mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
1236 lines
40 KiB
Plaintext
1236 lines
40 KiB
Plaintext
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Network Working Group T. Howes
|
|||
|
Request for Comments: 1823 M. Smith
|
|||
|
Category: Informational University of Michigan
|
|||
|
August 1995
|
|||
|
|
|||
|
|
|||
|
The LDAP Application Program Interface
|
|||
|
|
|||
|
Status of this Memo
|
|||
|
|
|||
|
This memo provides information for the Internet community. This memo
|
|||
|
does not specify an Internet standard of any kind. Distribution of
|
|||
|
this memo is unlimited.
|
|||
|
|
|||
|
1. Introduction
|
|||
|
|
|||
|
This document defines a C language application program interface to
|
|||
|
the lightweight directory access protocol (LDAP). The LDAP API is
|
|||
|
designed to be powerful, yet simple to use. It defines compatible
|
|||
|
synchronous and asynchronous interfaces to LDAP to suit a wide
|
|||
|
variety of applications. This document gives a brief overview of the
|
|||
|
LDAP model, then an overview of how the API is used by an application
|
|||
|
program to obtain LDAP information. The API calls are described in
|
|||
|
detail, followed by an appendix that provides some example code
|
|||
|
demonstrating the use of the API.
|
|||
|
|
|||
|
2. Overview of the LDAP Model
|
|||
|
|
|||
|
LDAP is the lightweight directory access protocol, described in [2]
|
|||
|
and [7]. It can provide a lightweight frontend to the X.500 directory
|
|||
|
[1], or a stand-alone service. In either mode, LDAP is based on a
|
|||
|
client-server model in which a client makes a TCP connection to an
|
|||
|
LDAP server, over which it sends requests and receives responses.
|
|||
|
|
|||
|
The LDAP information model is based on the entry, which contains
|
|||
|
information about some object (e.g., a person). Entries are composed
|
|||
|
of attributes, which have a type and one or more values. Each
|
|||
|
attribute has a syntax that determines what kinds of values are
|
|||
|
allowed in the attribute (e.g., ASCII characters, a jpeg photograph,
|
|||
|
etc.) and how those values behave during directory operations (e.g.,
|
|||
|
is case significant during comparisons).
|
|||
|
|
|||
|
Entries are organized in a tree structure, usually based on
|
|||
|
political, geographical, and organizational boundaries. Each entry is
|
|||
|
uniquely named relative to its sibling entries by its relative
|
|||
|
distinguished name (RDN) consisting of one or more distinguished
|
|||
|
attribute values from the entry. At most one value from each
|
|||
|
attribute may be used in the RDN. For example, the entry for the
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 1]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
person Babs Jensen might be named with the "Barbara Jensen" value
|
|||
|
from the commonName attribute. A globally unique name for an entry,
|
|||
|
called a distinguished name or DN, is constructed by concatenating
|
|||
|
the sequence of RDNs from the root of the tree down to the entry. For
|
|||
|
example, if Babs worked for the University of Michigan, the DN of her
|
|||
|
U-M entry might be "cn=Barbara Jensen, o=University of Michigan,
|
|||
|
c=US". The DN format used by LDAP is defined in [4].
|
|||
|
|
|||
|
Operations are provided to authenticate, search for and retrieve
|
|||
|
information, modify information, and add and delete entries from the
|
|||
|
tree. The next sections give an overview of how the API is used and
|
|||
|
detailed descriptions of the LDAP API calls that implement all of
|
|||
|
these functions.
|
|||
|
|
|||
|
3. Overview of LDAP API Use
|
|||
|
|
|||
|
An application generally uses the LDAP API in four simple steps.
|
|||
|
|
|||
|
o Open a connection to an LDAP server. The ldap_open() call
|
|||
|
returns a handle to the connection, allowing multiple
|
|||
|
connections to be open at once.
|
|||
|
|
|||
|
o Authenticate to the LDAP server and/or the X.500 DSA. The
|
|||
|
ldap_bind() call and friends support a variety of
|
|||
|
authentication methods.
|
|||
|
|
|||
|
o Perform some LDAP operations and obtain some results.
|
|||
|
ldap_search() and friends return results which can be parsed
|
|||
|
by ldap_result2error(), ldap_first_entry(), ldap_next_entry(),
|
|||
|
etc.
|
|||
|
|
|||
|
o Close the connection. The ldap_unbind() call closes the
|
|||
|
connection.
|
|||
|
|
|||
|
Operations can be performed either synchronously or asynchronously.
|
|||
|
Synchronous calls end in _s. For example, a synchronous search can be
|
|||
|
completed by calling ldap_search_s(). An asynchronous search can be
|
|||
|
initiated by calling ldap_search(). All synchronous routines return
|
|||
|
an indication of the outcome of the operation (e.g, the constant
|
|||
|
LDAP_SUCCESS or some other error code). The asynchronous routines
|
|||
|
return the message id of the operation initiated. This id can be used
|
|||
|
in subsequent calls to ldap_result() to obtain the result(s) of the
|
|||
|
operation. An asynchronous operation can be abandoned by calling
|
|||
|
ldap_abandon().
