#include <ldap.h>
void ldap_set_rebind_proc( LDAP *ld,
LDAP_REBINDPROC_CALLBACK *rebindproc, void *arg );
ld |
Connection handle, which is a pointer to an |
rebindproc | |
arg | Pointer to an additional argument that you want to pass to the rebind function. |
ldap_set_rebind_proc() function to specify the rebind function (the function called by the LDAP client when following a referral to a new LDAP server). This rebind function is responsible for obtaining the credentials used to authenticate to the new LDAP server.
For example, suppose LDAP server A sends a referral to your client. The referral points your client to LDAP server B. When automatically following the referral, your client calls the rebind function to obtain a DN and credentials; your client uses these to authenticate to server B.
By default, if you do not call ldap_set_rebind_proc() or if you pass NULL for the rebindproc argument, your client authenticates anonymously when following referrals.
The rebind function that you specify with ldap_set_rebind_proc() should have the following prototype:
int LDAP_CALL LDAP_CALLBACK rebindproc( LDAP *ld, char **dnp, char **passwdp, int *authmethodp, int freeit, void *arg );(
LDAP_CALL and LDAP_CALLBACK are used to set up calling conventions, such as Pascal calling conventions on Windows. These are defined in the lber.h header file.)
LDAP clients that are built with the Netscape LDAP C SDK use this procedure when following referrals (the procedure explains what the rebind function is expected to do):
0 as the freeit argument. dnp, passwdp, and authmethodp arguments to point to the following information: dnp argument is set to point to the DN to be used to authenticate to the new LDAP server. passwdp argument is set to point to the credentials for this DN. authmethodp argument is set to point to the method of authentication used (for example, LDAP_AUTH_SIMPLE). LDAP_SUCCESS, and referral processing continues. (If any other value is returned, referral processing stops, and that value is returned as the result code for the original LDAP request.) 1 as the freeit argument. freeit is 0, set the following pointers: dnp to point to the DN to be used for authentication. passwdp to point to the credentials to be used for authentication. authmethodp to point to the method of authentication used (for example, LDAP_AUTH_SIMPLE). arg argument, which is a pointer to the argument specified in the ldap_set_rebind_proc() function.
If successful, return LDAP_SUCCESS. Otherwise, return the appropriate LDAP error code. freeit is 1, free any memory that you allocated to create the DN and credentials. ldap_set_rebind_proc() to register your rebind function.
Note that in order to use the rebind function, the LDAP_OPT_REFERRALS option must be set to LDAP_OPT_ON, so that your client automatically follows referrals. This option is already set to LDAP_OPT_ON by default.
#include "ldap.h"
...
/* Declare your rebind function */
int rebindproc( LDAP *ld, char **dnp, char **passwdp, int *authmethodp, int freeit, void *arg );
...
int main( int argc, char **argv )
{LDAP *ld;
/* Additional argument to be passed to the rebind function */
char *testarg = "cn=Directory Manager";
/* Get a handle to an LDAP connection */
if ( (ld = ldap_init( "directory.myhost.com", 389 )) == NULL ) {perror( "ldap_init" );
return( 1 );
}
/* Specify the function used for reauthentication on referrals */
ldap_set_rebind_proc( ld, rebindproc, (void *)testarg );
/* Authenticate */
if ( ldap_simple_bind_s( ld, "uid=bjensen,ou=People,o=Airius.com",
"hifalutin" ) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_simple_bind_s" );
return( 1 );
}
...
/* Your code to interact with the LDAP server */
...
}
...
/* rebindproc is the rebind function responsible for providing the DN,
credentials, and authentication method used for authenticating the
client to other Directory Servers.
The function should set the following arguments:
- dnp should point to the DN that will be used for authentication.
- passwdp should point to the credentials used for authentication.
- authmethodp should point to the method of authentication to be used
(for example, LDAP_AUTH_SIMPLE).
The function should return LDAP_SUCCESS if successful or an LDAP
error code if an error occurs.
In order to demonstrate how the freeit argument works, this example
uses strdup() to copy the DN and password. You can also just copy
string pointers if the DN and password are already available as
global variables.
*/
int LDAP_CALL LDAP_CALLBACK rebindproc( LDAP *ld, char **dnp, char **passwdp, int *authmethodp, int freeit, void *arg )
{printf( "Rebind function called.\n" );
switch ( freeit ) {/* Your client calls the rebind function with freeit==1 when it needs
to free any memory you've allocated. */
case 1:
printf( "\tFreeing memory.\n" );
if ( dnp && *dnp ) {free( *dnp );
}
if ( passwdp && *passwdp ) {free( *passwdp );
}
break;
/* Your client calls the rebind function with freeit==0 when it needs
to get the DN, credentials, and authentication method. */
case 0:
printf( "\tGetting DN and credentials.\n" );
*dnp = strdup( "uid=username,o=OtherServerSuffix" );
*passwdp = strdup( "23skidoo" );
*authmethodp = LDAP_AUTH_SIMPLE;
break;
default:
printf( "\tUnknown value of freeit argument: %d\n", freeit );
break;
}
/* If you successfully set the DN and credentials, you should return
LDAP_SUCCESS. (Any other return code will stop the client from
automatically following the referral. */
return LDAP_SUCCESS;
}
ldap_simple_bind(), ldap_simple_bind_s().
Last Updated: 10/01/98 17:06:23