ldap_sasl_bind

Asynchronously authenticates the specified client to the LDAP server using a Simple Authentication Security Layer (SASL).

LDAP Version:v3
Library:*ldapsdk.*
NDS Version:7.xx or higher
Platform:NLM, Windows (NT, 95, 98, 2000, XP, Vista 32-bit and 64-bit ), Linux (32-bit and 64-bit), Solaris, AIX, and HP-UX

Syntax

  #include <ldap.h>
  
  int ldap_sasl_bind (
     LDAP                  *ld,
     const char            *dn,
     const char            *mechanism,
     const struct berval   *cred,
     LDAPControl          **serverctrls,
     LDAPControl          **clientctrls,
     int                   *msgidp);

Parameters

ld

(IN) Points to the handle for the LDAP session.

dn

(IN) Points to the distinguished name of the entry who is authenticating.

mechanism

(IN) Points to the method to use for authentication, either

  • LDAP_SASL_SIMPLE (NULL) for simple authentication

  • A dotted-string representation of the OID identifying the SASL method

cred

(IN) Points to the credentials with which to authenticate.

serverctrls

(IN) Points to a list of server controls. Use NULL to specify no server controls.

clientctrls

(IN) Points to a list of client controls. Use NULL to specify no client controls.

msgidp

(OUT) Points to the message ID of the request when the bind request succeeds.

Return Values

>0

Message ID of operation

-1

Failure

Remarks

The ldap_sasl_bind function is an asynchronous function and does not return the results directly. To obtain the results, call the ldap_parse_result function using the message ID in the msgidp parameter.

If you want the function to return the results directly, use the ldap_sasl_bind_s function.

If the ldap_sasl_bind function returns -1, check the LDAP_OPT_RESULT_CODE option in the LDAP handle for the error code.

The LDAP_OPT_NETWORK_TIMEOUT option (set by calling ldap_set_option) enables you to set a timeout for the initial connection to a server. If no timeout is set, timeout depends upon the underlying socket timeout setting of the operating system.

Using the connection timeout, you can also specify multiple hosts separated by spaces in a bind call, then use a timeout to determine how long your application will wait for an initial response before attempting a connection to the next host in the list.

Passing NULL for the ld parameter of ldap_set_option sets this timeout as the default connection timeout for subsequent session handles created with ldap_init or ldapssl_init. To clear the timeout pass NULL for the invalue parameter of ldap_set_option.

A connection timeout will cause an LDAP_SERVER_DOWN error (81) "Can't contact LDAP server".

See Also

ldap_sasl_bind_s, ldap_parse_sasl_bind_result