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 2]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
Results and errors are returned in an opaque structure called
|
|||
|
LDAPMessage. Routines are provided to parse this structure, step
|
|||
|
through entries and attributes returned, etc. Routines are also
|
|||
|
provided to interpret errors. The next sections describe these
|
|||
|
routines in more detail.
|
|||
|
|
|||
|
4. Calls for performing LDAP operations
|
|||
|
|
|||
|
This section describes each LDAP operation API call in detail. All
|
|||
|
calls take a "connection handle", a pointer to an LDAP structure
|
|||
|
containing per-connection information. Many routines return results
|
|||
|
in an LDAPMessage structure. These structures and others are
|
|||
|
described as needed below.
|
|||
|
|
|||
|
4.1. Opening a connection
|
|||
|
|
|||
|
ldap_open() opens a connection to the LDAP server.
|
|||
|
|
|||
|
typedef struct ldap {
|
|||
|
/* ... opaque parameters ... */
|
|||
|
int ld_deref;
|
|||
|
int ld_timelimit;
|
|||
|
int ld_sizelimit;
|
|||
|
int ld_errno;
|
|||
|
char *ld_matched;
|
|||
|
char *ld_error;
|
|||
|
/* ... opaque parameters ... */
|
|||
|
} LDAP;
|
|||
|
|
|||
|
LDAP *ldap_open( char *hostname, int portno );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
hostname Contains a space-separated list of hostnames or dotted
|
|||
|
strings representing the IP address of hosts running an
|
|||
|
LDAP server to connect to. The hosts are tried in the
|
|||
|
order listed, stopping with the first one to which a
|
|||
|
successful connection is made;
|
|||
|
|
|||
|
portno contains the TCP port number to which to connect. The
|
|||
|
default LDAP port can be obtained by supplying the
|
|||
|
constant LDAP_PORT.
|
|||
|
|
|||
|
ldap_open() returns a "connection handle", a pointer to an LDAP
|
|||
|
structure that should be passed to subsequent calls pertaining to the
|
|||
|
connection. It returns NULL if the connection cannot be opened. One
|
|||
|
of the ldap_bind calls described below must be completed before other
|
|||
|
operations can be performed on the connection.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 3]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
The calling program should assume nothing about the order of the
|
|||
|
fields in the LDAP structure. There may be other fields in the
|
|||
|
structure for internal library use. The fields shown above are
|
|||
|
described as needed in the description of other calls below.
|
|||
|
|
|||
|
4.2. Authenticating to the directory
|
|||
|
|
|||
|
ldap_bind() and friends are used to authenticate to the directory.
|
|||
|
|
|||
|
int ldap_bind( LDAP *ld, char *dn, char *cred, int method );
|
|||
|
|
|||
|
int ldap_bind_s( LDAP *ld, char *dn, char *cred, int method );
|
|||
|
|
|||
|
int ldap_simple_bind( LDAP *ld, char *dn, char *passwd );
|
|||
|
|
|||
|
int ldap_simple_bind_s( LDAP *ld, char *dn, char *passwd );
|
|||
|
|
|||
|
int ldap_kerberos_bind( LDAP *ld, char *dn );
|
|||
|
|
|||
|
int ldap_kerberos_bind_s( LDAP *ld, char *dn );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
dn The name of the entry to bind as;
|
|||
|
|
|||
|
cred The credentials with which to authenticate;
|
|||
|
|
|||
|
method One of LDAP_AUTH_SIMPLE, LDAP_AUTH_KRBV41, or
|
|||
|
LDAP_AUTH_KRBV42, indicating the authentication method to use;
|
|||
|
|
|||
|
passwd For ldap_simple_bind(), the password to compare to the entry's
|
|||
|
userPassword attribute;
|
|||
|
|
|||
|
There are three types of bind calls, providing simple authentication,
|
|||
|
kerberos authentication, and general routines to do either one. In
|
|||
|
the case of Kerberos version 4 authentication using the general
|
|||
|
ldap_bind() routines, the credentials are ignored, as the routines
|
|||
|
assume a valid ticket granting ticket already exists which can be
|
|||
|
used to retrieve the appropriate service tickets.
|
|||
|
|
|||
|
Synchronous versions of the routines have names that end in _s.
|
|||
|
These routines return the result of the bind operation, either the
|
|||
|
constant LDAP_SUCCESS if the operation was successful, or another
|
|||
|
LDAP error code if it was not. See the section below on error
|
|||
|
handling for more information about possible errors and how to
|
|||
|
interpret them.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 4]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
Asynchronous versions of these routines return the message id of the
|
|||
|
bind operation initiated. A subsequent call to ldap_result(),
|
|||
|
described below, can be used to obtain the result of the bind. In
|
|||
|
case of error, these routines will return -1, setting the ld_errno
|
|||
|
field in the LDAP structure appropriately.
|
|||
|
|
|||
|
Note that no other operations over the connection should be attempted
|
|||
|
before a bind call has successfully completed. Subsequent bind calls
|
|||
|
can be used to re-authenticate over the same connection.
|
|||
|
|
|||
|
4.3. Closing the connection
|
|||
|
|
|||
|
ldap_unbind() is used to unbind from the directory and close the
|
|||
|
connection.
|
|||
|
|
|||
|
int ldap_unbind( LDAP *ld );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle.
|
|||
|
|
|||
|
ldap_unbind() works synchronously, unbinding from the directory,
|
|||
|
closing the connection, and freeing up the ld structure before
|
|||
|
returning. ldap_unbind() returns LDAP_SUCCESS (or another LDAP error
|
|||
|
code if the request cannot be sent to the LDAP server). After a call
|
|||
|
to ldap_unbind(), the ld connection handle is invalid.
|
|||
|
|
|||
|
4.4. Searching
|
|||
|
|
|||
|
ldap_search() and friends are used to search the LDAP directory,
|
|||
|
returning a requested set of attributes for each entry matched.
|
|||
|
There are three variations.
