Purpose

A directory service associates each of its connections with the object in its tree initially used to authenticate (bind)the connection to it (the object specified by the user name entered during login, we call this the login user object). Operation requests coming in via an unauthenticated connection are associated with an imaginary default object known as public (an object that doesn't actually exist but represents anyone without an authenticated connection). Generally, administrators limit public's access to harmless information. Public is seldomly given rights to create objects or write information to the directory.

An authenticated bind is achieved when the directory service has password-confirmed that an incoming connection should be associated with a particular user object in its tree during login. The administrator gives every user object particular access rights (browse, read, write, etc.) to an arbitrary set of other objects (targets) by entering the login user object's distinguished name in the Access Control Lists (ACLs) of the target objects. If the user object is not listed as a trustee for a requested operation on a target object, the operation is denied. Generally, administrators set up directories so that operations such as object creation/deletion and attribute writes are only allowed with authenticated binds (connections).

This task will show you how to add functionality to your LDAP client-side application to obtain an authenticated bind to an LDAP server over a Secure Sockets Layer (SSL) connection.