Compartilhar via


ldap_bind_s (Compact 2013)

3/26/2014

This function is a synchronous function that authenticates a client to the LDAP server.

Syntax

ULONG ldap_bind_s(
  LDAP* ld,
  UNICODE PTCHAR dn,
  UNICODE PTCHAR cred,
  ULONG method
);

Parameters

  • ld
    [in] Session handle.
  • dn
    [in] Distinguished name of the entry used to bind.
  • cred
    [in] Credentials with which to authenticate. Arbitrary credentials can be passed using this parameter. The format and content of the credentials depend on the setting of the mechanism parameter. See the Remarks section for more information.
  • method
    [in] Indicates the authentication method to use. See the Remarks section for a listing of valid synchronous authentication methods. See the ldap_bind function for a description of the valid asynchronous authentication method.

Return Value

If this function succeeds, the return value is LDAP_SUCCESS.

If this function fails, it returns an error code. See the LDAP_RETCODE enumeration for a list of possible return values.

Remarks

The following table shows the authentication methods supported in the implementation of this function.

Authentication method

Description

Credential

LDAP_AUTH_NTLM

Windows NT LAN Manager

Set the dn parameter to NULL and pass in a pointer to a SEC_WINNT_AUTH_IDENTITY structure using the cred parameter.

LDAP_AUTH_NEGOTIATE

Generic security services (GSS) (Snego). Does not provide any authentication services. Instead GSS chooses the most appropriate authentication method from a list of available services and passes all authentication information on to that service.

To log in as the current user, set the dn and cred parameters to NULL. To log in as another user, pass a pointer to a SEC_WINNT_AUTH_IDENTITY structure with the appropriate user name and password.

For asynchronous bind authentication, use ldap_bind.

The bind operation identifies a client to the directory server by providing a distinguished name and some type of authentication credential, such as a password. The exact credentials are dependent on the authentication method being used.

In a multithreading environment, bind calls are not safe because they apply to the connection as a whole. Use caution if threads share connections and try to thread the bind operations with other operations.

The following code example shows how to identify a client to the directory server by using the bind operation.

Important

For readability, the following code example does not contain security checking or error handling. Do not use the following code in a production environment.

#include <windows.h>
#include <winldap.h>
#include <tchar.h>
LDAP *ld;
SEC_WINNT_AUTH_IDENTITY AuthId;
ULONG AuthMethod;
TCHAR szDomain[128] = _T("sample.domain.com");
TCHAR szUserName[128] = _T("admin");
TCHAR szPassword[128] = _T("adminpass");
// Set up AuthId for NTLM authentication
AuthId.User = _tcslen(szUserName) ? szUserName :  NULL;
AuthId.UserLength = _tcslen(szUserName);
AuthId.Domain = _tcslen(szDomain) ? szDomain :  NULL;
AuthId.DomainLength = _tcslen(szDomain);
AuthId.Password = _tcslen(szPassword) ? szPassword :  NULL;
AuthId.PasswordLength = _tcslen(szPassword);
#ifdef UNICODE
AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
#else
AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
#endif
AuthMethod = LDAP_AUTH_NTLM;
if( (ld = ldap_init( _T("server.sample.domain.com"), 389 )) == NULL )
{
    // Error
}
ldap_bind_s( ld, NULL, (TCHAR *) &AuthId, AuthMethod );

Requirements

Header

winldap.h

Library

wldap32.lib

See Also

Reference

LDAP Session Functions
ldap_bind
ldap_simple_bind_s