|
|||
|
|
|||
|
struct timeval {
|
|||
|
long tv_sec;
|
|||
|
long tv_usec;
|
|||
|
};
|
|||
|
int ldap_search(
|
|||
|
LDAP *ld,
|
|||
|
char *base,
|
|||
|
int scope,
|
|||
|
char *filter,
|
|||
|
char *attrs[],
|
|||
|
int attrsonly
|
|||
|
);
|
|||
|
int ldap_search_s(
|
|||
|
LDAP *ld,
|
|||
|
char *base,
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 5]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
int scope,
|
|||
|
char *filter,
|
|||
|
char *attrs[],
|
|||
|
int attrsonly,
|
|||
|
LDAPMessage **res
|
|||
|
);
|
|||
|
int ldap_search_st(
|
|||
|
LDAP *ld,
|
|||
|
char *base,
|
|||
|
int scope,
|
|||
|
char *filter,
|
|||
|
char *attrs[],
|
|||
|
int attrsonly,
|
|||
|
struct timeval *timeout,
|
|||
|
LDAPMessage **res
|
|||
|
);
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
base The dn of the entry at which to start the search;
|
|||
|
|
|||
|
scope One of LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, or
|
|||
|
LDAP_SCOPE_SUBTREE, indicating the scope of the search;
|
|||
|
|
|||
|
filter A character string as described in RFC 1558 [3],
|
|||
|
representing the search filter;
|
|||
|
|
|||
|
attrs A NULL-terminated array of strings indicating which
|
|||
|
attributes to return for each matching entry. Passing
|
|||
|
NULL for this parameter causes all available attributes
|
|||
|
to be retrieved;
|
|||
|
|
|||
|
attrsonly A boolean value that should be zero if both attribute
|
|||
|
types and values are to be returned, non-zero if only
|
|||
|
types are wanted;
|
|||
|
|
|||
|
timeout For the ldap_search_st() call, this specifies the local
|
|||
|
search timeout value;
|
|||
|
|
|||
|
res For the synchronous calls, this is a result parameter
|
|||
|
which will contain the results of the search upon
|
|||
|
completion of the call.
|
|||
|
|
|||
|
There are three fields in the ld connection handle which control how
|
|||
|
the search is performed. They are:
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 6]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
ld_sizelimit A limit on the number of entries to return from the
|
|||
|
search. A value of zero means no limit;
|
|||
|
|
|||
|
ld_timelimit A limit on the number of seconds to spend on the search.
|
|||
|
A value of zero means no limit;
|
|||
|
|
|||
|
ld_deref One of LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING,
|
|||
|
LDAP_DEREF_FINDING, or LDAP_DEREF_ALWAYS, specifying
|
|||
|
how aliases should be handled during the search. The
|
|||
|
LDAP_DEREF_SEARCHING value means aliases should be
|
|||
|
dereferenced during the search but not when locating
|
|||
|
the base object of the search. The LDAP_DEREF_FINDING
|
|||
|
value means aliases should be dereferenced when
|
|||
|
locating the base object but not during the search.
|
|||
|
|
|||
|
An asynchronous search is initiated by calling ldap_search(). It
|
|||
|
returns the message id of the initiated search. The results of the
|
|||
|
search can be obtained by a subsequent call to ldap_result(). The
|
|||
|
results can be parsed by the result parsing routines described in
|
|||
|
detail later. In case of error, -1 is returned and the ld_errno
|
|||
|
field in the LDAP structure is set appropriately.
|
|||
|
|
|||
|
A synchronous search is performed by calling ldap_search_s() or
|
|||
|
ldap_search_st(). The routines are identical, except that
|
|||
|
ldap_search_st() takes an additional parameter specifying a timeout
|
|||
|
for the search. Both routines return an indication of the result of
|
|||
|
the search, either LDAP_SUCCESS or some error indication (see Error
|
|||
|
Handling below). The entries returned from the search (if any) are
|
|||
|
contained in the res parameter. This parameter is opaque to the
|
|||
|
caller. Entries, attributes, values, etc., should be extracted by
|
|||
|
calling the parsing routines described below. The results contained
|
|||
|
in res should be freed when no longer in use by calling
|
|||
|
ldap_msgfree(), described later.
|
|||
|
|
|||
|
4.5. Reading an entry
|
|||
|
|
|||
|
LDAP does not support a read operation directly. Instead, this
|
|||
|
operation is emulated by a search with base set to the DN of the
|
|||
|
entry to read, scope set to LDAP_SCOPE_BASE, and filter set to
|
|||
|
"(objectclass=*)". attrs contains the list of attributes to return.
|
|||
|
|
|||
|
4.6. Listing the children of an entry
|
|||
|
|
|||
|
LDAP does not support a list operation directly. Instead, this
|
|||
|
operation is emulated by a search with base set to the DN of the
|
|||
|
entry to list, scope set to LDAP_SCOPE_ONELEVEL, and filter set to
|
|||
|
"(objectclass=*)". attrs contains the list of attributes to return
|
|||
|
for each child entry.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 7]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
4.7. Modifying an entry
|
|||
|
|
|||
|
The ldap_modify() and ldap_modify_s() routines are used to modify an
|
|||
|
existing LDAP entry.
|
|||
|
|
|||
|
typedef struct ldapmod {
|
|||
|
int mod_op;
|
|||
|
char *mod_type;
|
|||
|
union {
|
|||
|
char **modv_strvals;
|
|||
|
struct berval **modv_bvals;
|
|||
|
} mod_vals;
|
|||
|
} LDAPMod;
|
|||
|
#define mod_values mod_vals.modv_strvals
|
|||
|
#define mod_bvalues mod_vals.modv_bvals
|
|||
|
|
|||
|
int ldap_modify( LDAP *ld, char *dn, LDAPMod *mods[] );
|
|||
|
|
|||
|
int ldap_modify_s( LDAP *ld, char *dn, LDAPMod *mods[] );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
dn The name of the entry to modify;
|
|||
|
|
|||
|
mods A NULL-terminated array of modifications to make to the
|
|||
|
entry.
