Udostępnij za pośrednictwem

3.2.2.1.2.2 Bind Requests

  • Artykuł

Bind requests are used to connect and to authenticate the user to an LDAP directory. The CA MUST perform bind requests as follows:

  1. Invoke the "Setting an LDAP Option on an ADConnection" task ([MS-ADTS] section 7.6.1.2) once for each of the pairs of option and value parameters in the following table. For each of these, the TaskInputADConnection parameter is the ActiveDirectory_Connection.

    TaskInputOptionName

    TaskInputOptionValue

    LDAP_OPT_GETDSNAME_FLAGS

    Bitwise OR of the bits D, J and R as defined in [MS-NRPC] section 3.5.4.3.1

    LDAP_OPT_SIGN

    TRUE

    LDAP_OPT_REFFERALS

    If the Config_AD_Connection_Referral ADM element is FALSE, set to FALSE

    LDAP_OPT_PROTOCOL_VERSION

    2

  2. Invoke the "Performing an LDAP Bind on an ADConnection" task ([MS-ADTS] section 7.6.1.4) with the following parameter:

    TaskInputADConnection: ActiveDirectory_Connection

  3. If the TaskReturnStatus returned is not 0:

    • Repeat step 1 with the following modification:

      • TaskInputOptionName: LDAP_OPT_GETDSNAME_FLAGS

      • TaskInputOptionValue: Bitwise OR of the bits A, D, J, and R, as defined by [MS-NRPC] section 3.5.4.3.1.

    • Repeat step 2.

    • If the TaskReturnStatus returned is not 0, convert it to a 4-byte HRESULT value (errors are specified in [MS-ERREF] section 2.1) by performing the processing rules in section 3.2.2.1.7 with the following input parameters:

      • InputReturnStatus: TaskReturnStatus

      • InputResultMessage: NULL

        Return the OutputHRESULT output parameter to the client and exit.