2.2.6.2.5 LDAP Bind

Whenever the server locator issues LDAP commands to the Active Directory, it must first bind to the Active Directory.  Binding is accomplished by this processing sequence. If any of the operations specified below fail, the entire sequence MUST be terminated.

  1. The Client invokes the Initialize an ADConnection task, as defined in [MS-ADTS] section 7.6.1.1, with the following parameters:

    • TaskInputTargetName: Name of the domain controller as determined by DsrGetDcNameEx2 and documented in the individual sections where LDAP is used.

    • TaskInputPortNumber: 389.

    Store the new TaskReturnADConnection returned from the task as the ADConnection ADM element.

    If the task returns failure, application MUST be terminated and an event SHOULD be logged using an implementation-specific mechanism.

  2. The client invokes the Setting an LDAP Option on an ADConnection task, as defined in [MS-ADTS] section 7.6.1.2, with the following parameters:

    • TaskInputADConnection: Value of the ADConnection ADM element.

    • TaskInputOptionName: LDAP_OPT_AUTH_INFO.

    • TaskInputOptionValue:

      • bindMethod: SASL using the GSS-SPNEGO mechanism ([MS-ADTS] section 5.1.1.1.1)

      • name: NULL

      • password: NULL

    If the task returns failure, the application MUST be terminated and an event SHOULD be logged using an implementation-specific mechanism.

  3. The Client invokes the Establishing an ADConnection task, as defined in [MS-ADTS] section 7.6.1.3, with the following parameter:

    • TaskInputADConnection: Value of the ADConnection ADM element.

    If the task returns FALSE, the application MUST be terminated and an event SHOULD be logged using an implementation-specific mechanism.

  4. After the Active Directory connection is initialized and the options are set, the client invokes the Performing an LDAP Bind on an ADConnection task, as defined in [MS-ADTS] section 7.6.1.4, with the following parameter:

    • TaskInputADConnection: Value of the ADConnection ADM element.

    If the TaskReturnStatus returned is not zero, the application MUST be terminated and an event SHOULD be logged using an implementation-specific mechanism.