|
|||
|
|
|||
|
The fields in the LDAPMod structure have the following meanings:
|
|||
|
|
|||
|
mod_op The modification operation to perform. It should be one of
|
|||
|
LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. This
|
|||
|
field also indicates the type of values included in the
|
|||
|
mod_vals union. It is ORed with LDAP_MOD_BVALUES to select
|
|||
|
the mod_bvalues form. Otherwise, the mod_values form is
|
|||
|
used;
|
|||
|
|
|||
|
mod_type The type of the attribute to modify;
|
|||
|
|
|||
|
mod_vals The values (if any) to add, delete, or replace. Only one of
|
|||
|
the mod_values or mod_bvalues variants should be used,
|
|||
|
selected by ORing the mod_op field with the constant
|
|||
|
LDAP_MOD_BVALUES. mod_values is a NULL-terminated array of
|
|||
|
zero-terminated strings and mod_bvalues is a NULL-terminated
|
|||
|
array of berval structures that can be used to pass binary
|
|||
|
values such as images.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 8]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
For LDAP_MOD_ADD modifications, the given values are added to the
|
|||
|
entry, creating the attribute if necessary. For LDAP_MOD_DELETE
|
|||
|
modifications, the given values are deleted from the entry, removing
|
|||
|
the attribute if no values remain. If the entire attribute is to be
|
|||
|
deleted, the mod_vals field should be set to NULL. For
|
|||
|
LDAP_MOD_REPLACE modifications, the attribute will have the listed
|
|||
|
values after the modification, having been created if necessary. All
|
|||
|
modifications are performed in the order in which they are listed.
|
|||
|
|
|||
|
ldap_modify_s() returns the LDAP error code resulting from the
|
|||
|
modify operation. This code can be interpreted by ldap_perror()
|
|||
|
and friends.
|
|||
|
|
|||
|
ldap_modify() returns the message id of the request it initiates, or
|
|||
|
-1 on error. The result of the operation can be obtained by calling
|
|||
|
ldap_result().
|
|||
|
|
|||
|
4.8. Modifying the RDN of an entry
|
|||
|
|
|||
|
The ldap_modrdn() and ldap_modrdn_s() routines are used to change the
|
|||
|
name of an LDAP entry.
|
|||
|
|
|||
|
int ldap_modrdn(
|
|||
|
LDAP *ld,
|
|||
|
char *dn,
|
|||
|
char *newrdn,
|
|||
|
int deleteoldrdn
|
|||
|
);
|
|||
|
int ldap_modrdn_s(
|
|||
|
LDAP *ld,
|
|||
|
char *dn,
|
|||
|
char *newrdn,
|
|||
|
int deleteoldrdn
|
|||
|
);
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
dn The name of the entry whose RDN is to be changed;
|
|||
|
|
|||
|
newrdn The new RDN to give the entry;
|
|||
|
|
|||
|
deleteoldrdn A boolean value, if non-zero indicating that the old
|
|||
|
RDN value(s) should be removed, if zero indicating that
|
|||
|
the old RDN value(s) should be retained as non-
|
|||
|
distinguished values of the entry.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 9]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
The ldap_modrdn_s() routine is synchronous, returning the LDAP error
|
|||
|
code indicating the outcome of the operation.
|
|||
|
|
|||
|
The ldap_modrdn() routine is asynchronous, returning the message id
|
|||
|
of the operation it initiates, or -1 in case of trouble. The result
|
|||
|
of the operation can be obtained by calling ldap_result().
|
|||
|
|
|||
|
4.9. Adding an entry
|
|||
|
|
|||
|
ldap_add() and ldap_add_s() are used to add entries to the LDAP
|
|||
|
directory.
|
|||
|
|
|||
|
int ldap_add( LDAP *ld, char *dn, LDAPMod *attrs[] );
|
|||
|
|
|||
|
int ldap_add_s( LDAP *ld, char *dn, LDAPMod *attrs[] );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
dn The name of the entry to add;
|
|||
|
|
|||
|
attrs The entry's attributes, specified using the LDAPMod structure
|
|||
|
defined for ldap_modify(). The mod_type and mod_vals fields
|
|||
|
should be filled in. The mod_op field is ignored unless ORed
|
|||
|
with the constant LDAP_MOD_BVALUES, used to select the
|
|||
|
mod_bvalues case of the mod_vals union.
|
|||
|
|
|||
|
Note that the parent of the entry must already exist.
|
|||
|
|
|||
|
ldap_add_s() is synchronous, returning the LDAP error code indicating
|
|||
|
the outcome of the operation.
|
|||
|
|
|||
|
ldap_add() is asynchronous, returning the message id of the operation
|
|||
|
it initiates, or -1 in case of trouble. The result of the operation
|
|||
|
can be obtained by calling ldap_result().
|
|||
|
|
|||
|
4.10. Deleting an entry
|
|||
|
|
|||
|
ldap_delete() and ldap_delete_s() are used to delete entries from the
|
|||
|
LDAP directory.
|
|||
|
|
|||
|
int ldap_delete( LDAP *ld, char *dn );
|
|||
|
|
|||
|
int ldap_delete_s( LDAP *ld, char *dn );
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 10]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
dn The name of the entry to delete.
|
|||
|
|
|||
|
Note that the entry to delete must be a leaf entry (i.e., it must
|
|||
|
have no children). Deletion of entire subtrees is not supported by
|
|||
|
LDAP.
