2002-01-13 20:55:55 +08:00
|
|
|
.TH LDAP 3 "13 January 2002" "OpenLDAP LDVERSION"
|
1999-09-12 12:41:47 +08:00
|
|
|
.\" $OpenLDAP$
|
2002-01-05 05:17:25 +08:00
|
|
|
.\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved.
|
1999-09-12 12:41:47 +08:00
|
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH NAME
|
2000-06-16 14:44:25 +08:00
|
|
|
ldap - OpenLDAP Lightweight Directory Access Protocol API
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
.ft B
|
|
|
|
#include <ldap.h>
|
|
|
|
.ft
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.LP
|
2001-09-26 01:51:36 +08:00
|
|
|
The Lightweight Directory Access Protocol provides access to X.500
|
|
|
|
directory services. The services may be stand\-alone or part of
|
|
|
|
a distributed directory service. This API supports LDAP over TCP
|
|
|
|
(RFC2251), LDAP over SSL, and LDAP over IPC (UNIX domain sockets).
|
|
|
|
This API supports SASL (RFC2829) and Start TLS (RFC2830). This
|
|
|
|
API is based upon IETF C LDAP API draft specification, a work in
|
|
|
|
progress.
|
2000-07-22 09:59:08 +08:00
|
|
|
.LP
|
2001-12-27 08:55:42 +08:00
|
|
|
The OpenLDAP Software package includes a stand\-alone server in
|
1998-08-09 08:43:13 +08:00
|
|
|
.BR slapd (8),
|
|
|
|
various LDAP clients, and an LDAP client library used to provide
|
|
|
|
programmatic access to the LDAP protocol. This man page gives an
|
|
|
|
overview of the LDAP library routines.
|
|
|
|
.LP
|
|
|
|
Both synchronous and asynchronous APIs are provided. Also included are
|
|
|
|
various routines to parse the results returned from these routines.
|
2000-06-16 14:44:25 +08:00
|
|
|
These routines are found in the \-lldap library.
|
1998-08-09 08:43:13 +08:00
|
|
|
.LP
|
2002-01-13 20:55:55 +08:00
|
|
|
The basic interaction is as follows. A session handle is
|
|
|
|
created using
|
|
|
|
.BR ldap_init (3)
|
|
|
|
or
|
|
|
|
.BR ldap_initialize (3).
|
|
|
|
(The
|
|
|
|
.BR ldap_initialize (3)
|
|
|
|
routine is preferred, but is not part of the draft specification.)
|
2000-07-22 09:59:08 +08:00
|
|
|
The underlying session is established upon first use which is
|
|
|
|
commonly an LDAP bind operation. The LDAP bind operation is
|
2001-12-27 08:55:42 +08:00
|
|
|
performed by calling
|
2000-07-22 09:59:08 +08:00
|
|
|
.BR ldap_sasl_bind (3)
|
2001-12-27 08:55:42 +08:00
|
|
|
or one of its friends. Next, other operations are performed
|
1998-08-09 08:43:13 +08:00
|
|
|
by calling one of the synchronous or asynchronous routines (e.g.,
|
2000-07-22 09:59:08 +08:00
|
|
|
.BR ldap_search_ext_s (3)
|
1998-08-09 08:43:13 +08:00
|
|
|
or
|
2000-07-22 09:59:08 +08:00
|
|
|
.BR ldap_search_ext (3)
|
1998-08-09 08:43:13 +08:00
|
|
|
followed by
|
|
|
|
.BR ldap_result (3)).
|
|
|
|
Results returned from these routines are interpreted by calling the
|
2000-07-22 09:59:08 +08:00
|
|
|
LDAP parsing routines such as
|
|
|
|
.BR ldap_parse_result (3).
|
|
|
|
The LDAP association and underlying connection is terminated by calling
|
|
|
|
.BR ldap_unbind_ext (3).
|
1998-08-09 08:43:13 +08:00
|
|
|
Errors can be interpreted by calling
|
2000-07-22 09:59:08 +08:00
|
|
|
.BR ldap_err2string (3).
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH SEARCH FILTERS
|
2001-12-23 04:51:27 +08:00
|
|
|
Search filters to be passed to the ldap search routines are to be
|
2001-12-27 08:55:42 +08:00
|
|
|
constructed by hand and should conform to RFC 2254.
