DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

ldap_bind(3)



LDAP_BIND(3)           C LIBRARY FUNCTIONS           LDAP_BIND(3)

NAME

     ldap_bind,          ldap_bind_s,           ldap_simple_bind,
     ldap_simple_bind_s,                    ldap_kerberos_bind_s,
     ldap_kerberos_bind1,                  ldap_kerberos_bind1_s,
     ldap_kerberos_bind2,  ldap_kerberos_bind2_s, ldap_sasl_bind,
     ldap_sasl_bind_s,              ldap_sasl_interactive_bind_s,
     ldap_parse_sasl_bind_result,  ldap_unbind,  ldap_unbind_s  -
     LDAP bind routines

LIBRARY

     OpenLDAP LDAP (libldap, -lldap)

SYNOPSIS

     #include <ldap.h>

     int ldap_bind(LDAP *ld, const char *who, const char *cred
          int method);

     int ldap_bind_s(LDAP *ld, const char *who, const char *cred
          int method);

     int ldap_simple_bind(LDAP *ld, const char *who, const char *passwd

     int ldap_simple_bind_s(LDAP *ld, const char *who, const char *passwd

     int ldap_kerberos_bind_s(LDAP *ld, const char *who);

     int ldap_kerberos_bind1(LDAP *ld, const char *who);

     int ldap_kerberos_bind1_s(LDAP *ld, const char *who);

     int ldap_kerberos_bind2(LDAP *ld, const char *who);

     int ldap_kerberos_bind2_s(LDAP *ld, const char *who);

     int ldap_sasl_bind(LDAP *ld, const char *dn, const char *mechanism
          struct berval *cred, LDAPControl *sctrls[],
          LDAPControl *cctrls[], int *msgidp);

     int ldap_sasl_bind_s(LDAP *ld, const char *dn, const char *mechanism
          struct berval *cred, LDAPControl *sctrls[],
          LDAPControl *cctrls[], struct berval **servercredp);

     int ldap_parse_sasl_bind_result(LDAP *ld, LDAPMessage *res,
          struct berval **servercredp, int freeit);

     int ldap_sasl_interactive_bind_s(LDAP *ld, const char *dn,
          const char *mechs,
          LDAPControl *sctrls[], LDAPControl *cctrls[],
          unsigned flags, LDAP_SASL_INTERACT_PROC *interact,
          void *defaults);

OpenLDAP LDVERSION  Last change: RELEASEDATE                    1

LDAP_BIND(3)           C LIBRARY FUNCTIONS           LDAP_BIND(3)

     int ldap_unbind(LDAP *ld);

     int ldap_unbind_s(LDAP *ld);

DESCRIPTION

     These routines provide various interfaces to the  LDAP  bind
     operation.  After an association with an LDAP server is made
     using ldap_init(3), an LDAP bind operation  should  be  per-
     formed  before  other operations are attempted over the con-
     nection.  An LDAP bind is required when using Version  2  of
     the  LDAP protocol; it is optional for Version 3 but is usu-
     ally needed due to security considerations.

     There are many types of bind calls, providing simple authen-
     tication,  Kerberos  version  4  authentication, and general
     routines to do either one, as well as calls using SASL (Sim-
     ple  Authentication  and  Security Layer) that can negotiate
     one of many different kinds of  authentication.   Both  syn-
     chronous  and  asynchronous  versions of each variant of the
     bind call are provided.  All routines take ld as their first
     parameter, as returned from ldap_init(3).

     Kerberos version 4 has been superseded by  Kerberos  version
     5,  and  the Kerberos version 4 support is only provided for
     backward compatibility. The SASL interfaces should  be  used
     for  new applications. SASL provides a general interface for
     using Kerberos versions 4 and 5 and many other security sys-
     tems.

SIMPLE AUTHENTICATION

     The simplest form of the bind call is  ldap_simple_bind_s().
     It  takes  the  DN  to  bind as in who, and the userPassword
     associated with the entry in passwd.   It  returns  an  LDAP
     error      indication      (see     ldap_error(3)).      The
     ldap_simple_bind() call is  asynchronous,  taking  the  same
     parameters  but  only  initiating  the  bind  operation  and
     returning the message id of the request it sent.  The result
     of  the  operation  can  be obtained by a subsequent call to
     ldap_result(3).

