ABCDEFGHIJKLMNOPQRSTUVWXYZ

ldap_kerberos_bind_s

LDAP_BIND(3)                                                      LDAP_BIND(3)



NAME
       ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_ker-
       beros_bind_s,  ldap_kerberos_bind1,  ldap_kerberos_bind1_s,   ldap_ker-
       beros_bind2,  ldap_kerberos_bind2_s,  ldap_unbind, ldap_unbind_s - LDAP
       bind routines

SYNOPSIS
       #include <ldap.h>

       int ldap_bind(ld, who, cred, method)
       LDAP *ld;
       char *who, *cred;
       int method;

       int ldap_bind_s(ld, who, cred, method)
       LDAP *ld;
       char *who, *cred;
       int method;

       int ldap_simple_bind(ld, who, passwd)
       LDAP *ld;
       char *who, *passwd;

       int ldap_simple_bind_s(ld, who, passwd)
       LDAP *ld;
       char *who, *passwd;

       int ldap_kerberos_bind_s(ld, who)
       LDAP *ld;
       char *who;

       int ldap_kerberos_bind1(ld, who)
       LDAP *ld;
       char *who;

       int ldap_kerberos_bind1_s(ld, who)
       LDAP *ld;
       char *who;

       int ldap_kerberos_bind2(ld, who)
       LDAP *ld;
       char *who;

       int ldap_kerberos_bind2_s(ld, who)
       LDAP *ld;
       char *who;

       int ldap_unbind(ld)
       LDAP *ld;

       int ldap_unbind_s(ld)
       LDAP *ld;

DESCRIPTION
       These routines provide various interfaces to the LDAP  bind  operation.
       After  a  connection  is  made to an LDAP server using ldap_open(3), an
       LDAP bind operation must be performed before other  operations  can  be
       attempted  over  the conection.  Both synchronous and asynchronous ver-
       sions of each variant of the bind call are provided.  There  are  three
       types  of  calls, providing simple authentication, kerberos authentica-
       tion, and general routines to do either one.  All routines take  ld  as
       their first parameter, as returned from ldap_open(3).

SIMPLE AUTHENTICATION
       The  simplest  form of the bind call is ldap_simple_bind_s().  It takes
       the DN to bind as in who, and  the  userPassword  associated  with  the
       entry   in   passwd.    It   returns  an  LDAP  error  indication  (see
       ldap_error(3)).  The ldap_simple_bind() call  is  asynchronous,  taking
       the  same parameters but only initiating the bind operation and return-
       ing the message id of the request it sent.  The result of the operation
       can be obtained by a subsequent call to ldap_result(3).

KERBEROS AUTHENTICATION
       If  the LDAP library and LDAP server being contacted have been compiled
       with the KERBEROS option defined, Kerberos version 4 authentication can
       be  accomplished  by  calling  the  ldap_kerberos_bind_s() routine.  It
       assumes the user already has obtained a  ticket  granting  ticket.   It
       takes  who,  the  DN  of  the entry to bind as.  This routine does both
       steps of the kerberos binding  process  synchronously.   The  ldap_ker-
       beros_bind1_s()  and ldap_kerberos_bind2_s() routines allow synchronous
       access to the individual steps, authenticating to the LDAP  server  and
       DSA, respectively.  The ldap_kerberos_bind1() and ldap_kerberos_bind2()
       routines provide equivalent asynchronous access.

GENERAL AUTHENTICATION
       The ldap_bind() and ldap_bind_s() routines can be used when the authen-
       tication method to use needs to be selected at runtime.  They both take
       an extra method parameter selecting the authentication method  to  use.
       It  should  be  set  to  one  of LDAP_AUTH_SIMPLE, LDAP_AUTH_KRBV41, or
       LDAP_AUTH_KRBV42, to select simple authentication, kerberos authentica-
       tion to the LDAP server, or kerberos authentication to the DSA, respec-
       tively.  ldap_bind() returns the message id of the  request  it  initi-
       ates.  ldap_bind_s() returns an LDAP error indication.

UNBINDING
       The  ldap_unbind() call is used to unbind from the directory, terminate
       the current association, and free the resources  contained  in  the  ld
       structure.   Once  it  is  called, the connection to the LDAP server is
       closed, and the ld structure is invalid.  The ldap_unbind_s()  call  is
       just  another  name  for  ldap_unbind();  both  of these calls are syn-
       chronous in nature.

ERRORS
       Asynchronous routines will return -1 in  case  of  error,  setting  the
       ld_errno  parameter  of  the ld structure.  Synchronous routines return
       whatever ld_errno is set to.  See ldap_error(3) for more information.

SEE ALSO
       ldap(3), ldap_error(3), ldap_open(3)

ACKNOWLEDGEMENTS
       OpenLDAP  is  developed  and  maintained  by   The   OpenLDAP   Project
       (http://www.openldap.org/).   OpenLDAP  is  derived  from University of
       Michigan LDAP 3.3 Release.



OpenLDAP 2.0.27-Release        22 September 1998                  LDAP_BIND(3)