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH DISPLAYING RESULTS
|
|
|
|
Results obtained from the ldap search routines can be output by hand,
|
|
|
|
by calling
|
|
|
|
.BR ldap_first_entry (3)
|
|
|
|
and
|
|
|
|
.BR ldap_next_entry (3)
|
|
|
|
to step through
|
|
|
|
the entries returned,
|
|
|
|
.BR ldap_first_attribute (3)
|
|
|
|
and
|
|
|
|
.BR ldap_next_attribute (3)
|
|
|
|
to step through an entry's attributes, and
|
|
|
|
.BR ldap_get_values (3)
|
2002-01-13 20:55:55 +08:00
|
|
|
to retrieve a given attribute's values. Attribute values
|
2000-07-22 09:59:08 +08:00
|
|
|
may or may not be displayable.
|
2002-01-13 20:55:55 +08:00
|
|
|
.SH CONTROLS
|
2002-01-13 22:45:29 +08:00
|
|
|
This library supports both LDAP Version 2 and Version 3, with the Version 2
|
|
|
|
protocol selected by default.
|
|
|
|
LDAP Version 3 operations can be extended through the use of controls. Controls
|
2002-01-13 20:55:55 +08:00
|
|
|
can be sent to a server or returned to the client with any LDAP message.
|
|
|
|
Extended versions of the standard routines are available for use with
|
|
|
|
controls. These routines are generally named by adding
|
|
|
|
.BR _ext
|
|
|
|
to the regular routine's name.
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH UNIFORM RESOURCE LOCATORS (URLS)
|
|
|
|
The
|
|
|
|
.BR ldap_url (3)
|
2002-01-13 20:55:55 +08:00
|
|
|
routines can be used to test a URL to see if it is an LDAP URL, to parse LDAP
|
1998-08-09 08:43:13 +08:00
|
|
|
URLs into their component pieces, and to initiate searches directly using
|
|
|
|
an LDAP URL.
|
|
|
|
.SH CACHING
|
|
|
|
The
|
|
|
|
.BR ldap_cache (3)
|
|
|
|
routines implement a local client caching scheme,
|
|
|
|
providing a substantial performance increase for repeated queries.
|
2001-08-25 04:17:23 +08:00
|
|
|
Caching is experiemental.
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH UTILITY ROUTINES
|
|
|
|
Also provided are various utility routines. The
|
|
|
|
.BR ldap_sort (3)
|
|
|
|
routines are used to sort the entries and values returned via
|
2001-12-23 04:51:27 +08:00
|
|
|
the ldap search routines.
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH BER LIBRARY
|
|
|
|
Also included in the distribution is a set of lightweight Basic
|
|
|
|
Encoding Rules routines. These routines are used by the LDAP library
|
|
|
|
routines to encode and decode LDAP protocol elements using the
|
|
|
|
(slightly simplified) Basic Encoding Rules defined by LDAP. They are
|
2001-08-25 04:17:23 +08:00
|
|
|
not normally used directly by an LDAP application program except
|
2000-07-22 09:59:08 +08:00
|
|
|
in the handling of controls and extended operations. The
|
2001-12-27 08:55:42 +08:00
|
|
|
routines provide a printf and scanf\-like interface, as well as
|
|
|
|
lower\-level access. These routines are discussed in
|
|
|
|
.BR lber\-decode (3),
|
|
|
|
.BR lber\-encode (3),
|
|
|
|
.BR lber\-memory (3),
|
|
|
|
and
|
|
|
|
.BR lber\-types (3).