|
|||
|
|
|||
|
ldap_delete_s() is synchronous, returning the LDAP error code
|
|||
|
indicating the outcome of the operation.
|
|||
|
|
|||
|
ldap_delete() is asynchronous, returning the message id of the
|
|||
|
operation it initiates, or -1 in case of trouble. The result of the
|
|||
|
operation can be obtained by calling ldap_result().
|
|||
|
|
|||
|
5. Calls for abandoning an operation
|
|||
|
|
|||
|
ldap_abandon() is used to abandon an operation in progress.
|
|||
|
|
|||
|
int ldap_abandon( LDAP *ld, int msgid );
|
|||
|
|
|||
|
ldap_abandon() abandons the operation with message id msgid. It
|
|||
|
returns zero if the abandon was successful, -1 otherwise. After a
|
|||
|
successful call to ldap_abandon(), results with the given message id
|
|||
|
are never returned from a call to ldap_result().
|
|||
|
|
|||
|
6. Calls for obtaining results
|
|||
|
|
|||
|
ldap_result() is used to obtain the result of a previous
|
|||
|
asynchronously initiated operation. ldap_msgfree() frees the results
|
|||
|
obtained from a previous call to ldap_result(), or a synchronous
|
|||
|
search routine.
|
|||
|
|
|||
|
int ldap_result(
|
|||
|
LDAP *ld,
|
|||
|
int msgid,
|
|||
|
int all,
|
|||
|
struct timeval *timeout,
|
|||
|
LDAPMessage **res
|
|||
|
);
|
|||
|
|
|||
|
int ldap_msgfree( LDAPMessage *res );
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 11]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
msgid The message id of the operation whose results are to be
|
|||
|
returned, or the constant LDAP_RES_ANY if any result is
|
|||
|
desired;
|
|||
|
|
|||
|
all A boolean parameter that only has meaning for search
|
|||
|
results. If non-zero it indicates that all results of a
|
|||
|
search should be retrieved before any are returned. If zero,
|
|||
|
search results (entries) will be returned one at a time as
|
|||
|
they arrive;
|
|||
|
|
|||
|
timeout A timeout specifying how long to wait for results to be
|
|||
|
returned. A NULL value causes ldap_result() to block until
|
|||
|
results are available. A timeout value of zero second
|
|||
|
specifies a polling behavior;
|
|||
|
|
|||
|
res For ldap_result(), a result parameter that will contain the
|
|||
|
result(s) of the operation. For ldap_msgfree(), the result
|
|||
|
chain to be freed, obtained from a previous call to
|
|||
|
ldap_result() or ldap_search_s() or ldap_search_st().
|
|||
|
|
|||
|
Upon successful completion, ldap_result() returns the type of the
|
|||
|
result returned in the res parameter. This will be one of the
|
|||
|
following constants.
|
|||
|
|
|||
|
LDAP_RES_BIND
|
|||
|
LDAP_RES_SEARCH_ENTRY
|
|||
|
LDAP_RES_SEARCH_RESULT
|
|||
|
LDAP_RES_MODIFY
|
|||
|
LDAP_RES_ADD
|
|||
|
LDAP_RES_DELETE
|
|||
|
LDAP_RES_MODRDN
|
|||
|
LDAP_RES_COMPARE
|
|||
|
|
|||
|
ldap_result() returns 0 if the timeout expired and -1 if an error
|
|||
|
occurs, in which case the ld_errno field of the ld structure will be
|
|||
|
set accordingly.
|
|||
|
|
|||
|
ldap_msgfree() frees the result structure pointed to be res and
|
|||
|
returns the type of the message it freed.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 12]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
7. Calls for error handling
|
|||
|
|
|||
|
The following calls are used to interpret errors returned by other
|
|||
|
LDAP API routines.
|
|||
|
|
|||
|
int ldap_result2error(
|
|||
|
LDAP *ld,
|
|||
|
LDAPMessage *res,
|
|||
|
int freeit
|
|||
|
);
|
|||
|
|
|||
|
char *ldap_err2string( int err );
|
|||
|
|
|||
|
void ldap_perror( LDAP *ld, char *msg );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
res The result of an LDAP operation as returned by ldap_result()
|
|||
|
or one of the synchronous API operation calls;
|
|||
|
|
|||
|
freeit A boolean parameter indicating whether the res parameter
|
|||
|
should be freed (non-zero) or not (zero);
|
|||
|
|
|||
|
err An LDAP error code, as returned by ldap_result2error() or
|
|||
|
one of the synchronous API operation calls;
|
|||
|
|
|||
|
msg A message to be displayed before the LDAP error message.
|
|||
|
|
|||
|
ldap_result2error() is used to convert the LDAP result message
|
|||
|
obtained from ldap_result(), or the res parameter returned by one of
|
|||
|
the synchronous API operation calls, into a numeric LDAP error code.
|
|||
|
It also parses the ld_matched and ld_error portions of the result
|
|||
|
message and puts them into the connection handle information. All the
|
|||
|
synchronous operation routines call ldap_result2error() before
|
|||
|
returning, ensuring that these fields are set correctly. The relevant
|
|||
|
fields in the connection structue are:
|
|||
|
|
|||
|
ld_matched In the event of an LDAP_NO_SUCH_OBJECT error return, this
|
|||
|
parameter contains the extent of the DN matched;
|
|||
|
|
|||
|
ld_error This parameter contains the error message sent in the
|
|||
|
result by the LDAP server.
