Table of Contents | Previous | Next | Index

Netscape Directory SDK 3.0 for C Programmer’s Guide
Chapter 18 Functions

ldap_simple_bind_s()

Synchronously authenticates your client to the LDAP server using a DN and a password.

Syntax

#include <ldap.h>
int ldap_simple_bind_s( LDAP *ld, const char *who, 
   const char *passwd );

Parameters

This function has the following parameters:

ld
Connection handle, which is a pointer to an LDAP structure containing information about the connection to the LDAP server.

who
Distinguished name (DN) of the user who wants to authenticate. For anonymous authentication, set this or the passwd argument to NULL.

passwd
Password of the user who wants to authenticate. For anonymous authentication, set this or the who argument to NULL.

Returns

One of the following values:

LDAP_SUCCESS if successful.

LDAP_PARAM_ERROR if any of the arguments are invalid.

LDAP_ENCODING_ERROR if an error occurred when BER-encoding the request.

LDAP_SERVER_DOWN if the LDAP server did not receive the request or if the connection to the server was lost.

LDAP_NO_MEMORY if memory cannot be allocated.

LDAP_LOCAL_ERROR if an error occurred when receiving the results from the server.

LDAP_DECODING_ERROR if an error occurred when decoding the BER-encoded results from the server.

LDAP_NOT_SUPPORTED if controls are included in your request (for example, as a session preference) and your LDAP client does not specify that it is using the LDAP v3 protocol. Make sure that you set the version of your LDAP client to version 3 before calling this function. (For details, see "Specifying the LDAP Version of Your Client" on page 54.)

The following result codes can be returned by the Netscape Directory Server when processing an LDAP search request. Other LDAP servers may send these result codes under different circumstances or may send different result codes back to your LDAP client.

LDAP_OPERATIONS_ERROR may be sent by the Netscape Directory Server for general errors encountered by the server when processing the request.

LDAP_PROTOCOL_ERROR if the search request did not comply with the LDAP protocol. The Netscape Directory Server may set this error code in the results for a variety of reasons. Some of these reasons include:

The server encountered an error when decoding your client's BER-encoded request.

The search request received by the server specifies an unknown search scope or filter type.

Your LDAP client attempts to use an extensible search filter and has not specified that it is using the LDAP v3 protocol. Make sure that you set the version of your LDAP client to version 3 before sending the request. (For details, see "Specifying the LDAP Version of Your Client" on page 54.)

The server encountered an error when attempting to sort the search results or when attempting to send sorted results.

LDAP_INVALID_SYNTAX may be sent by the Netscape Directory Server if your LDAP client specified a substring filter containing no value for comparison.

LDAP_NO_SUCH_OBJECT may be sent by the Netscape Directory Server if the entry specified by the base argument does not exist and if no referral URLs are available.

LDAP_REFERRAL may be sent by the Netscape Directory Server if the entry specified by the base argument is not handled by the current server and if referral URLs identify a different server to handle the entry. (For example, if the DN is uid=bjensen, ou=European Sales, o=Airius.com, all entries under ou=European Sales might be handled by a different Directory Server.)

LDAP_TIMELIMIT_EXCEEDED may be sent by the Netscape Directory Server if the search exceeded the maximum time specified by the timeoutp argument.

LDAP_SIZELIMIT_EXCEEDED may be sent by the Netscape Directory Server if the search found more results than the maximum number of results specified by the sizelimit argument.

LDAP_ADMINLIMIT_EXCEEDED may be sent by the Netscape Directory Server if the search found more results than the limit specified by the lookthroughlimit directive in the slapd.conf configuration file. (If not specified in the configuration file, the limit is 5000.)

Note that the Netscape Directory Server may send other result codes in addition to the codes described here (for example, the server may have loaded a custom plug-in that returns other result codes).

Description

The ldap_simple_bind_s() function authenticates to the LDAP server. The function verifies that the password supplied for authentication matches the userPassword attribute of the given entry.

ldap_simple_bind_s() is a synchronous function, which directly returns the results of the operation. If you want to perform other operations while waiting for the results of this operation, call the asynchronous function ldap_simple_bind() instead. (For more information on asynchronous and synchronous functions, see "Calling Synchronous and Asynchronous Functions" on page 80.)

Note that if you specify a DN but no password, your client will bind to the server anonymously. If you want a NULL password to be rejected as an incorrect password, you need to write code to perform the check before you call the ldap_simple_bind_s() function.

For additional information on authenticating to the LDAP server, see "Binding and Authenticating to an LDAP Server" on page 56.

Example

The following section of code uses the synchronous ldap_simple_bind_s() function to authenticate to the directory as the user "Barbara Jensen".

#include <stdio.h>

#include <ldap.h>

...

LDAP *ld;

char *host = "ldap.netscape.com";

char *dn = "uid=bjensen, ou=People, o=Airius.com";

char *pw = "hifalutin";

...

/* Initialize a session with the LDAP server ldap.netscape.com:389 */

if ( ( ld = ldap_init( host, LDAP_PORT ) ) == NULL ) {

   perror( "ldap_init" );

   return( 1 );

/* Attempt to bind with the LDAP server */

if ( ldap_simple_bind_s( ld, dn, pw ) != LDAP_SUCCESS ) {

   ldap_perror( ld, "Authentication failed: " );

   return( 1 );

...

See Also

ldap_simple_bind().

Table of Contents | Previous | Next | Index

Last Updated: 10/01/98 17:06:23