|
LDAP Library Functions | ldap_bind(3LDAP) |
| ldap_bind, ldap_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_set_rebind_proc - LDAP bind functions |
SYNOPSIS
|
cc [ flag... ] file... -lldap[ library... ]
#include <lber.h>
#include <ldap.h> int ldap_bind(LDAP *ld, char *who, char *cred, int method); |
| int ldap_bind_s(LDAP *ld, char *who, char *cred, int method); |
| int ldap_simple_bind(LDAP *ld, char *who, char *passwd); |
| int ldap_simple_bind_s(LDAP *ld, char *who, char *passwd); |
| int ldap_unbind(LDAP *ld); |
| int ldap_unbind_s(LDAP *ld); |
| int ldap_unbind_ext(LDAP *ld, LDAPControl **serverctrls, LDAPControl **clientctrls); |
| void ldap_set_rebind_proc(LDAP *ld, int (*rebindproc); |
| int ldap_sasl_bind(LDAP *ld, char *dn, char *mechanism, struct berval **serverctrls, LDAPControl **clientctrls, int *msgidp); |
| int ldap_sasl_bind_s(LDAP *ld, char *dn, char *mechanism, struct berval *cred, LDAPControl **serverctrls, LDAPControl **clientctrls); |
|
These functions provide various interfaces to the LDAP bind operation. After a connection is made to an LDAP server using ldap_open(3LDAP), an LDAP bind operation must be performed
before other operations can be attempted over the conection. Both synchronous and asynchronous versions of each variant of the bind call are provided. There are three types of bind calls, simple authentication, kerberos authentication, and general functions. All LDAP bind functions take ld as their first parameter, which is returned from ldap_open(3LDAP).
Simple Authentication
|
The simplest
form of the bind call is ldap_simple_bind_s(). It takes the DN to bind as in who, and the userPassword associated with the entry in passwd. It returns an LDAP error code. See ldap_error(3LDAP). The ldap_simple_bind() call is asynchronous. It takes the same parameters but only initiates the bind operation and returns the message id of the request it sent. You can obtain the result
of the operation by a subsequent call to ldap_result(3LDAP).
|
General Authentication
|
Use the ldap_bind() and ldap_bind_s() functions when the authentication method to use needs to be selected at runtime. Both functions take an extra method parameter that selects the authentication method to use. It should be set to LDAP_AUTH_SIMPLE to select simple authentication. ldap_bind() returns the message id of the request it initiates. ldap_bind_s() returns an LDAP error code.
The ldap_sasl_bind() and ldap_sasl_bind_s() functions are used for general and extensible authentication over LDAP through the use of the Simple Authentication Security Layer. The routines both take the dn to bind as the method to use. A dotted-string representation
of an OID identifies the method, and a struct berval holds the credentials. The special constant value LDAP_SASL_SIMPLE ("") can be passed to request simple authentication, or the simplified routines ldap_simple_bind() or ldap_simple_bind_s() can be use.
|
Unbinding
|
The ldap_unbind()
call is used to unbind from the directory, terminate the current association, and free the resources contained in the ld structure. Once it is called, the connection to the LDAP server is closed, and the ld structure is invalid. The ldap_unbind_s() call is just another name for ldap_unbind(). Both of these calls are synchronous in nature.
The ldap_unbind_ext() function unbinds from the directory, terminates the current association, and frees the resources contained in the LDAP structure. Unlike ldap_unbind() and ldap_unbind_s(), you can explicitly include both server and client
controls with the with ldap_unbind_ext() request. Since there is no server reponse to an unbind request, you will not receive a response from a server control that is included with the unbind request.
|
Rebinding While Following Referral
|
The ldap_set_rebind_proc() call is used to set a function that will be called back to obtain bind credentials used when a new server is contacted following an LDAP referral. If ldap_set_rebind_proc() is never called, or if it is called with a NULL rebindproc parameter, an unauthenticated simple LDAP bind will always be done when chasing referrals.
rebindproc() should be a function that is declared like this:
|
int rebindproc(LDAP *ld, char **whop, char **credp,
int *methodp, int freeit);
|
The LDAP library will first call the rebindproc() to obtain the referral bind credentials, and the freeit parameter will be zero. The whop, credp, and methodp should be
set as appropriate. If rebindproc() returns LDAP_SUCCESS, referral processing continues, and the rebindproc() will be called a second time with freeit non-zero to give your application a chance to free any memory
allocated in the previous call.
If anything but LDAP_SUCCESS is returned by the first call to rebindproc(), then referral processing is stopped, and that error code is returned for the original LDAP operation.
|
|
|
Asynchronous functions will return -1 in case of error. See ldap_error(3LDAP) for more information on error codes returned.. If no credentials are returned,
the result parameter is set to NULL.
|
|
See attributes(5) for a description of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWcsl (32-bit) |
| SUNWcslx (64-bit) |
Stability Level | Evolving |
|
| |