_s without specifying ISC_REQ_INTEGRITY (when calling
InitializeSecurityContext) everything works OK - I can issue subsequent
ldap_search_s requests and these get the expected response.

I've wireshark'd the search and it looks like ldap_search_s is NOT packaging
the search in an appropriate SASL structure for Integrity.

FYI I am binding to AD on a Win2K3 Server from a Windows XP workstation, and
I am using Kerberos over GSSAPI during the ldap_sasl_bind_s.

Does anyone know what might be happening here? I suspect I'm missing some
flag, but I can't for the life of me figure out what it might\should
be.......

TIA

Pete