|
1998-08-09 08:43:13 +08:00
|
|
|
.SH INDEX
|
|
|
|
.TP 20
|
|
|
|
.SM ldap_open(3)
|
2002-01-13 20:55:55 +08:00
|
|
|
open a connection to an LDAP server (deprecated, use
|
|
|
|
.BR ldap_init (3))
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_init(3)
|
|
|
|
initialize the LDAP library without opening a connection to a server
|
|
|
|
.TP
|
2002-01-13 20:55:55 +08:00
|
|
|
.SM ldap_initialize(3)
|
|
|
|
initialize the LDAP library without opening a connection to a server
|
|
|
|
.TP
|
1998-08-09 08:43:13 +08:00
|
|
|
.SM ldap_result(3)
|
|
|
|
wait for the result from an asynchronous operation
|
|
|
|
.TP
|
|
|
|
.SM ldap_abandon(3)
|
|
|
|
abandon (abort) an asynchronous operation
|
|
|
|
.TP
|
|
|
|
.SM ldap_add(3)
|
|
|
|
asynchronously add an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_add_s(3)
|
|
|
|
synchronously add an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_bind(3)
|
|
|
|
asynchronously bind to the directory
|
|
|
|
.TP
|
|
|
|
.SM ldap_bind_s(3)
|
|
|
|
synchronously bind to the directory
|
|
|
|
.TP
|
|
|
|
.SM ldap_simple_bind(3)
|
|
|
|
asynchronously bind to the directory using simple authentication
|
|
|
|
.TP
|
|
|
|
.SM ldap_simple_bind_s(3)
|
|
|
|
synchronously bind to the directory using simple authentication
|
|
|
|
.TP
|
|
|
|
.SM ldap_unbind(3)
|
|
|
|
synchronously unbind from the LDAP server and close the connection
|
|
|
|
.TP
|
|
|
|
.SM ldap_unbind_s(3)
|
|
|
|
equivalent to
|
|
|
|
.BR ldap_unbind (3)
|
|
|
|
.TP
|
|
|
|
.SM ldap_memfree (3)
|
1998-12-23 03:08:27 +08:00
|
|
|
dispose of memory allocated by LDAP routines.
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_enable_cache(3)
|
|
|
|
enable LDAP client caching
|
|
|
|
.TP
|
|
|
|
.SM ldap_disable_cache(3)
|
|
|
|
disable LDAP client caching
|
|
|
|
.TP
|
|
|
|
.SM ldap_destroy_cache(3)
|
|
|
|
disable LDAP client caching and destroy cache contents
|
|
|
|
.TP
|
|
|
|
.SM ldap_flush_cache(3)
|
|
|
|
flush LDAP client cache
|
|
|
|
.TP
|
|
|
|
.SM ldap_uncache_entry(3)
|
|
|
|
uncache requests pertaining to an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_uncache_request(3)
|
|
|
|
uncache a request
|
|
|
|
.TP
|
|
|
|
.SM ldap_set_cache_options(3)
|
|
|
|
set cache options
|
|
|
|
.TP
|
|
|
|
.SM ldap_compare(3)
|
2002-01-13 20:55:55 +08:00
|
|
|
asynchronously compare to a directory entry
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_compare_s(3)
|
2002-01-13 20:55:55 +08:00
|
|
|
synchronously compare to a directory entry
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_delete(3)
|
|
|
|
asynchronously delete an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_delete_s(3)
|
|
|
|
synchronously delete an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_perror(3)
|
|
|
|
print an LDAP error indication to standard error
|
|
|
|
.TP
|
|
|
|
.SM ld_errno(3)
|
|
|
|
LDAP error indication
|
|
|
|
.TP
|
|
|
|
.SM ldap_result2error(3)
|
|
|
|
extract LDAP error indication from LDAP result
|
|
|
|
.TP
|
|
|
|
.SM ldap_errlist(3)
|
2002-01-13 20:55:55 +08:00
|
|
|
list of LDAP errors and their meanings
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_err2string(3)
|
|
|
|
convert LDAP error indication to a string
|
|
|
|
.TP
|
|
|
|
.SM ldap_first_attribute(3)
|
|
|
|
return first attribute name in an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_next_attribute(3)
|
|
|
|
return next attribute name in an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_first_entry(3)
|
|
|
|
return first entry in a chain of search results
|
|
|
