Platform SDK: Active Directory, ADSI, and Directory Services |
The ldap_bind_s is a synchronous function that authenticates a client to the LDAP server.
ULONG ldap_bind_s( LDAP* ld, PCHAR dn, PCHAR cred, ULONG method );
If the function succeeds, the return value is LDAP_SUCCESS.
If the function fails, it returns an error code. See Return Values for more information.
The implementation of ldap_bind_s supports the following authentication methods:
Authentication Method | Description | Credential |
---|---|---|
LDAP_AUTH_DPA | Distributed password authentication (used by Microsoft® Membership System) | |
LDAP_AUTH_MSN | Microsoft® Network Authentication Service | |
LDAP_AUTH_NEGOTIATE | Generic security services (GSS) (Snego). Does not provide any authentication services, instead chooses the most appropriate authentication method from a list of available services and passes all authentication information on to that service. Use with Windows® 2000 | To log in as the current user, set the dn and cred parameters to NULL. To log in as another user, pass a pointer to a SEC_WINNT_AUTH_IDENTITY structure with the appropriate user name and password. |
LDAP_AUTH_NTLM | Windows NT® LAN Manager | An array of strings containing the domain name, the user name, and the encrypted password. |
LDAP_AUTH_SICILY | Covers package negotiation to MSN servers. | |
LDAP_AUTH_SSPI | This constant is obsolete and is included for backward compatibility only. Using this constant selects GSS (Snego) negotiation service. |
For asynchronous bind authentication, use LDAP_AUTH_SIMPLE with ldap_bind.
The bind operation identifies a client to the directory server by providing a distinguished name and some type of authentication credential, such as a password. The exact credentials are dependent on the authentication method being used. If you pass in NULL for the credentials with ldap_bind_s() (non-simple), the current user's/service's credentials will be used. If a simple bind method (as in ldap_simple_bind_s) is specified, it is equivalent to a NULL plain text password. For more information, see ldap_bind.
Note that LDAP 2 servers require an application to bind before attempting any other operations that require authentication.
Multithreading: Bind calls are not safe because they apply to the connection as a whole. Use caution if threads share connections and try to thread the bind operations with other operations.
Windows NT/2000: Requires Windows NT 4.0 or later.
Windows 95/98: Requires Windows 95 or later.
Header: Declared in Winldap.h.
Functions, ldap_bind, ldap_simple_bind_s, Return Values, SEC_WINNT_AUTH_IDENTITY