| Directory Services |
The LDAP session handle returned by the ldap_init function is a pointer to an opaque data type that represents an LDAP session. In earlier versions of LDAP, this data type was a structure exposed to the caller, and various fields in the structure could be set to control aspects of the session, such as the size of result sets, and time limits on searches.
In the interest of protecting callers from inevitable changes to this structure, these aspects of the session are now accessed through a pair of accessor functions.
Call ldap_get_option to access the current value of sessionwide optional parameters. In the following table, the Output Values column provides information about the data returned from calling the ldap_get_option function. Call ldap_set_option to set the value of these parameters. For more information about how to use these functions, see the code example that follows the table.
The following options are defined, where LDAP_OPT_ON = 1 and LDAP_OPT_OFF = 0.
| Option Parameters | Descriptions | Data Type | Output Values |
|---|---|---|---|
| LDAP_OPT_API_INFO (0x00) | Returns data on the current API (including supported extensions). | LDAPAPIInfo | Pointer to an LDAPAPIInfo structure used to hold the returned data. |
| LDAP_OPT_API_FEATURE_INFO (0x15) | Returns data on the extensions supported by the current API | LDAPAPIFeatureInfo | Pointer to an LDAPAPIFeatureInfo structure used to hold the returned data. |
| LDAP_OPT_AREC_EXCLUSIVE (0x98) | Performs an A-Record only DNS lookup on the supplied host string. Use this flag when passing a fully-qualified, DNS hostname as opposed to a domain name for the hostname parameter. Using this option can help reduce dialup traffic for branch sites by avoiding a query to the remote DNS server for SRV records lookup. This is a Microsoft-specific option. | ULONG | LDAP_OPT_ON or
LDAP_OPT_OFF (default) |
| LDAP_OPT_DEREF (0x02) | Determines how aliases are handled during search. | ULONG | LDAP_DEREF_NEVER (0x00)(default) LDAP_DEREF_SEARCHING (0x01) LDAP_DEREF_FINDING (0x02) LDAP_DEREF_ALWAYS (0x03) The LDAP_DEREF_SEARCHING value means that aliases should be dereferenced during the search, but not when locating the base object of the search. The LDAP_DEREF_FINDING value means that aliases should be dereferenced when locating the base object, but not during the search. |
| LDAP_OPT_DESC (0x01) | The underlying socket descriptor corresponding to the default LDAP connection. | SOCKET | The value of the socket. |
| LDAP_OPT_ERROR_NUMBER (0x31) | Provides an error code. This is a Microsoft-specific option. | ULONG | The code of the most recent LDAP error that occurred for this session. |
| LDAP_OPT_ERROR_STRING (0x32) | Provides an error message. This is a Microsoft-specific option. | TCHAR * | The message returned with the most recent LDAP error that occurred for this session. |
| LDAP_OPT_SERVER_ERROR (0x33) | Provides an error message. This is a Microsoft-specific option | TCHAR * | The message returned with the most recent server error that occurred for this session. |
| LDAP_OPT_SERVER_EXT_ERROR (0x34) | Provides a Win32 error-code message. This is a Microsoft-specific option. | ULONG | The message returned with the most recent Win32 server error that occurred for this session. |
| LDAP_OPT_HOST_NAME (0x30) | Returns the name of the LDAP server associated with the connection. This is a Microsoft-specific option. | TCHAR * | The host name of the default LDAP server. Returns the host name of the server in Unicode or ANSI, contingent on the use of ldap_get_optionW or ldap_get_optionA, respectively. The server-name string returned by this option should not be freed by the user, as it is automatically freed when ldap_unbind is called |
| LDAP_OPT_HOST_REACHABLE (0x3E) | This is a Microsoft-specific option. | ULONG | LDAP_OPT_ON (default) or LDAP_OPT_OFF. |