KERBEROS AUTHENTICATION

     If the LDAP library and LDAP  server  being  contacted  have
     been  compiled  with  the  KERBEROS option defined, Kerberos
     version 4 authentication  can  be  performed.  As  mentioned
     above,  these  Kerberos routines are provided only for back-
     ward compatibility.

     These routines assume the user already has obtained a ticket
     granting ticket.  The routines take who, the DN of the entry
     to bind as.  The ldap_kerberos_bind_s()  routine  does  both
     steps  of  the  Kerberos binding process synchronously.  The
     ldap_kerberos_bind1_s() and ldap_kerberos_bind2_s() routines

OpenLDAP LDVERSION  Last change: RELEASEDATE                    2

LDAP_BIND(3)           C LIBRARY FUNCTIONS           LDAP_BIND(3)

     allow  synchronous access to the individual steps, authenti-
     cating to the LDAP server and X.500 DSA, respectively.   The
     ldap_kerberos_bind1()   and  ldap_kerberos_bind2()  routines
     provide equivalent asynchronous access.

     The ldap_kerberos_bind_s() routine is used to  perform  both
     authentication  steps when contacting an LDAP server that is
     a gateway to an X.500 DSA.  This kind of  server  configura-
     tion  is  only  supported  in  the  (very old) University of
     Michigan LDAP release.  The OpenLDAP package no longer  pro-
     vides  this gateway server.  The standalone LDAP server pro-
     vided in OpenLDAP may still be configured with Kerberos ver-
     sion  4  support,  but  it  only requires one authentication
     step, and will  return  an  error  if  the  second  step  is
     attempted.   Therefore,  only the ldap_kerberos_bind1() rou-
     tine or its synchronous equivalent may be used when contact-
     ing an OpenLDAP server.

GENERAL AUTHENTICATION

     The ldap_bind() and ldap_bind_s() routines can be used  when
     the  authentication  method  to  use needs to be selected at
     runtime.  They both take an extra method parameter selecting
     the  authentication  method to use.  It should be set to one
     of LDAP_AUTH_SIMPLE, LDAP_AUTH_KRBV41, or  LDAP_AUTH_KRBV42,
     to  select simple authentication, Kerberos authentication to
     the LDAP server, or Kerberos  authentication  to  the  X.500
     DSA,  respectively.   ldap_bind()  returns the message id of
     the request it initiates.   ldap_bind_s()  returns  an  LDAP
     error indication.

SASL AUTHENTICATION

     Description still under construction...

UNBINDING

     The ldap_unbind() call is used to unbind from the directory,
     terminate  the  current  association, and free the resources
     contained in the ld structure.  Once it is called, the  con-
     nection  to  the LDAP server is closed, and the ld structure
     is invalid.  The ldap_unbind_s() call is just  another  name
     for  ldap_unbind();  both  of these calls are synchronous in
     nature.

ERRORS

     Asynchronous routines will return -1 in case of error,  set-
     ting  the  ld_errno parameter of the ld structure.  Synchro-
     nous routines return  whatever  ld_errno  is  set  to.   See
     ldap_error(3) for more information.

SEE ALSO

     ldap(3),    ldap_error(3),    ldap_open(3),     RFC     2222
     (http://www.ietf.org),               Cyrus              SASL
     (http://asg.web.cmu.edu/sasl/)

OpenLDAP LDVERSION  Last change: RELEASEDATE                    3

LDAP_BIND(3)           C LIBRARY FUNCTIONS           LDAP_BIND(3)

ACKNOWLEDGEMENTS

     OpenLDAP is developed and maintained by The OpenLDAP Project
     (http://www.openldap.org/).    OpenLDAP   is   derived  from
     University of Michigan LDAP 3.3 Release.

OpenLDAP LDVERSION  Last change: RELEASEDATE                    4
Man(1) output converted with man2html