Authenticating an LDAP Client

Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

The bind operation identifies the person (or device or application) that is trying to connect to the server by providing a distinguished name and some type of authentication credential, such as a password. The exact credentials depend on the authentication method being used. You can also bind anonymously by passing NULL parameters.

The ldap_simple_bindfunctions use a clear text password for authentication. Call the ldap_bindor ldap_bind_sfunction to use authentication services, such as the Windows NT® LAN Manager (NTLM), distributed password authentication, or the Generic Security Services API. Note that ldap_bindis not supported for Negotiate.

The following code example shows how to bind to a server using NTLM.

	Copy Code
#include <windows.h> #include <winldap.h> #include <winber.h> #include <tchar.h> LPTSTR szServer[64], szUserName[32], szPassword[32], szDomain[64], szOutput[128]; WORD wPort; ULONG ulAuthMethod, ulLdapError; LDAP ld; SEC_WINNT_AUTH_IDENTITY AuthId; _tcscpy( szServer, TEXT("dc.microsoft.com") ); wPort = LDAP_PORT; _tcscpy( szUserName, TEXT("Admin") ); _tcscpy( szPassword, TEXT("Password") ); _tcscpy( szDomain, TEXT("MICROSOFT") ); ulAuthMethod = LDAP_AUTH_NTLM; // ... // Set up AuthId for NTLM authentication AuthId.User = _tcslen(szUserName) ? szUserName : NULL; AuthId.UserLength = _tcslen(szUserName); AuthId.Domain = _tcslen(szDomain) ? szDomain : NULL; AuthId.DomainLength = _tcslen(szDomain); AuthId.Password = _tcslen(szPassword) ? szPassword : NULL; AuthId.PasswordLength = _tcslen(szPassword); #ifdef UNICODE AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; #else AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; #endif ld = ldap_init( szServer, wPort ); if( ld == NULL ) { wsprintf (szOutput, TEXT("ldap_init() failed. Error: %u"), LdapGetLastError()); MessageBox (NULL, szOutput, TEXT("Error"), MB_OK); return FALSE; } // use v3 Client ULONG version = LDAP_VERSION3; ulLdapError = ldap_set_option( ld, LDAP_OPT_VERSION, &version ); if( ulLdapError != LDAP_SUCCESS ) { wsprintf (szOutput, TEXT("ldap_set_option() failed. Error: %u"), ulLdapError); MessageBox (NULL, szOutput, TEXT("Error"), MB_OK); ldap_unbind( ld ); return FALSE; } ulLdapError = ldap_bind_s( ld, (ulAuthMethod == LDAP_AUTH_SIMPLE) ? AuthId.User : NULL, (ulAuthMethod == LDAP_AUTH_SIMPLE) ? AuthId.Password : (TCHAR ) &AuthId, ulAuthMethod ); if( ulLdapError != LDAP_SUCCESS ) { wsprintf (szOutput, TEXT("ldap_bind_s() failed. Error: %u"), ulLdapError); MessageBox (NULL, szOutput, TEXT("Error"), MB_OK); ldap_unbind( ld ); return FALSE; } // Successfully bound to the server! // Request information from the directory and/or modify it... ldap_unbind( ld ); return TRUE;

Copy Code

#include <windows.h>
#include <winldap.h>
#include <winber.h>
#include <tchar.h>

LPTSTR szServer[64], szUserName[32], szPassword[32], szDomain[64],
szOutput[128];
WORD wPort;
ULONG ulAuthMethod, ulLdapError;
LDAP *ld;
SEC_WINNT_AUTH_IDENTITY AuthId;

_tcscpy( szServer, TEXT("dc.microsoft.com") );
wPort = LDAP_PORT;

_tcscpy( szUserName, TEXT("Admin") );
_tcscpy( szPassword, TEXT("Password") );
_tcscpy( szDomain, TEXT("MICROSOFT") );

ulAuthMethod = LDAP_AUTH_NTLM;

// ...

// Set up AuthId for NTLM authentication
AuthId.User = _tcslen(szUserName) ? szUserName : NULL;
AuthId.UserLength = _tcslen(szUserName);
AuthId.Domain = _tcslen(szDomain) ? szDomain : NULL;
AuthId.DomainLength = _tcslen(szDomain);
AuthId.Password = _tcslen(szPassword) ? szPassword : NULL;
AuthId.PasswordLength = _tcslen(szPassword);
#ifdef UNICODE
AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
#else
AuthId.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
#endif

ld = ldap_init( szServer, wPort );
if( ld == NULL )
{
   wsprintf (szOutput, TEXT("ldap_init() failed. Error: %u"),
LdapGetLastError());
   MessageBox (NULL, szOutput, TEXT("Error"), MB_OK);
   return FALSE;
}

// use v3 Client
ULONG version = LDAP_VERSION3;
ulLdapError = ldap_set_option( ld, LDAP_OPT_VERSION, &version
);
if( ulLdapError != LDAP_SUCCESS )
{
   wsprintf (szOutput, TEXT("ldap_set_option() failed. Error: %u"),
ulLdapError);
   MessageBox (NULL, szOutput, TEXT("Error"), MB_OK);
   ldap_unbind( ld );
   return FALSE;
}

ulLdapError = ldap_bind_s( 
ld, 
(ulAuthMethod == LDAP_AUTH_SIMPLE) ? AuthId.User : NULL,
(ulAuthMethod == LDAP_AUTH_SIMPLE) ? AuthId.Password : (TCHAR *)
&AuthId, 
ulAuthMethod );

if( ulLdapError != LDAP_SUCCESS )
{
   wsprintf (szOutput, TEXT("ldap_bind_s() failed. Error: %u"),
ulLdapError);
   MessageBox (NULL, szOutput, TEXT("Error"), MB_OK);
   ldap_unbind( ld );
   return FALSE;
}

// Successfully bound to the server!

// Request information from the directory and/or modify it...

ldap_unbind( ld );
return TRUE;

See Also

Concepts