| LDAP_OPT_PROTOCOL_VERSION or LDAP_OPT_VERSION (0x11) | Indicates the version of the default LDAP server. | ULONG | LDAP_VERSION2 or LDAP_VERSION3. If no version is set, the default is LDAP_VERSION2. |
| LDAP_OPT_REFERRAL_HOP_LIMIT (0x10) | The maximum number of referrals that will be followed when automatically tracking a referral for a particular request. | ULONG | 0 - 232-1. A value of LDAP_NO_LIMIT (zero) means that there is no limit. For more information, see LDAP_OPT_REFERRALs. The default value is 32. |
| LDAP_OPT_REFERRALS (0x08) | Controls whether or not the LDAP library automatically follows referrals returned by LDAP servers. | ULONG | LDAP_OPT_ON (default) LDAP_OPT_OFF A value of LDAP_CHASE_SUBORDINATE_REFERRALS indicates that LDAP should chase subordinate referrals (or references) returned in a search (LDAP 3 or later). A value of LDAP_CHASE_EXTERNAL_REFERRALS indicates that LDAP should chase external referrals. These can be returned on any operation except a bind. |
| LDAP_OPT_SIZELIMIT (0x03) | A limit on the number of entries to return from a search. | ULONG | 0 - 232-1. A value of LDAP_NO_LIMIT (zero) indicates that there is no limit (default). |
| LDAP_OPT_SSL (0x0A) | Enables Secure Socket Layer on connection. | ULONG | LDAP_OPT_ON or
LDAP_OPT_OFF(default). |
| LDAP_OPT_TIMELIMIT (0x04) | A limit on the number of seconds the server will wait to complete a bind. This also specifies the limit on the number of seconds the server spends on a search. | ULONG | 0 - 232-1. Setting a value of 0 (zero) for a bind will cause the server to use its default value of 120 seconds. Setting a value of LDAP_NO_LIMIT (zero) for a search operation means that there is no limit (default). |
| LDAP_OPT_THREAD_FN_PTRS (0x05) | Not supported. | Not supported. | |
| LDAP_OPT_REBIND_FN (0x06) | Not supported. | Not supported. | |
| LDAP_OPT_REBIND_ARG (0x07) | Not supported. | Not supported. | |
| LDAP_OPT_RESTART (0x09) | Not supported. | Not supported. | |
| LDAP_OPT_IO_FN_PTRS (0x0B) | Not supported. | Not supported. | |
| LDAP_OPT_CACHE_FN_PTRS (0x0D) | Not supported. | Not supported. | |
| LDAP_OPT_CACHE_STRATEGY (0x0E) | Not supported. | Not supported. | |
| LDAP_OPT_CACHE_ENABLE (0x0F) | Not supported. | Not supported. |
The following options control the keep-alive logic. Keep-alive requests are sent as Internet Control Message Protocol (ICMP) request messages, which currently do not go through firewalls. This is because an LDAP server located behind a firewall may be incorrectly detected as being down by the runtime, because it fails to respond to pings, when it is being slow to respond to requests. To avoid this, you can turn off ICMP pings by setting LDAP_OPT_PING_LIMIT to zero. TCP keep-alives can be used instead.
| Option Parameters | Descriptions | Data Type | Output Values |
|---|---|---|---|
| LDAP_OPT_PING_KEEP_ALIVE (0x36) | The minimum number of seconds the run time waits, after the last response from the server, before sending a keep-alive ping. | ULONG | Default value is 120 seconds. |
| LDAP_OPT_PING_LIMIT (0x38) | The number of unanswered pings that the run time sends before closing a connection. | ULONG | Default value is 4. |
| LDAP_OPT_PING_WAIT_TIME (0x37) | The number of milliseconds that the run time waits for the response to come back after sending a ping. | ULONG | Default value is 2000 milliseconds. |
| LDAP_OPT_TCP_KEEPALIVE (0x40) | Turns on TCP keep-alives. This is separate from the ICMP ping keep-alive mechanism (LDAP_OPT_PING_KEEP_ALIVE), and enables the keep-alive mechanism built into the TCP protocol. This has no effect when using connectionless (UDP) LDAP. Keep-alives must be enabled before the connection is established, and last for the duration of the specific LDAP session. This is a Microsoft-specific option and is supported beginning with Windows XP clients and Windows Server 2003 family. | ULONG | LDAP_OPT_ON or LDAP_OPT_OFF (default). |
The following options are Microsoft-specific.
