Binding to an LDAP Server

Binding is the step where the LDAP server authenticates the client and, if the client is successfully authenticated, allows the client access to the LDAP server based on that client's privileges.

If a connection was created using ldap_connect, and if no binding function is called, on a LDAP v3 server, you run as anonymous.

To explicitly bind, use one of the binding functions. If a connection was not created using ldap_connect, the binding step also makes the connection to the server. The connection is of a type originally specified in the initialization and set up of the connection block. Encryption and integrity validation is established if using SASL signing and sealing. Encryption is established if using TLS (SSL). For more information, see Initializing a Session and Getting and Setting Session Options.

The LDAP client-side, run-time library automatically attempts to reconnect a broken connection. This reconnection occurs when a client attempts to access a connection that no longer exists. If the server does not respond within the set bind timeout period (the default is two minutes), the run time pings the server with ICMP packets until it receives a response. For more information, see LDAP_OPT_AUTO_RECONNECT in Session Options.

The bind timeout period can be set with the LDAP_OPT_TIMELIMIT session option. If this option is not set on a connection, the LDAP client uses a default timeout value of 120 seconds (2 minutes).

There are four functions that enable a client to explicitly request authentication and connection to a LDAP server - two that are synchronous and two that are asynchronous. Two of the functions, ldap_simple_bind_s (synchronous) and ldap_simple_bind (asynchronous) work similarly, so only the synchronous version (ldap_simple_bind_s) is discussed here. However, because there are differences, both of the functions ldap_bind_s (synchronous) and ldap_bind (asynchronous) are discussed in other topics.