#include <ldap.h>
int ldap_sasl_bind_s( LDAP *ld, const char *dn,
const char *mechanism, struct berval *cred,
LDAPControl **serverctrls, LDAPControl **clientctrls,
struct berval **servercredp );
ld |
Connection handle, which is a pointer to an |
dn | |
mechanism | Name of the SASL mechanism that you want to use for authentication. |
cred |
Pointer to the |
serverctrls |
Pointer to an array of |
clientctrls |
Pointer to an array of |
servercredp |
Pointer to a pointer to an
When done, you can free this by calling the |
LDAP_SUCCESS if your client authenticated successfully to the server. LDAP_PARAM_ERROR if an invalid parameter was passed to the function. LDAP_NOT_SUPPORTED if your LDAP client does not specify that it is using the LDAP v3 protocol. Make sure that you set the version of your LDAP client to version 3 before calling this function. (For details, see "Specifying the LDAP Version of Your Client" on page 54.) LDAP_ENCODING_ERROR if an error occurred when BER-encoding the request to send to the server. LDAP_DECODING_ERROR if an error occurred when the LDAP API library was decoding the BER-encoded results received from the server. LDAP_NO_MEMORY if memory cannot be allocated. LDAP_SERVER_DOWN if the LDAP server did not receive the request or if the connection to the server was lost. LDAP_LOCAL_ERROR if an error occurred when receiving the results from the server. LDAP_OPERATIONS_ERROR may be sent by the Netscape Directory Server if the server cannot parse the LDAP controls that you are passing as arguments.LDAP_UNAVAILABLE_CRITICAL_EXTENSION may be sent by the Netscape Directory Server if you specify a critical LDAP control that is not supported by the server. LDAP_AUTH_METHOD_NOT_SUPPORTED can be set by the Netscape Directory Server if the SASL mechanism that you specify is not supported by the server (or if you specify an empty string as the SASL mechanism). LDAP_PROTOCOL_ERROR if the bind request sent by this function did not comply with the LDAP protocol. The Netscape Directory Server may set this error code in the results for a variety of reasons. Some of these reasons include: LDAP_NO_SUCH_OBJECT if the DN in the original bind request does not exist or LDAP_INVALID_CREDENTIALS if the credentials in the original bind request were incorrect). In the Netscape Directory Server, the people deploying the server are responsible for implementing the authentication mechanisms for SASL authentication. Check with your server administrator for additional result codes returned to the client.
ldap_sasl_bind_s() function authenticates your client to an LDAP server by using a specified SASL mechanism. The LDAP server must support authentication through that SASL mechanism. (The Netscape Directory Server 3.0 supports a server plug-in interface that you can use to add SASL support to the server. For details, see the Netscape Directory Server 3.0 Programmer's Guide.)
After authenticating a client through SASL, an LDAP server can return a set of credentials in the results. The servercredp argument points to this value.
ldap_sasl_bind_s() is a synchronous function, which directly returns the results of the operation. If you want to perform other operations while waiting for the results of this operation, call the asynchronous function ldap_sasl_bind() instead. (For more information on asynchronous and synchronous functions, see "Calling Synchronous and Asynchronous Functions" on page 80.)
For additional information on authenticating through SASL mechanisms, see Chapter 13, "Using SASL Authentication".
ldap_sasl_bind().
Last Updated: 10/01/98 17:06:23