NAME
ldapbind, ldapbinds, ldapsimplebind, ldapsimplebinds, ldapker-
berosbinds, ldapkerberosbind1, ldapkerberosbind1s, ldapker-
berosbind2, ldapkerberosbind2s, ldapsaslbind, ldapsaslbinds, ldapsaslinteractivebinds, ldapparsesaslbindresult, ldapunbind,ldapunbinds - LDAP bind routines
LLIIBBRRAARRYYOpenLDAP LDAP (libldap, -lldap)
SYNOPSIS
##iinncclluuddee <
iinntt llddaappbbiinndd((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who,, ccoonnsstt cchhaarr **cred,, iinntt method));; iinntt llddaappbbiinnddss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who,, ccoonnsstt cchhaarr **cred,, iinntt method));; iinntt llddaappssiimmpplleebbiinndd((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who,, ccoonnsstt cchhaarr **passwd));; iinntt llddaappssiimmpplleebbiinnddss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who,, ccoonnsstt cchhaarr **passwd));; iinntt llddaappkkeerrbbeerroossbbiinnddss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who));; iinntt llddaappkkeerrbbeerroossbbiinndd11((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who));; iinntt llddaappkkeerrbbeerroossbbiinndd11ss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who));; iinntt llddaappkkeerrbbeerroossbbiinndd22((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who));; iinntt llddaappkkeerrbbeerroossbbiinndd22ss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **who));; iinntt llddaappssaassllbbiinndd((LLDDAAPP **ld,, ccoonnsstt cchhaarr **dn,, ccoonnsstt cchhaarr **mechanism,, ssttrruucctt bbeerrvvaall **cred,, LLDDAAPPCCoonnttrrooll **sctrls[[]],, LLDDAAPPCCoonnttrrooll **cctrls[[]],, iinntt **msgidp));; iinntt llddaappssaassllbbiinnddss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **dn,, ccoonnsstt cchhaarr **mechanism,, ssttrruucctt bbeerrvvaall **cred,, LLDDAAPPCCoonnttrrooll **sctrls[[]],, LLDDAAPPCCoonnttrrooll **cctrls[[]],, ssttrruucctt bbeerrvvaall ****servercredp));; iinntt llddaappppaarrsseessaassllbbiinnddrreessuulltt((LLDDAAPP **ld,, LLDDAAPPMMeessssaaggee **res,, ssttrruucctt bbeerrvvaall ****servercredp,, iinntt freeit));; iinntt llddaappssaasslliinntteerraaccttiivveebbiinnddss((LLDDAAPP **ld,, ccoonnsstt cchhaarr **dn,, ccoonnsstt cchhaarr **mechs,, LLDDAAPPCCoonnttrrooll **sctrls[[]],, LLDDAAPPCCoonnttrrooll **cctrls[[]],, uunnssiiggnneedd flags,, LLDDAAPPSSAASSLLIINNTTEERRAACCTTPPRROOCC **interact,, vvooiidd **defaults));; iinntt llddaappuunnbbiinndd((LLDDAAPP **ld));; iinntt llddaappuunnbbiinnddss((LLDDAAPP **ld));;> DESCRIPTION
These routines provide various interfaces to the LDAP bind operation. After an association with an LDAP server is made using llddaappiinniitt(3), an LDAP bind operation should be performed before other operations are attempted over the connection. An LDAP bind is required when using Version 2 of the LDAP protocol; it is optional for Version 3 but is usually needed due to security considerations. There are many types of bind calls, providing simple authentication, Kerberos version 4 authentication, and general routines to do either one, as well as calls using SSAASSLL (Simple Authentication and SecurityLayer) that can negotiate one of many different kinds of authentica-
tion. Both synchronous and asynchronous versions of each variant ofthe bind call are provided. All routines take ld as their first param-
eter, as returned from llddaappiinniitt(3). Kerberos version 4 has been superseded by Kerberos version 5, and the Kerberos version 4 support is only provided for backward compatibility. The SASL interfaces should be used for new applications. SASL provides a general interface for using Kerberos versions 4 and 5 and many other security systems. SSIIMMPPLLEE AAUUTTHHEENNTTIICCAATTIIOONN The simplest form of the bind call is llddaappssiimmpplleebbiinnddss(()). It takes the DN to bind as in who, and the userPassword associated with the entry in passwd. It returns an LDAP error indication (see llddaappeerrrroorr(3)). The llddaappssiimmpplleebbiinndd(()) call is asynchronous, takingthe same parameters but only initiating the bind operation and return-
