Effective with Windows® 2000, the LDAP run time supports the
following features not available in Windows NT® 4.0 or Windows
98:
Auto-reconnect.
Client certificate support for SSL connections
(QUERYCLIENTCERT).
Explicit kerberos authentication: This provides users the
ability to explicitly select any authentication package and thus
avoid having the Simple Protected Negotiation (SPNEGO) package
choose one for them.
Parallel connect for performance improvement: This improves
connect times to domain controllers (DCs), especially when some DCs
are non-operational.
Multithreaded error handling in LDAP: This provides users
access to the custom error messages sent out by the server on a
per-thread basis.
Secure Sockets Layer (SSL) strength testing: this provides
users the ability to obtain all interesting parameters of an SSL
connection.
Service Principle Names for directory authentication: This
provides connection to the intended domain controller irrespective
of bad records in DNS.
Handler for disconnect notification: This recognizes a special
message sent asynchronously from the server and changes the
connection state accordingly.