The BIND_LDAP call

The BIND_LDAP call establishes a session with an LDAP server.

The LDAP server is identified by one of the following:

The LDAP URL and the distinguished name and password of the user authorized to extract the expected data.
A RACF® profile in the LDAPBIND class that contains the LDAP URL and distinguished name and password. This is the preferred option, as you do not need to code LDAP credentials in your application.

BIND_LDAP

  DFHDDAPX [CALL],
      [CLEAR],                     
      [IN,                                
      FUNCTION(BIND_LDAP),               
      {LDAP_BIND_PROFILE(block-descriptor)|
      LDAP_SERVER_URL((block-descriptor),DISTINGUISHED_NAME((block-descriptor),
      PASSWORD(block-descriptor),}
      [CACHE_SIZE(name4),CACHE_TIME_LIMIT(name4),]]
      [OUT,                               
      LDAP_SESSION_TOKEN(name4),      
      [LDAP_RESPONSE(name4),]                  
      RESPONSE(name1 | *),                              
      REASON(name1 | *)]

This command is threadsafe.

Parameters

CACHE_SIZE(name4): a fullword that specifies the number of bytes available for caching LDAP search results. A value of zero indicates an unlimited cache size. If CACHE_SIZE is specified, CACHE_TIME_LIMIT must also be specified. If neither parameter is specified, results will not be cached.
CACHE_TIME_LIMIT(name4): a fullword that specifies the amount of time (in seconds) that LDAP search results are cached. A value of zero indicates an unlimited cache time limit.
DISTINGUISHED_NAME(block-descriptor): specifies the location of the LDAP distinguished name, of the user permitted to bind to the chosen server. The block-descriptor is two fullwords of data, in which the first word contains the address of the data, and the second word contains the length in bytes of the data.; For more information on block-descriptors, see XPI syntax.
LDAP_BIND_PROFILE(block-descriptor): specifies the location of the name of a RACF profile in the LDAPBIND class that contains the URL and credentials for the LDAP server being accessed. The block-descriptor is two fullwords of data, in which the first word contains the address of the data, and the second word contains the length in bytes of the data.; For more information on block-descriptors, see XPI syntax. You should specify either LDAP_BIND_PROFILE, or all three LDAP_SERVER_URL, DISTINGUISHED_NAME and PASSWORD parameters.
LDAP_RESPONSE(name4): specifies the return code that is sent by the LDAP API, in response to receiving URL and user credentials.
LDAP_SERVER_URL(block-descriptor): specifies the location of the LDAP URL (in the format ldap://server:port) of the LDAP server being accessed. If the colon and port number are omitted, the port defaults to 389. The block-descriptor is two fullwords of data, in which the first word contains the address of the data, and the second word contains the length in bytes of the data.; For more information on block-descriptors, see XPI syntax.
LDAP_SESSION_TOKEN(name4): the name of the fullword token that specifies the LDAP connection.
PASSWORD(block-descriptor): specifies the location of the password for the user identified in the DISTINGUISHED_NAME input. The block-descriptor is two fullwords of data, in which the first word contains the address of the data, and the second word contains the length in bytes of the data.; For more information on block-descriptors, see XPI syntax.

RESPONSE and REASON values

The following table shows the RESPONSE and REASON values for BIND_LDAP.

RESPONSE	REASON
OK	None
EXCEPTION	INVALID_BUFFER_LENGTH
	INVALID_LDAP_PROFILE
	INVALID_LDAP_URL
	LDAP_INACTIVE
	NOTAUTH
	NOTFOUND
DISASTER	None
INVALID	None
KERNERROR	None
PURGED	None

Note: For more detail, refer to the explanation of RESPONSE and REASON in Making an XPI call.