|
|||
|
|
|||
|
ld_errno The LDAP error code indicating the outcome of the
|
|||
|
operation. It is one of the following constants:
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 13]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
LDAP_SUCCESS
|
|||
|
LDAP_OPERATIONS_ERROR
|
|||
|
LDAP_PROTOCOL_ERROR
|
|||
|
LDAP_TIMELIMIT_EXCEEDED
|
|||
|
LDAP_SIZELIMIT_EXCEEDED
|
|||
|
LDAP_COMPARE_FALSE
|
|||
|
LDAP_COMPARE_TRUE
|
|||
|
LDAP_STRONG_AUTH_NOT_SUPPORTED
|
|||
|
LDAP_STRONG_AUTH_REQUIRED
|
|||
|
LDAP_NO_SUCH_ATTRIBUTE
|
|||
|
LDAP_UNDEFINED_TYPE
|
|||
|
LDAP_INAPPROPRIATE_MATCHING
|
|||
|
LDAP_CONSTRAINT_VIOLATION
|
|||
|
LDAP_TYPE_OR_VALUE_EXISTS
|
|||
|
LDAP_INVALID_SYNTAX
|
|||
|
LDAP_NO_SUCH_OBJECT
|
|||
|
LDAP_ALIAS_PROBLEM
|
|||
|
LDAP_INVALID_DN_SYNTAX
|
|||
|
LDAP_IS_LEAF
|
|||
|
LDAP_ALIAS_DEREF_PROBLEM
|
|||
|
LDAP_INAPPROPRIATE_AUTH
|
|||
|
LDAP_INVALID_CREDENTIALS
|
|||
|
LDAP_INSUFFICIENT_ACCESS
|
|||
|
LDAP_BUSY
|
|||
|
LDAP_UNAVAILABLE
|
|||
|
LDAP_UNWILLING_TO_PERFORM
|
|||
|
LDAP_LOOP_DETECT
|
|||
|
LDAP_NAMING_VIOLATION
|
|||
|
LDAP_OBJECT_CLASS_VIOLATION
|
|||
|
LDAP_NOT_ALLOWED_ON_NONLEAF
|
|||
|
LDAP_NOT_ALLOWED_ON_RDN
|
|||
|
LDAP_ALREADY_EXISTS
|
|||
|
LDAP_NO_OBJECT_CLASS_MODS
|
|||
|
LDAP_RESULTS_TOO_LARGE
|
|||
|
LDAP_OTHER
|
|||
|
LDAP_SERVER_DOWN
|
|||
|
LDAP_LOCAL_ERROR
|
|||
|
LDAP_ENCODING_ERROR
|
|||
|
LDAP_DECODING_ERROR
|
|||
|
LDAP_TIMEOUT
|
|||
|
LDAP_AUTH_UNKNOWN
|
|||
|
LDAP_FILTER_ERROR
|
|||
|
LDAP_USER_CANCELLED
|
|||
|
LDAP_PARAM_ERROR
|
|||
|
LDAP_NO_MEMORY
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 14]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
ldap_err2string() is used to convert a numeric LDAP error code, as
|
|||
|
returned by ldap_result2error() or one of the synchronous API
|
|||
|
operation calls, into an informative NULL-terminated character string
|
|||
|
message describing the error. It returns a pointer to static data.
|
|||
|
|
|||
|
ldap_perror() is used to print the message supplied in msg, followed
|
|||
|
by an indication of the error contained in the ld_errno field of the
|
|||
|
ld connection handle, to standard error.
|
|||
|
|
|||
|
8. Calls for parsing search entries
|
|||
|
|
|||
|
The following calls are used to parse the entries returned by
|
|||
|
ldap_search() and friends. These entries are returned in an opaque
|
|||
|
structure that should only be accessed by calling the routines
|
|||
|
described below. Routines are provided to step through the entries
|
|||
|
returned, step through the attributes of an entry, retrieve the name
|
|||
|
of an entry, and retrieve the values associated with a given
|
|||
|
attribute in an entry.
|
|||
|
|
|||
|
8.1. Stepping through a set of entries
|
|||
|
|
|||
|
The ldap_first_entry() and ldap_next_entry() routines are used to
|
|||
|
step through a set of entries in a search result.
|
|||
|
ldap_count_entries() is used to count the number of entries returned.
|
|||
|
|
|||
|
LDAPMesage *ldap_first_entry( LDAP *ld, LDAPMessage *res );
|
|||
|
|
|||
|
LDAPMesage *ldap_next_entry( LDAP *ld, LDAPMessage *entry );
|
|||
|
|
|||
|
int ldap_count_entries( LDAP *ld, LDAPMessage *res );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
res The search result, as obtained by a call to one of the syn-
|
|||
|
chronous search routines or ldap_result();
|
|||
|
|
|||
|
entry The entry returned by a previous call to ldap_first_entry() or
|
|||
|
ldap_next_entry().
|
|||
|
|
|||
|
ldap_first_entry() and ldap_next_entry() will return NULL when no
|
|||
|
more entries exist to be returned. NULL is also returned if an error
|
|||
|
occurs while stepping through the entries, in which case the ld_errno
|
|||
|
field of the ld connection handle will be set to indicate the error.
|
|||
|
|
|||
|
ldap_count_entries() returns the number of entries contained in a
|
|||
|
chain of entries. It can also be used to count the number of entries
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 15]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
that remain in a chain if called with an entry returned by
|
|||
|
ldap_first_entry() or ldap_next_entry().
|
|||
|
|
|||
|
8.2. Stepping through the attributes of an entry
|
|||
|
|
|||
|
The ldap_first_attribute() and ldap_next_attribute() calls are used
|
|||
|
to step through the list of attribute types returned with an entry.