| Option Parameters | Descriptions | Data Type | Output Values |
|---|---|---|---|
| LDAP_OPT_AUTO_RECONNECT (0x91) | Enables/disables auto-reconnect. A Microsoft-specific option. | ULONG | LDAP_OPT_ON (default) or LDAP_OPT_OFF. |
| LDAP_OPT_DNSDOMAIN_NAME (0x3B) | Return the DNS name of the domain. A Microsoft-specific option. | TCHAR * | The DNS host name. |
| LDAP_OPT_GETDSNAME_FLAGS (0x3D) | A Microsoft-specific option. | ULONG | The flags for DsGetDcName:
DS_FORCE_REDISCOVERY |
| LDAP_OPT_PROMPT_CREDENTIALS (0x3F) | Indicates whether to prompt for credentials. Required only for distributed password authentication (DPA) and Windows NT LAN Manager if no credentials are loaded. A Microsoft-specific option. | ULONG | LDAP_OPT_ON (default) or LDAP_OPT_OFF. |
| LDAP_OPT_SSPI_FLAGS (0x92) | Flags to pass to the SSPI function InitializeSecurityContext A Microsoft-specific option. | ULONG | |
| LDAP_OPT_SSL_INFO (0x93) | Retrieves data about the current secure connection. A Microsoft-specific option. | SecPkgContext_ConnectionInfo * | A pointer to a valid SecPkgContext_ConnectionInfo structure used to return the security information. |
| LDAP_OPT_SIGN (0x95) | Enables/disables Kerberos signing prior to binding using the LDAP_AUTH_NEGOTIATE flag. Cannot be used over an SSL connection. When used with Windows XP clients and Windows XP servers, NTLM signing is also supported. A Microsoft-specific option. | ULONG | LDAP_OPT_ON or
LDAP_OPT_OFF (default). |
| LDAP_OPT_ENCRYPT (0x96) | Enables/disables Kerberos encryption prior to binding using the LDAP_AUTH_NEGOTIATE flag. Cannot be used over an SSL connection. When used with Windows XP clients and Windows XP servers, NTLM encryption is also supported. A Microsoft-specific option. | ULONG | LDAP_OPT_ON or
LDAP_OPT_OFF (default). |
| LDAP_OPT_SASL_METHOD (0x97) | Sets/retrieves the preferred SASL binding method prior to binding using the LDAP_AUTH_NEGOTIATE flag. A Microsoft-specific option. | TCHAR * | The SASL method name. One example is "GSSAPI". |
| LDAP_OPT_SECURITY_CONTEXT (0x99) | Retrieves the security context associated with the current connection. A Microsoft-specific option. | PCtxtHandle | A pointer to a CtxtHandle structure must be supplied. |
| LDAP_OPT_FAST_CONCURRENT_BIND (0x41) | Enables fast/concurrent binds on a previously unbound LDAP session. Cannot be enabled if either LDAP_OPT_SIGN or LDAP_OPT_ENCRYPT have been set, and all binds performed in the session must be simple binds once this option is set for a session. | ULONG | LDAP_OPT_ON or
LDAP_OPT_OFF (default). |
| LDAP_OPT_SEND_TIMEOUT (0x42) | The limit on the number of seconds that the local LDAP client will wait while attempting to send data to a remote computer. If the send operation is not completed before the timeout period expires, the LDAP call will fail with an LDAP_TIMEOUT error code. | ULONG | 0 - 232-1. A value of LDAP_NO_LIMIT (zero) means that send timeouts are disabled. The default value is 0. |
| LDAP_OPT_ROOTDSE_CACHE (0x9A) | Enable/disable the internal RootDSE cache (ON by default). A Microsoft-specific option. | ULONG | LDAP_OPT_ON (default)
or LDAP_OPT_OFF. |
| LDAP_OPT_REFERRAL_CALLBACK (0x70) | Sets/retrieves the default callback routines when tracking referrals. A Microsoft-specific option. | LDAP_REFERRAL_CALLBACK* | Pointer to an LDAP_REFERRAL_CALLBACK structure. |
| LDAP_OPT_CLIENT_CERTIFICATE (0x80) | Sets/retrieves the default callback routine for specifying client certificates while establishing an SSL connection. A Microsoft-specific option. | QUERYCLIENTCERT* | Pointer to a QUERYCLIENTCERT callback routine. |
| LDAP_OPT_SERVER_CERTIFICATE (0x81) | Sets/retrieves the default callback routine for verifying server certificates while establishing an SSL connection. A Microsoft-specific option. | VERIFYSERVERCERT* | Pointer to a VERIFYSERVERCERT callback routine. |
| LDAP_OPT_REF_DEREF_CONN_PER_MSG (0x94) | Enables/disables the referencing of the connection on a per message basis. Must be set before calling ldap_conn_from_msg. A Microsoft-specific option. | ULONG | LDAP_OPT_ON or
LDAP_OPT_OFF (default). |
The folowing code example shows how to retrieve some of the default values for the option settings described in the preceding table.