ing the message id of the request it sent. The result of the operation can be obtained by a subsequent call to llddaapprreessuulltt(3). KKEERRBBEERROOSS AAUUTTHHEENNTTIICCAATTIIOONN If the LDAP library and LDAP server being contacted have been compiled with the KERBEROS option defined, Kerberos version 4 authentication can be performed. As mentioned above, these Kerberos routines are provided only for backward compatibility. These routines assume the user already has obtained a ticket granting ticket. The routines take who, the DN of the entry to bind as. The llddaappkkeerrbbeerroossbbiinnddss(()) routine does both steps of the Kerberos bindingprocess synchronously. The llddaappkkeerrbbeerroossbbiinndd11ss(()) and llddaappkkeerr-
bbeerroossbbiinndd22ss(()) routines allow synchronous access to the individual steps, authenticating to the LDAP server and X.500 DSA, respectively. The llddaappkkeerrbbeerroossbbiinndd11(()) and llddaappkkeerrbbeerroossbbiinndd22(()) routines provide equivalent asynchronous access.The llddaappkkeerrbbeerroossbbiinnddss(()) routine is used to perform both authentica-
tion steps when contacting an LDAP server that is a gateway to an X.500 DSA. This kind of server configuration is only supported in the (very old) University of Michigan LDAP release. The OpenLDAP package nolonger provides this gateway server. The standalone LDAP server pro-
vided in OpenLDAP may still be configured with Kerberos version 4 sup-
port, but it only requires one authentication step, and will return anerror if the second step is attempted. Therefore, only the llddaappkkeerr-
bbeerroossbbiinndd11(()) routine or its synchronous equivalent may be used when contacting an OpenLDAP server. GGEENNEERRAALL AAUUTTHHEENNTTIICCAATTIIOONNThe llddaappbbiinndd(()) and llddaappbbiinnddss(()) routines can be used when the authen-
tication method to use needs to be selected at runtime. They both take an extra method parameter selecting the authentication method to use. It should be set to one of LDAPAUTHSIMPLE, LDAPAUTHKRBV41, orLDAPAUTHKRBV42, to select simple authentication, Kerberos authentica-
tion to the LDAP server, or Kerberos authentication to the X.500 DSA, respectively. llddaappbbiinndd(()) returns the message id of the request it initiates. llddaappbbiinnddss(()) returns an LDAP error indication. SSAASSLL AAUUTTHHEENNTTIICCAATTIIOONN Description still under construction... UUNNBBIINNDDIINNGG The llddaappuunnbbiinndd(()) call is used to unbind from the directory, terminate the current association, and free the resources contained in the ld structure. Once it is called, the connection to the LDAP server is closed, and the ld structure is invalid. The llddaappuunnbbiinnddss(()) call isjust another name for llddaappuunnbbiinndd(()); both of these calls are synchro-
nous in nature. EERRRROORRSSAsynchronous routines will return -1 in case of error, setting the
lderrno parameter of the ld structure. Synchronous routines return whatever lderrno is set to. See llddaappeerrrroorr(3) for more information.SEE ALSO
llddaapp(3), llddaappeerrrroorr(3), llddaappooppeenn(3), RRFFCC 22222222 (http://www.ietf.org), CCyyrruuss SSAASSLL (http://asg.web.cmu.edu/sasl/) AACCKKNNOOWWLLEEDDGGEEMMEENNTTSS OOppeennLLDDAAPP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). OOppeennLLDDAAPP is derived from University of Michigan LDAP 3.3 Release. OpenLDAP 2.2.19 2004/11/26 LDAPBIND(3)