Directory Services

Using Concurrent Binding

Concurrent or 'fast' binds enable an application to request multiple binds over a single LDAP connection. Unlike a normal LDAP bind, a concurrent bind does not determine a user’s group association or build a security token; it only determines if the user has a valid ID and password and that their account is enabled. This enables the concurrent bind to complete in a fraction of the time of a normal bind.

To enable concurrent binding on an LDAP connection, the application sets the LDAP_OPT_FAST_CONCURRENT_BIND session option after the LDAP connection has been initialized, but before any binds have been performed. When concurrent binding has been enabled for a particular LDAP session, it cannot be disabled without closing the session connection.

Concurrent binding cannot be enabled on an LDAP session if signing or data encryption have already been enabled. Attempting to enable concurrent binding on sessions with signing or data encryption will result in the ldap_set_option call failing with an LDAP_UNWILLING_TO_PERFORM error code.

When concurrent binding is enabled on an LDAP session, only simple binds may be performed in that session and all simple binds are fast binds. As a result all subsequent bind requests will not be serialized internally by the LDAP client and the binds will not generate a security token. Any binds performed in this session are done as Anonymous, and because data encryption is not allowed any data sent through this session will appear on the network in an unencrypted form. If the application attempts to use a non-simple bind on a session with concurrent binding enabled, the call will fail and return with an LDAP_UNWILLING_TO_PERFORM error code.

The following example shows how to create an LDAP session with concurrent binding enabled.

ULONG ldap_open_fast_bind_session(LPTSTR pHostName, PLDAP pSession)
{
	ULONG lRtn = LDAP_SUCCESS;
	ULONG version = LDAP_VERSION3;

	// Initialize a session. LDAP_PORT is the default port, 389.
	pSession = ldap_init(pHostName, LDAP_PORT);
	if (pLS == NULL)
		return LdapGetLastError();

	// Set the version to 3.0 (default is 2.0).
	lRtn = ldap_set_option(pSession,
						 LDAP_OPT_PROTOCOL_VERSION,
						 (void*)&version);

	// Enable concurrent binding.
	if (lRtn == LDAP_SUCCESS)
		lRtn = ldap_set_option(pSession,
							 LDAP_OPT_FAST_CONCURRENT_BIND,
							 LDAP_OPT_ON);

	// Cleanup on error.
	if (lRtn != LDAP_SUCCESS)
		ldap_unbind(pSession);
	return lRtn;
}