Platform SDK: Active Directory, ADSI, and Directory Services

ldap_bind_s

The ldap_bind_s is a synchronous function that authenticates a client to the LDAP server.

ULONG ldap_bind_s(
  LDAP* ld,
  PCHAR dn,
  PCHAR cred,
  ULONG method
);

Parameters

ld
[in] The session handle.
dn
[in] The distinguished name of the entry used to bind.
cred
[in] The credentials with which to authenticate. Arbitrary credentials can be passed using this parameter. The format and content of the credentials depends on the setting of the mechanism parameter. See Remarks for more information.
method
[in] Indicates the authentication method to use. See the Remarks section for a listing of valid synchronous authentication methods. See ldap_bind for a description of the valid asychronous authentication method.

Return Values

If the function succeeds, the return value is LDAP_SUCCESS.

If the function fails, it returns an error code. See Return Values for more information.

Remarks

The implementation of ldap_bind_s supports the following authentication methods:

Authentication Method Description Credential
LDAP_AUTH_DPA Distributed password authentication (used by Microsoft® Membership System)
LDAP_AUTH_MSN Microsoft® Network Authentication Service
LDAP_AUTH_NEGOTIATE Generic security services (GSS) (Snego). Does not provide any authentication services, instead chooses the most appropriate authentication method from a list of available services and passes all authentication information on to that service. Use with Windows® 2000 To log in as the current user, set the dn and cred parameters to NULL. To log in as another user, pass a pointer to a SEC_WINNT_AUTH_IDENTITY structure with the appropriate user name and password.
LDAP_AUTH_NTLM Windows NT® LAN Manager An array of strings containing the domain name, the user name, and the encrypted password.
LDAP_AUTH_SICILY Covers package negotiation to MSN servers.
LDAP_AUTH_SSPI This constant is obsolete and is included for backward compatibility only. Using this constant selects GSS (Snego) negotiation service.

For asynchronous bind authentication, use LDAP_AUTH_SIMPLE with ldap_bind.

The bind operation identifies a client to the directory server by providing a distinguished name and some type of authentication credential, such as a password. The exact credentials are dependent on the authentication method being used. If you pass in NULL for the credentials with ldap_bind_s() (non-simple), the current user's/service's credentials will be used. If a simple bind method (as in ldap_simple_bind_s) is specified, it is equivalent to a NULL plain text password. For more information, see ldap_bind.

Note that LDAP 2 servers require an application to bind before attempting any other operations that require authentication.

Multithreading: Bind calls are not safe because they apply to the connection as a whole. Use caution if threads share connections and try to thread the bind operations with other operations.

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Windows 95/98: Requires Windows 95 or later.
  Header: Declared in Winldap.h.

See Also

Functions, ldap_bind, ldap_simple_bind_s, Return Values, SEC_WINNT_AUTH_IDENTITY

Built on Tuesday, February 08, 2000