ldap_bind_s
A version of this page is also available for
4/8/2010
This function is a synchronous function that authenticates a client to the LDAP server.
Syntax
ULONG ldap_bind_s(
LDAP* ld,
UNICODE PTCHAR dn,
UNICODE PTCHAR cred,
ULONG method
);
Parameters
- ld
[in] Session handle.
- dn
[in] Distinguished name of the entry used to bind.
- cred
[in] Credentials with which to authenticate. Arbitrary credentials can be passed using this parameter. The format and content of the credentials depend on the setting of the mechanism parameter. See the Remarks section for more information.
- method
[in] Indicates the authentication method to use. See the Remarks section for a listing of valid synchronous authentication methods. See the ldap_bind function for a description of the valid asynchronous authentication method.
Return Value
If this function succeeds, the return value is LDAP_SUCCESS.
If this function fails, it returns an error code. See the LDAP_RETCODE enumeration for a list of possible return values.
Remarks
The following table shows the authentication methods supported in the implementation of this function.
Authentication method | Description | Credential |
---|---|---|
LDAP_AUTH_NTLM |
Microsoft Windows NT LAN Manager |
Set the dn parameter to NULL and pass in a pointer to a SEC_WINNT_AUTH_IDENTITY structure using the cred parameter. |
LDAP_AUTH_NEGOTIATE |
Generic security services (GSS) (Snego). Does not provide any authentication services. Instead GSS chooses the most appropriate authentication method from a list of available services and passes all authentication information on to that service. |
To log in as the current user, set the dn and cred parameters to NULL. To log in as another user, pass a pointer to a SEC_WINNT_AUTH_IDENTITY structure with the appropriate user name and password. |
For asynchronous bind authentication, use ldap_bind.
The bind operation identifies a client to the directory server by providing a distinguished name and some type of authentication credential, such as a password. The exact credentials are dependent on the authentication method being used.
In a multithreading environment, bind calls are not safe because they apply to the connection as a whole. Use caution if threads share connections and try to thread the bind operations with other operations.
The following code example shows how to identify a client to the directory server by using the bind operation.
#include <windows.h>
#include <winldap.h>
#include <tchar.h>
LDAP *ld;
SEC_WINNT_AUTH_IDENTITY AuthId;
ULONG AuthMethod;
TCHAR szDomain[128] = _T("sample.domain.com");
TCHAR szUserName[128] = _T("admin");
TCHAR szPassword[128] = _T("adminpass");
// Set up AuthId for NTLM authentication
AuthId.User = _tcslen(szUserName) ? szUserName : NULL;
AuthId.UserLength = _tcslen(szUserName);
AuthId.Domain = _tcslen(szDomain) ? szDomain : NULL;
AuthId.DomainLength = _tcslen(szDomain);
AuthId.Password = _tcslen(szPassword) ? szPassword : NULL;
AuthId.PasswordLength = _tcslen(szPassword);
#ifdef UNICODE
AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
#else
AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
#endif
AuthMethod = LDAP_AUTH_NTLM;
if( (ld = ldap_init( _T("server.sample.domain.com"), 389 )) == NULL )
{
// Error
}
ldap_bind_s( ld, NULL, (TCHAR *) &AuthId, AuthMethod );
Requirements
Header | winldap.h |
Library | wldap32.lib |
Windows Embedded CE | Windows CE .NET 4.0 and later |
Windows Mobile | Windows Mobile Version 5.0 and later |