I'm currently trying to implement GSSAPI support in a third-party LDAP library (the Common Lisp library trivial-ldap). I got it to work when authenticating to an AD server (using the mechanism GSS-SPNEGO) but when trying to talk to an OpenLDAP server I get an error reply from the server saying that the mechanism is not supported.
It turns out that OpenLDSP doesn't support GSS-SPNEGO, but instead wants GSSAPI. The protocol used to do GSSAPI authentication seems very different from GSS-SPNEGO, but my problem is that I can't figure out is what way.
Is there anyone that could assist in explaining how the GSS packets are supposed to be wrapped inside the SASL messages when using the mechanism GSSAPI?
I tried simply sending packets in the same form as GSS-SPNEGO, but when I do so the SASL handshake never ends. After the context has been created, I keep getting result code 14 (LDAP_SASL_BIND_IN_PROGRESS) as a response to anything I send.