Show Table of Contents
7.2. Processing an LDAP Bind Operation
When the Directory Server receives an LDAP bind request from a client, the frontend determines the DN the client is attempting to bind and the authentication method being used. The frontend also gets the credentials used for authentication and, if SASL is used for authentication, the SASL mechanism used.
7.2.1. Defining Functions for the Bind Operation
In the parameter block, the following parameters specify plug-in functions that are called in the process of executing a bind operation:
- The
SLAPI_PLUGIN_PRE_BIND_FNparameter specifies the pre-operation bind function. - The
SLAPI_PLUGIN_POST_BIND_FNparameter specifies the post-operation bind function.
To register the plug-in functions, call slapi_pblock_set() to set these parameters in your initialization function. Refer to Section 2.2.3, “Registering Your Plug-in Functions”.
Your pre-operation and post-operation bind functions should return
0 if successful. If the pre-operation function returns a non-zero value, the post-operation bind function is never called.
For information on defining a function that handles authentication, refer to Chapter 8, Defining Functions for Authentication.
7.2.2. Getting and Setting Parameters for the Bind Operation
The frontend makes this information available to pre-operation and post-operation plug-in functions in the form of parameters in a parameter block.
Table 7.1. Parameters for the Bind Operation
| Parameter ID | Data Type | Description |
|---|---|---|
SLAPI_BIND_TARGET | char * | DN of the entry as which to bind. |
SLAPI_BIND_METHOD | int | Authentication method used; for example, LDAP_AUTH_SIMPLE or LDAP_AUTH_SASL. |
SLAPI_BIND_CREDENTIALS | struct berval * | Credentials from the bind request. |
SLAPI_BIND_RET_SASLCREDS | struct berval * | The credentials that you want sent to the client. Set this before calling slapi_send_ldap_result(). |
SLAPI_BIND_SASLMECHANISM | char * | SASL mechanism used; for example, LDAP_SASL_EXTERNAL. |
If the
SLAPI_BIND_SASLMECHANISM parameter is empty, simple authentication was used, and simple credentials were provided.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.