Someone who knows Active Directory might give better answers, since your remaining questions relate to the server, not the client. Try your sysadmin, ldap@umich.edu, or some AD-specific group.
Shankar Anand R writes:
If the client does a ldap_search() without doing a ldap_bind() how / where does it present its credentials to the server? When I tried a ldap_search() without doing a ldap_bind() I got an error that said "A successful bind should have been done before this operation". This was with an OpenLDAP client and Active directory 2008 server.
Ah, OK. In that case you just have to do what the server says. The LDAP spec doesn't require it but the server may, as you see.
Can you kindly tell me the minimum, default and maximum timeout values? Or point me to documentation that talks about them?
As far as the LDAP spec is concerned there aren't any. Check with your server's sysadmin, these may be per-server settings (if they are set).
You should be prepared for losing the connection (LDAP_SERVER_DOWN), e.g. due to an idletimeout set in the server. If so, to ldap_unbind, connect and Bind again, and proceed.
Is there any way (for example, a part of bind reply) for the LDAP client to get to know about the session timeout so that the client can try to unbind and bind again before session expiry? Or does the client know about session expiry only after one of its LDAP operations fail with LDAP_SERVER_DOWN?
The latter. Well, the client cal poll for results asynchronously even if it isn't expecting any, and check for LDAP_SERVER_DOWN.