|
.TP
|
|
|
|
.SM ldap_next_entry(3)
|
|
|
|
return next entry in a chain of search results
|
|
|
|
.TP
|
|
|
|
.SM ldap_count_entries(3)
|
|
|
|
return number of entries in a search result
|
|
|
|
.TP
|
|
|
|
.SM ldap_get_dn(3)
|
|
|
|
extract the DN from an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_explode_dn(3)
|
|
|
|
convert a DN into its component parts
|
|
|
|
.TP
|
1998-11-05 07:28:51 +08:00
|
|
|
.SM ldap_explode_rdn(3)
|
2002-01-13 20:55:55 +08:00
|
|
|
convert an RDN into its component parts
|
1998-11-05 07:28:51 +08:00
|
|
|
.TP
|
1998-08-09 08:43:13 +08:00
|
|
|
.SM ldap_get_values(3)
|
|
|
|
return an attribute's values
|
|
|
|
.TP
|
|
|
|
.SM ldap_get_values_len(3)
|
2002-01-13 20:55:55 +08:00
|
|
|
return an attribute's values with lengths
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_value_free(3)
|
|
|
|
free memory allocated by ldap_get_values(3)
|
|
|
|
.TP
|
|
|
|
.SM ldap_value_free_len(3)
|
|
|
|
free memory allocated by ldap_get_values_len(3)
|
|
|
|
.TP
|
|
|
|
.SM ldap_count_values(3)
|
|
|
|
return number of values
|
|
|
|
.TP
|
|
|
|
.SM ldap_count_values_len(3)
|
|
|
|
return number of values
|
|
|
|
.TP
|
|
|
|
.SM ldap_modify(3)
|
|
|
|
asynchronously modify an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_modify_s(3)
|
|
|
|
synchronously modify an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_mods_free(3)
|
|
|
|
free array of pointers to mod structures used by ldap_modify(3)
|
|
|
|
.TP
|
|
|
|
.SM ldap_modrdn2(3)
|
|
|
|
asynchronously modify the RDN of an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_modrdn2_s(3)
|
|
|
|
synchronously modify the RDN of an entry
|
|
|
|
.TP
|
|
|
|
.SM ldap_modrdn(3)
|
2001-12-27 08:55:42 +08:00
|
|
|
deprecated - use ldap_modrdn2(3)
|
1998-08-09 08:43:13 +08:00
|
|
|
.TP
|
|
|
|
.SM ldap_modrdn_s(3)
|
|
|
|
depreciated - use ldap_modrdn2_s(3)
|
|
|
|
.TP
|
|
|
|
.SM ldap_msgfree(3)
|
|
|
|
free results allocated by ldap_result(3)
|
|
|
|
.TP
|
1998-11-05 07:51:31 +08:00
|
|
|
.SM ldap_msgtype(3)
|
|
|
|
return the message type of a message from ldap_result(3)
|
|
|
|
.TP
|
|
|
|
.SM ldap_msgid(3)
|
|
|
|
return the message id of a message from ldap_result(3)
|
|
|
|
.TP
|
1998-08-09 08:43:13 +08:00
|
|
|
.SM ldap_search(3)
|
|
|
|
asynchronously search the directory
|
|
|
|
.TP
|
|
|
|
.SM ldap_search_s(3)
|
|
|
|
synchronously search the directory
|
|
|
|
.TP
|
|
|
|
.SM ldap_search_st(3)
|
|
|
|
synchronously search the directory with timeout
|
|
|
|
.TP
|
|
|
|
.SM ldap_is_ldap_url(3)
|
|
|
|
check a URL string to see if it is an LDAP URL
|
|
|
|
.TP
|
|
|
|
.SM ldap_url_parse(3)
|
|
|
|
break up an LDAP URL string into its components
|
|
|
|
.TP
|
|
|
|
.SM ldap_sort_entries(3)
|
|
|
|
sort a list of search results
|
|
|
|
.TP
|
|
|
|
.SM ldap_sort_values(3)
|
|
|
|
sort a list of attribute values
|
|
|
|
.TP
|
|
|
|
.SM ldap_sort_strcasecmp(3)
|
|
|
|
case insensitive string comparison
|
|
|
|
.SH SEE ALSO
|
2002-05-09 10:07:41 +08:00
|
|
|
.BR slapd (8),
|
2001-09-26 01:51:36 +08:00
|
|
|
.BR draft-ietf-ldapext-ldap-c-api-xx.txt \ <http://www.ietf.org>
|
1998-10-25 09:41:42 +08:00
|
|
|
.SH ACKNOWLEDGEMENTS
|
|
|
|
.B OpenLDAP
|
|
|
|
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
|
|
|
|
.B OpenLDAP
|
|
|
|
is derived from University of Michigan LDAP 3.3 Release.
|
2001-09-26 01:51:36 +08:00
|
|
|
.LP
|
|
|
|
These API manual pages are based upon descriptions provided in the
|
|
|
|
IETF C LDAP API Internet Draft, a work in progress, edited by
|
|
|
|
Mark Smith.
|