3.2.4.29.2 LDAP Bind

This task accepts as input the following:

• DomainControllerBindTarget: the name of the domain controller to bind to

• AccountNameForBind: the account name used for authentication on the bind

• PasswordForBind: the password used to authenticate (2) the bind

• Encrypt: specifies whether to set LDAP_OPT_ENCRYPT to LDAP_OPT_ON on the returned connection

• DisallowReferrals: specifies whether to set LDAP_OPT_REFERRALS to LDAP_OPT_OFF on the returned connection

Upon success, this task returns the following:

• NewADConnection: an ADCONNECTION_HANDLE ([MS-DTYP] section 2.2.2).

This task executes as follows:

1. The server invokes the "Initializing an ADConnection" task of [MS-ADTS] section 7.6.1.1 with the following parameters:

   • TaskInputTargetName: DomainControllerBindTarget

   • TaskInputPortNumber: 389

     Upon success, the result is stored in NewADConnection.

2. The server invokes the "Setting an LDAP option on an ADConnection" task ([MS-ADTS] section 7.6.1.2) with the following parameters:

   • TaskInputADConnection: NewADConnection

   • TaskInputOptionName: LDAP_OPT_AUTH_INFO

   • TaskInputOptionValue:

     • bindMethod: SASL, using the GSS-SPNEGO protocol ([MS-ADTS] section 3.1.1.3.4.5.2)

     • name: AccountNameForBind

     • password: PasswordForBind

3. The server invokes the "Setting an LDAP option on an ADConnection" task ([MS-ADTS] section 7.6.1.2) with the following parameters:

   • TaskInputADConnection: NewADConnection

   • TaskInputOptionName: LDAP_OPT_AREC_EXCLUSIVE

   • TaskInputOptionValue: TRUE

4. If Encrypt is equal to TRUE, the server invokes the "Setting an LDAP option on an ADConnection" task ([MS-ADTS] section 7.6.1.2) with the following parameters:

   • TaskInputADConnection: NewADConnection

   • TaskInputOptionName: LDAP_OPT_ENCRYPT

   • TaskInputOptionValue: LDAP_OPT_ON

5. If DisallowReferrals is equal to TRUE, the server invokes the "Setting an LDAP option on an ADConnection" task ([MS-ADTS] section 7.6.1.2) with the following parameters:

   • TaskInputADConnection: NewADConnection

   • TaskInputOptionName: LDAP_OPT_REFERRALS

   • TaskInputOptionValue: LDAP_OPT_OFF

6. The server invokes the "Establishing an ADConnection" task ([MS-ADTS] section 7.6.1.3) with the TaskInputADConnection parameter set to NewADConnection.

7. The server invokes the "Performing an LDAP Bind on an ADConnection" task ([MS-ADTS] section 7.6.1.4) with the TaskInputADConnection parameter set to NewADConnection.

8. Upon success, NewADConnection is returned to the caller. Otherwise, an error is returned.