Directory Services |
Although it is not required that a client call ldap_connect to establish a connection to the server, it is good programming practice to do so. If you do not call ldap_connect but, instead, call another function, like ldap_bind_s, that function will detect that there is no connection and will establish the connection itself. However, if you must troubleshoot this part of your application, establishing the connection prior to making a call to some other function, will separate the possible problems if the connection fails. Another reason for calling ldap_connect prior to calling other functions is that you may want to specify certain options at the time that the connection is made. For example, a client can call ldap_init to initialize a session, then call ldap_connect with a non-NULL timeout parameter value, to connect to the server with a specified timeout.
The ldap_connect function simply connects to the server. It does not perform authentication. If the call to ldap_connect succeeds, and if an explicit bind is not performed, the client can perform further operations as an anonymous user.
Calling ldap_connect does not establish SASL signing or sealing (encryption). However, TLS (SSL) encryption will be established if all the necessary preliminaries, such as having certificates set up on both client and server, have been taken care of, and you have requested that SSL/TLS be used on the connection.