|
|||
|
|
|||
|
char *ldap_first_attribute(
|
|||
|
LDAP *ld,
|
|||
|
LDAPMessage *entry,
|
|||
|
void **ptr
|
|||
|
);
|
|||
|
char *ldap_next_attribute(
|
|||
|
LDAP *ld,
|
|||
|
LDAPMessage *entry,
|
|||
|
void *ptr
|
|||
|
);
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
entry The entry whose attributes are to be stepped through, as
|
|||
|
returned by ldap_first_entry() or ldap_next_entry();
|
|||
|
|
|||
|
ptr In ldap_first_attribute(), the address of a pointer used
|
|||
|
internally to keep track of the current position in the entry.
|
|||
|
In ldap_next_attribute(), the pointer returned by a previous
|
|||
|
call to ldap_first_attribute().
|
|||
|
|
|||
|
ldap_first_attribute() and ldap_next_attribute() will return NULL
|
|||
|
when the end of the attributes is reached, or if there is an error,
|
|||
|
in which case the ld_errno field in the ld connection handle will be
|
|||
|
set to indicate the error.
|
|||
|
|
|||
|
Both routines return a pointer to a per-connection buffer containing
|
|||
|
the current attribute name. This should be treated like static data.
|
|||
|
ldap_first_attribute() will allocate and return in ptr a pointer to a
|
|||
|
BerElement used to keep track of the current position. This pointer
|
|||
|
should be passed in subsequent calls to ldap_next_attribute() to step
|
|||
|
through the entry's attributes.
|
|||
|
|
|||
|
The attribute names returned are suitable for passing in a call to
|
|||
|
ldap_get_values() and friends to retrieve the associated values.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 16]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
8.3. Retrieving the values of an attribute
|
|||
|
|
|||
|
ldap_get_values() and ldap_get_values_len() are used to retrieve the
|
|||
|
values of a given attribute from an entry. ldap_count_values() and
|
|||
|
ldap_count_values_len() are used to count the returned values.
|
|||
|
ldap_value_free() and ldap_value_free_len() are used to free the
|
|||
|
values.
|
|||
|
|
|||
|
typedef struct berval {
|
|||
|
unsigned long bv_len;
|
|||
|
char *bv_val;
|
|||
|
};
|
|||
|
|
|||
|
char **ldap_get_values(
|
|||
|
LDAP *ld,
|
|||
|
LDAPMessage *entry,
|
|||
|
char *attr
|
|||
|
);
|
|||
|
|
|||
|
struct berval **ldap_get_values_len(
|
|||
|
LDAP *ld,
|
|||
|
LDAPMessage *entry,
|
|||
|
char *attr
|
|||
|
);
|
|||
|
|
|||
|
int ldap_count_values( char **vals );
|
|||
|
|
|||
|
int ldap_count_values_len( struct berval **vals );
|
|||
|
|
|||
|
int ldap_value_free( char **vals );
|
|||
|
|
|||
|
int ldap_value_free_len( struct berval **vals );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
entry The entry from which to retrieve values, as returned by
|
|||
|
ldap_first_entry() or ldap_next_entry();
|
|||
|
|
|||
|
attr The attribute whose values are to be retrieved, as returned by
|
|||
|
ldap_first_attribute() or ldap_next_attribute(), or a caller-
|
|||
|
supplied string (e.g., "mail");
|
|||
|
|
|||
|
vals The values returned by a previous call to ldap_get_values() or
|
|||
|
ldap_get_values_len().
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 17]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
Two forms of the various calls are provided. The first form is only
|
|||
|
suitable for use with non-binary character string data only. The
|
|||
|
second _len form is used with any kind of data.
|
|||
|
|
|||
|
Note that the values returned are malloc'ed and should be freed by
|
|||
|
calling either ldap_value_free() or ldap_value_free_len() when no
|
|||
|
longer in use.
|
|||
|
|
|||
|
8.4. Retrieving the name of an entry
|
|||
|
|
|||
|
ldap_get_dn() is used to retrieve the name of an entry.
|
|||
|
ldap_explode_dn() is used to break up the name into its component
|
|||
|
parts. ldap_dn2ufn() is used to convert the name into a more "user
|
|||
|
friendly" format.
|
|||
|
|
|||
|
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry );
|
|||
|
|
|||
|
char **ldap_explode_dn( char *dn, int notypes );
|
|||
|
|
|||
|
char *ldap_dn2ufn( char *dn );
|
|||
|
|
|||
|
Parameters are:
|
|||
|
|
|||
|
ld The connection handle;
|
|||
|
|
|||
|
entry The entry whose name is to be retrieved, as returned by
|
|||
|
ldap_first_entry() or ldap_next_entry();
|
|||
|
|
|||
|
dn The dn to explode, as returned by ldap_get_dn();
|
|||
|
|
|||
|
notypes A boolean parameter, if non-zero indicating that the dn com-
|
|||
|
ponents should have their type information stripped off
|
|||
|
(i.e., "cn=Babs" would become "Babs").
|
|||
|
|
|||
|
ldap_get_dn() will return NULL if there is some error parsing the dn,
|
|||
|
setting ld_errno in the ld connection handle to indicate the error.
|
|||
|
It returns a pointer to malloc'ed space that the caller should free
|
|||
|
by calling free() when it is no longer in use. Note the format of
|
|||
|
the DNs returned is given by [4].
|
|||
|
|
|||
|
ldap_explode_dn() returns a char * array containing the RDN
|
|||
|
components of the DN supplied, with or without types as indicated by
|
|||
|
the notypes parameter. The array returned should be freed when it is
|
|||
|
no longer in use by calling ldap_value_free().
|
|||
|
|
|||
|
ldap_dn2ufn() converts the DN into the user friendly format described
|
|||
|
in [5]. The UFN returned is malloc'ed space that should be freed by a
|
|||
|
call to free() when no longer in use.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 18]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
9. Security Considerations
|
|||
|
|
|||
|
LDAP supports minimal security during connection authentication.
