ldap_sasl_bind_s

Synchronously authenticates the specified client to the LDAP server using a Simple Authentication Security Layer (SASL).

LDAP Version:v3
Library:*ldapsdk.*
NDS Version:7.xx or higher
Platform:NLM, Windows (NT, 95, 98, 2000, XP, Vista 32-bit and 64-bit ), Linux (32-bit and 64-bit), Solaris, AIX, and HP-UX

Syntax

  #include <ldap.h>
  
  int ldap_sasl_bind_s (
     LDAP                  *ld,
     const char            *dn,
     const char            *mechanism,
     const struct berval   *cred,
     LDAPControl          **serverctrls,
     LDAPControl          **clientctrls,
     struct berval        **servercredp);

Parameters

ld

(IN) Points to the handle for the LDAP session.

dn

(IN) Points to the distinguished name of the entry who is authenticating.

mechanism

(IN) Points to the method to use for authentication, either

  • LDAP_SASL_SIMPLE (NULL) for simple authentication

  • A dotted-string representation of the OID identifying the SASL method

cred

(IN) Points to the credentials with which to authenticate.

serverctrls

(IN) Points to a list of server controls. Use NULL to specify no server controls.

clientctrls

(IN) Points to a list of client controls. Use NULL to specify no client controls.

servercredp

(OUT) Points to the credentials passed back by the server for mutual authentication. The berval structure must be freed by calling the ber_bvfree function. To ignore this parameter, set it to NULL.

Return Values

0x00

LDAP_SUCCESS

Non-zero

Failure. For a complete list, see LDAP Return Codes.

0x54

LDAP_DECODING_ERROR

0x59

LDAP_PARAM_ERROR

0x5A

LDAP_NO_MEMORY

0x5C

LDAP_NOT_SUPPORTED

Remarks

The LDAP_OPT_NETWORK_TIMEOUT option (set by calling ldap_set_option) enables you to set a timeout for the initial connection to a server. If no timeout is set, timeout depends upon the underlying socket timeout setting of the operating system.

Using the connection timeout, you can also specify multiple hosts separated by spaces in a bind call, then use a timeout to determine how long your application will wait for an initial response before attempting a connection to the next host in the list.

Passing NULL for the ld parameter of ldap_set_option sets this timeout as the default connection timeout for subsequent session handles created with ldap_init or ldapssl_init. To clear the timeout pass NULL for the invalue parameter of ldap_set_option.

A connection timeout will cause an LDAP_SERVER_DOWN error (81) "Can't contact LDAP server".

See Also

ldap_sasl_bind