//--------------------------------------------------------
// Retreiving Session Options
//--------------------------------------------------------
#include <windows.h>
#include <winldap.h>
#include <stdio.h>
int main(int argc, char* argv[])
{
PCHAR hostName = "rhadsidoc.fabrikam.com";
LDAP* pLdapConnection = NULL;
ULONG option = 0;
ULONG getOptSuccess = 0;
ULONG connectSuccess = 0;
PCHAR pOptionChar = NULL;
LDAPAPIInfo myInfo;
LDAPAPIInfo* pMyInfo = &myInfo;
//-----------------------------------------------------------
// Initialize a session. LDAP_PORT is the default port, 389.
//-----------------------------------------------------------
pLdapConnection = ldap_init(hostName, LDAP_PORT);
if (pLdapConnection == NULL)
printf( "ldap_init failed with 0x%x.\n",GetLastError());
else
printf("ldap_init succeeded \n");
//--------------------------------------------------------
// Connect to the server
//--------------------------------------------------------
connectSuccess = ldap_connect(pLdapConnection, NULL);
if(connectSuccess == LDAP_SUCCESS)
printf("ldap_connect succeeded \n");
else
{
printf("ldap_connect failed with 0x%x.\n",connectSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get the LDAP version used in this session
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_PROTOCOL_VERSION,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("The current LDAP version number is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_API_INFO
//---------------------------------------------------------
pMyInfo->ldapai_info_version = LDAP_API_INFO_VERSION;
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_API_INFO,
(void*) pMyInfo);
if(getOptSuccess == LDAP_SUCCESS)
{
printf("LDAP Revision Number is %d \n",
pMyInfo->ldapai_api_version);
printf("Highest LDAP Version Supported is %d \n",
pMyInfo->ldapai_protocol_version);
printf("The Vendor Name is %s \n",
pMyInfo->ldapai_vendor_name);
printf("The Vendor Version is %d \n",
pMyInfo->ldapai_vendor_version);
}
else
{
printf("Get LDAP_OPT_API_INFO failed with 0x%x.\n",
getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_AREC_EXCLUSIVE.
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_AREC_EXCLUSIVE,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_AREC_EXCLUSIVE is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_DEREF
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_DEREF,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_DEREF is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_HOST_NAME
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_HOST_NAME,
(void*) &pOptionChar);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_HOST_NAME is %s \n", pOptionChar);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_HOST_REACHABLE
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_HOST_REACHABLE,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_HOST_REACHABLE is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_REFERRAL_HOP_LIMIT
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_REFERRAL_HOP_LIMIT,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_REFERRAL_HOP_LIMIT is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_REFERRALS
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_REFERRALS,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_REFERRALS is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_SIZELIMIT
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_SIZELIMIT,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_SIZELIMIT is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_SSL
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_SSL,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_SSL is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_TIMELIMIT
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_TIMELIMIT,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_TIMELIMIT is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_AUTO_RECONNECT
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_AUTO_RECONNECT,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_AUTO_RECONNECT is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//---------------------------------------------------------
// Get LDAP_OPT_PROMPT_CREDENTIALS
//---------------------------------------------------------
getOptSuccess = ldap_get_option(pLdapConnection,
LDAP_OPT_PROMPT_CREDENTIALS,
(void*) &option);
if(getOptSuccess == LDAP_SUCCESS)
printf("LDAP_OPT_PROMPT_CREDENTIALS is %d \n", option);
else
{
printf("ldap_get_option failed with 0x%x.\n",getOptSuccess);
goto error_exit;
}
//----------------------------------------------------------
// Normal cleanup and exit
//----------------------------------------------------------
ldap_unbind(pLdapConnection);
ldap_memfree(pOptionChar);
return 0;
//----------------------------------------------------------
// On error cleanup and exit
//----------------------------------------------------------
error_exit:
ldap_unbind(pLdapConnection);
ldap_memfree(pOptionChar);
return -1;
}
The following list shows the command line output from the preceding code example.
ldap_init succeeded ldap_connect succeeded The current LDAP version number is 2 LDAP Revision Number is 2004 Highest LDAP Version Supported is 3 The Vendor Name is Microsoft Corporation. The Vendor Version is 510 LDAP_OPT_AREC_EXCLUSIVE is 0 LDAP_OPT_DEREF is 0 LDAP_OPT_HOST_NAME is rhadsidoc.fabrikam.com LDAP_OPT_HOST_REACHABLE is 1 LDAP_OPT_REFERRAL_HOP_LIMIT is 32 LDAP_OPT_REFERRALS is 1 LDAP_OPT_SIZELIMIT is 0 LDAP_OPT_SSL is 0 LDAP_OPT_TIMELIMIT is 0 LDAP_OPT_AUTO_RECONNECT is 1 LDAP_OPT_PROMPT_CREDENTIALS is 1