Thanks for the reply. Queries inline.
Shankar Anand R writes:No, not in LDAPv3. It was mandatory in LDAPv2: You started a session
> I see that most LDAP utilities (openldap included) do a ldap_bind() before
> every ldap_search(). Is this mandatory?
with bind and ended it with unbind - which is why the latter is
misnamed, it should have been called "close" or something.
BTW, note that ldap_unbind() is also the destructor for the C LDAP*
structure.
That's up to the server. Ours has set idletimeout so the server closes
> If LDAP descriptor (ld) is valid and can be used for multiple
> ldap_search() calls, when does it become invalid? Is it time based,
> say ld becomes invalid after 10 minutes?
the connection if the client has been passive for some minutes.
> I have an application which needs to search the LDAP server for someDepends on the access controls set in the server. If the attributes are
> specific attributes of users. The user name is taken as input from the
> command line. Is it necessary to do a ldap_bind() before each ldap_search()
> call? Doesn't this make it costly?
publicly available, don't bother to Bind.
(a) Yes, and (b) if you use Simple Bind, not until you Bind again or the
> Can I do ldap_bind() once and call ldap_search() many times? When does my
> "bind" become invalid?
connection is closed. Some authentication methods (Kerberos I think)
will time out a Bind after a while, but the descriptior might still
remain useful - presumably you'll have to Bind again, even if just
anonymously. I haven't tried.
Yes...
> Can my application do this:
> #1 - bind to a LDAP server during initialization
> #2- then do an ldap_search() whenever required
Another Bind invalidates the previous Bind, if that's what you mean.
> #3- then invalidate the ld after 10 minutes
Yup.
> #4- do a ldap_bind() again and repeat from #2?
You should be prepared for losing the connection (LDAP_SERVER_DOWN),
e.g. due to an idletimeout set in the server. If so, to ldap_unbind,
connect and Bind again, and proceed.
--
Hallvard