这不是在LDAP上执行密码检查的正确方法，您应该尝试使用从第一次搜索中获得的dn进行绑定以及提供的密码.

This is not really the right way to perform a password check on LDAP, what you should do is attempt to bind using the dn obtained from the first search and the password supplied.

即您执行第二次绑定以验证密码.如果绑定失败，则密码不正确.

i.e. you perform a second bind to verify the password. If the bind fails then the password is incorrect.

类似于:

    if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
        printf( "dn: %s\n", dn );
        /* rebind */
        ldap_initialize(&ld2, LDAP_SERVER);
        rc = ldap_simple_bind_s(ld2, dn, "secret");
        printf("%d\n", rc);
        if (rc != 0) {
            printf("Failed.\n");
        } else {
            printf("Works.\n");
            ldap_unbind(ld2);
        }
        ldap_memfree( dn );
    }

出于安全原因，表明用户名不正确(即搜索用户帐户失败)，通常被视为过度披露，应避免使用.

For security reasons indicating that the username is incorrect (i.e. the search for the user account fails) is generally considered excessive disclosure, and should be avoided.