HELPLIB.HLB  —  LDAP  Authenticating
    The following functions are used to authenticate an LDAP client
    to an LDAP directory server.

    The ldap_sasl_bind() and ldap_sasl_bind_s()  functions can be
    used to do general and extensible authentication over LDAP
    through the use of the Simple Authentication Security Layer.
    The functions both take the DN to bind as, the method to use, as
    a dotted-string representation of an OID identifying the method,
    and a struct berval holding the credentials. The special constant
    value LDAP_SASL_SIMPLE (NULL) can be passed to request simple
    authentication, or the simplified functions ldap_simple_bind() or
    ldap_simple_bind_s() can be used.

      int ldap_sasl_bind(
              LDAP                                    *ld,
              const char                              *dn,
              const char                              *mechanism,
              const struct berval                     *cred,
              LDAPControl                             **serverctrls,
              LDAPControl                             **clientctrls,
              int                                     *msgidp
      );

      int ldap_sasl_bind_s(
              LDAP                                    *ld,
              const char                              *dn,
              const char                              *mechanism,
              const struct berval                     *cred,
              LDAPControl                             **serverctrls,
              LDAPControl                             **clientctrls,
              struct berval                           **servercredp
      );

      int ldap_simple_bind(
              LDAP                                    *ld,
              const char                              *dn,
              const char                              *passwd
      );

       int ldap_simple_bind_s(
              LDAP                                    *ld,
              const char                              *dn,
              const char                              *passwd
            );

    The use of the following functions is deprecated:

         int ldap_bind( LDAP *ld, char *dn, char *cred, int method );

         int ldap_bind_s( LDAP *ld, char *dn, char *cred, int method );

    Parameters are as follows:

    ld             The session handle.
    dn             The name of the entry to bind as.
    mechanism      Either LDAP_SASL_SIMPLE (NULL) to get simple
                   authentication, or a text string identifying the
                   SASL method.
    cred           The credentials with which to authenticate.
                   Arbitrary credentials can be passed using
                   this parameter. The format and content of
                   the credentials depends on the setting of the
                   mechanism parameter.
    passwd         For ldap_simple_bind(), the password to compare to
                   the entry's userPassword attribute.
    serverctrls    List of LDAP server controls.
    clientctrls    List of client controls.
    msgidp         This result parameter will be set to the message
                   id of the request if the ldap_sasl_bind() call
                   succeeds.
    servercredp    This result parameter will be filled in with the
                   credentials passed back by the server for mutual
                   authentication, if given. An allocated berval
                   structure is returned that should be disposed of
                   by calling ber_bvfree(). NULL may be passed to
                   ignore this field.

    Additional parameters for the deprecated functions are not
    described. See the RFC 1823 documentation for more information.

    The ldap_sasl_bind() function initiates an asynchronous bind
    operation and returns the constant LDAP_SUCCESS if the request
    was successfully sent or another LDAP error code if not. See
    Errors for more information about possible errors and how to
    interpret them. If successful, ldap_sasl_bind() places the
    message id of the request in *msgidp. A subsequent call to ldap_
    result() can be used to obtain the result of the bind.

    The ldap_simple_bind() function initiates a simple asynchronous
    bind operation and returns the message id of the operation
    initiated. A subsequent call to ldap_result() can be used to
    obtain the result of the bind. In case of error, ldap_simple_
    bind() will return -1, setting the session error parameters in
    the LDAP structure appropriately.

    The synchronous ldap_sasl_bind_s() and ldap_simple_bind_s()
    functions both return the result of the operation, either the
    constant LDAP_SUCCESS if the operation was successful, or another
    LDAP error code if it was not. See Errors for more information
    about possible errors and how to interpret them.

    Note that if an LDAP Version 2 server is contacted, no other
    operations over the connection should be attempted before a bind
    call has successfully completed.

    Subsequent bind calls can be used to reauthenticate over the
    same connection, and multistep SASL sequences can be accomplished
    through a sequence of calls to ldap_sasl_bind() or ldap_sasl_
    bind_s().
↶Back Close Help