How the Authentication Process Works102 Red Hat Directory Server Plug-in Programmer’s Guide • May 2005m If the credentials are correct, the server sets the SLAPI_CONN_DNparameter to the DN and the SLAPI_CONN_AUTHTYPE parameter toLDAP_AUTH_SIMPLE. The server sends an LDAP_SUCCESS result code backto the client and ends the processing of the bind request.m If the credentials are incorrect, the server sends anLDAP_INVALID_CREDENTIALS result code back to the client and ends theprocessing of the bind request.9. The server calls any pre-operation bind plug-in functions. If the functionreturns a non-zero value, the server ends the processing of the bind request.If you are writing your own plug-in function to handle authentication, youshould return a non-zero value so that the server does not attempt to continueprocessing the bind request.10. The server calls the backend bind function. The bind function returns one ofthe following values:m If the function returns a non-zero value, the server ends the processing ofthe bind request. The bind function is responsible for sending theappropriate result code back to the client before returning a non-zerovalue.m If the function returns 0, the server continues processing the bind request.The server sends the LDAP_SUCCESS result code back to the client. (Thebind function does not do this.)11. If the backend bind function succeeds, the server sets the SLAPI_CONN_DNparameter to the DN and the SLAPI_CONN_AUTHTYPE parameter to theauthentication method.12. The server sends an LDAP_SUCCESS result code back to the client and ends theprocessing of the bind request.If the client’s password is going to expire, the server includes a passwordexpiring control (with the OID 2.16.840.1.113730.3.4.5) with the result sent tothe client. If the client is logging in for the first time and needs to change thepassword, the server includes a password expired control (with the OID2.16.840.1.113730.3.4.4) with the result sent to the client.