|
|||
|
|
|||
|
10. Acknowledgements
|
|||
|
|
|||
|
This material is based upon work supported by the National Science
|
|||
|
Foundation under Grant No. NCR-9416667.
|
|||
|
|
|||
|
11. Bibliography
|
|||
|
|
|||
|
[1] The Directory: Selected Attribute Syntaxes. CCITT,
|
|||
|
Recommendation X.520.
|
|||
|
|
|||
|
[2] Howes, T., Kille, S., Yeong, W., and C. Robbins, "The String
|
|||
|
Representation of Standard Attribute Syntaxes", University of
|
|||
|
Michigan, ISODE Consortium, Performance Systems International,
|
|||
|
NeXor Ltd., RFC 1778, March 1995.
|
|||
|
|
|||
|
[3] Howes, T., "A String Representation of LDAP Search Filters", RFC
|
|||
|
1558, University of Michigan, December 1993.
|
|||
|
|
|||
|
[4] Kille, S., "A String Representation of Distinguished Names", RFC
|
|||
|
1779, ISODE Consortium, March 1995.
|
|||
|
|
|||
|
[5] Kille, S., "Using the OSI Directory to Achieve User Friendly
|
|||
|
Naming", RFC 1781, ISODE Consortium, March 1995.
|
|||
|
|
|||
|
[6] S.P. Miller, B.C. Neuman, J.I. Schiller, J.H. Saltzer, "Kerberos
|
|||
|
Authentication and Authorization System", MIT Project Athena
|
|||
|
Documentation Section E.2.1, December 1987
|
|||
|
|
|||
|
[7] Yeong, W., Howes, T., and S. Kille, "Lightweight Directory Access
|
|||
|
Protocol," RFC 1777, Performance Systems International,
|
|||
|
University of Michigan, ISODE Consortium, March 1995.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 19]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
12. Authors' Addresses
|
|||
|
|
|||
|
Tim Howes
|
|||
|
University of Michigan
|
|||
|
ITD Research Systems
|
|||
|
535 W William St.
|
|||
|
Ann Arbor, MI 48103-4943
|
|||
|
USA
|
|||
|
|
|||
|
Phone: +1 313 747-4454
|
|||
|
EMail: tim@umich.edu
|
|||
|
|
|||
|
|
|||
|
Mark Smith
|
|||
|
University of Michigan
|
|||
|
ITD Research Systems
|
|||
|
535 W William St.
|
|||
|
Ann Arbor, MI 48103-4943
|
|||
|
USA
|
|||
|
|
|||
|
Phone: +1 313 764-2277
|
|||
|
EMail: mcs@umich.edu
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 20]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
13. Appendix A - Sample LDAP API Code
|
|||
|
|
|||
|
#include <ldap.h>
|
|||
|
|
|||
|
main()
|
|||
|
{
|
|||
|
LDAP *ld;
|
|||
|
LDAPMessage *res, *e;
|
|||
|
int i;
|
|||
|
char *a, *dn;
|
|||
|
void *ptr;
|
|||
|
char **vals;
|
|||
|
|
|||
|
/* open a connection */
|
|||
|
if ( (ld = ldap_open( "dotted.host.name", LDAP_PORT ))
|
|||
|
== NULL )
|
|||
|
exit( 1 );
|
|||
|
|
|||
|
/* authenticate as nobody */
|
|||
|
if ( ldap_simple_bind_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {
|
|||
|
ldap_perror( ld, "ldap_simple_bind_s" );
|
|||
|
exit( 1 );
|
|||
|
}
|
|||
|
|
|||
|
/* search for entries with cn of "Babs Jensen",
|
|||
|
return all attrs */
|
|||
|
if ( ldap_search_s( ld, "o=University of Michigan, c=US",
|
|||
|
LDAP_SCOPE_SUBTREE, "(cn=Babs Jensen)", NULL, 0, &res )
|
|||
|
!= LDAP_SUCCESS ) {
|
|||
|
ldap_perror( ld, "ldap_search_s" );
|
|||
|
exit( 1 );
|
|||
|
}
|
|||
|
|
|||
|
/* step through each entry returned */
|
|||
|
for ( e = ldap_first_entry( ld, res ); e != NULL;
|
|||
|
e = ldap_next_entry( ld, e ) ) {
|
|||
|
/* print its name */
|
|||
|
dn = ldap_get_dn( ld, e );
|
|||
|
printf( "dn: %s0, dn );
|
|||
|
free( dn );
|
|||
|
|
|||
|
/* print each attribute */
|
|||
|
for ( a = ldap_first_attribute( ld, e, &ptr );
|
|||
|
a != NULL;
|
|||
|
a = ldap_next_attribute( ld, e, ptr ) ) {
|
|||
|
printf( "attribute: %s0, a );
|
|||
|
|
|||
|
/* print each value */
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 21]
|
|||
|
|
|||
|
RFC 1823 LDAP API August 1995
|
|||
|
|
|||
|
|
|||
|
vals = ldap_get_values( ld, e, a );
|
|||
|
for ( i = 0; vals[i] != NULL; i++ ) {
|
|||
|
printf( "value: %s0, vals[i] );
|
|||
|
}
|
|||
|
ldap_value_free( vals );
|
|||
|
}
|
|||
|
}
|
|||
|
/* free the search results */
|
|||
|
ldap_msgfree( res );
|
|||
|
|
|||
|
/* close and free connection resources */
|
|||
|
ldap_unbind( ld );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Howes & Smith Informational [Page 22]
|
|||
|
|