openldap/servers/slapd/back-tcl
Pierangelo Masarati 4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
2002-04-08 09:43:22 +00:00
..
external.h
Makefile.in
README.back-tcl Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_abandon.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_add.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_back.h Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_bind.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_close.c
tcl_compare.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_config.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_delete.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_init.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_modify.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_modrdn.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_search.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_unbind.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
tcl_util.c Mostly based on patches provided by Hallvard B. Furuseth 2002-04-08 09:43:22 +00:00
TODO

Tcl Backend Interface for OpenLDAP


----------------------------
Synopsis of slapd.conf setup
----------------------------

database	tcl
suffix          o=Suffix

# The full path to the tcl script used for this database
scriptpath      /usr/lib/ldap/database.tcl

# The procs for each ldap function. This is similar to how
# the shell backend setup works, but these refer to
# the tcl procs in the 'scriptpath' script that handle them
search          <proc>
add             <proc>
delete          <proc>
modify          <proc>
bind            <proc>
unbind          <proc>
modrdn		<proc>
compare		<proc>
abandon		<proc>

# This is one of the biggest pluses of using the tcl backend.
# The realm let's you group several databases to the same interpreter.
# This basically means they share the same global variables and proc
# space. So global variables, as well as all the procs, are callable
# between databases. If no tclrealm is specified, it is put into the
# "default" realm.
tclrealm        <interpreter name>


-----------------------------------------
Synopsis of variables passed to the procs
-----------------------------------------

abandon { action msgid suffix }

	action - Always equal to ABANDON
	msgid  - The msgid of this ldap session
	suffix - List of suffix(es) associated with the call. Each one is
		 an entry in a tcl formatted list (surrounded by {}'s)

add { action msgid suffix entry }

	action - Always equal to ADD
	msgid  - The msgid of this ldap session
	suffix - List of suffix(es) associated with the call. Each one is
		 an entry in a tcl formatted list (surrounded by {}'s)
	entry  - Full entry to add. Each "type: val" is an element in a
		 tcl formatted list.

bind { action msgid suffix dn method cred_len cred }

	action   - Always equal to BIND
	msgid    - The msgid of this ldap session
	suffix   - List of suffix(es) associated with the call. Each one
		   is an entry in a tcl formatted list (surrounded by {}'s)
	dn       - DN being bound to
	method   - One of the ldap authentication methods
	cred_len - Length of cred
	cred     - Credentials being used to authenticate, according to
		   RFC, if this value is empty, then it should be
		   considered an anonomous bind (??)

compare { action msgid suffix dn ava_type ava_value }

	action    - Always equal to COMPARE
	msgid     - The msgid of this ldap session
	suffix    - List of suffix(es) associated with the call. Each one
		    is and entry in a tcl formatted list (surrounded by {}'s)
	dn        - DN for compare
	ava_type  - Type for comparison
	ava_value - Value to compare

delete { action msgid suffix dn }

	action    - Always equal to DELETE
	msgid     - The msgid of this ldap session
	suffix    - List of suffix(es) associated with the call. Each one
		    is and entry in a tcl formatted list (surrounded by {}'s)
	dn        - DN to delete

modify { action msgid suffix dn mods }

	action - Always equal to MODIFY
	msgid  - The msgid of this ldap session
	suffix - List of suffix(es) associated with the call. Each one
		 is and entry in a tcl formatted list (surrounded by {}'s)
	dn     - DN to modify
	mods   - Tcl list of modifications. List is formatted in this way:

		 {
		   { {op: type} {type: val} }
		   { {op: type} {type: val} {type: val} }
		   ...
		 }

		 Newlines are not present in the actual var, they are
		 present here for clarification. "op" is the type of
		 modification (add, delete, replace).

modrdn { action msgid suffix dn newrdn deleteoldrdn }

	action - Always equal to MODRDN
	msgid  - The msgid of this ldap session
	suffix - List of suffix(es) associated with the call. Each one
		 is and entry in a tcl formatted list (surrounded by {}'s)
	dn     - DN who's RDN is being renamed
	newrdn - New RDN
	deleteoldrdn - Boolean stating whether or not the old RDN should
		 be removed after being renamed

search { action msgid suffix base scope deref sizelimit timelimit
	 filterstr attrsonly attrlist }

	action - Always equal to SEARCH
	msgid  - The msgid of this ldap session
	suffix - List of suffix(es) associated with the call. Each one
		 is and entry in a tcl formatted list (surrounded by {}'s)
	base   - Base for this search
	scope  - Scope of search, ( 0 | 1 | 2 )
	deref  - Alias dereferencing ( 0 | 1 | 2 | 3 )
	sizelimit - Script should try not to return more data that this
	timelimit - Time limit for search
	filterstr - Filter string as sent by the requestor.
	attrsonly - Boolean for whether to list only the attributes
		 instead of attributes and their values.
	attrlist  - Tcl list if to retrieve.

unbind { action msgid suffix dn }

	action - Always equal to UNBIND
	msgid  - The msgid of this ldap session
	suffix - List of suffix(es) associated with the call. Each one
		 is and entry in a tcl formatted list (surrounded by {}'s)
	dn     - DN to unbind


------------------------------------
Synopsis of Return Method and Syntax
------------------------------------

There are only 2 return types. All procs must return a result to show
status of the operation. The result is in this form: 

  { RESULT {code: <integer>} {matched: <partialdn>} {info: <string>} {} }

This is best accomplished with this type of tcl code

  lappend ret_val "RESULT"
  lappend ret_val "code: 0"
  lappend ret_val ""
  return $ret_val

The final empty string (item in list) is necessary to point to the end of
list. The 'code', 'matched', and 'info' values are not necessary, and
default values are given if not specified. The 'code' value is usually an
LDAP error in decimal notation from ldap.h. The 'info', may be sent back
to the client, depending on the function. LDAP uses the value of 'code' to
indicate whether or not the authentication is acceptible in the bind proc.

The other type of return is for searches. It is similar format to the
shell backend return (as is most of the syntax here). Its format follows:

    {dn: o=Company, c=US} {attr: val} {objectclass: val} {}
    {dn: o=CompanyB, c=US} {attr: val} {objectclass: val} {}

Again, newlines are for visual purposes here. Also note the {} marking the
end of the entry (same effect as a newline in ldif format). Here is some
example code again, showing a full search proc example.

# Note that 'args' lets you lump all possible args into one var, used
# here for simplicity of example
proc ldap:search { args } {
  # perform some operations

  lappend ret_val "dn: $rdn,$base"
  lappend ret_val "objectclass: $objcl"
  lappend ret_val "sn: $rdn"
  lappend ret_val "mail: $email"
  lappend ret_val ""
# Now setup the result
  lappend ret_val "RESULT"
  lappend ret_val "code: 0"
  lappend ret_val ""

  return $ret_val
}

NOTE: Newlines in the return value is acceptable in search entries (i.e.
when returning base64 encoded binary entries).


-------------------------------------
Synopsis of Builtin Commands and Vars
-------------------------------------

ldap:debug <msg>

  Allows you to send debug messages through OpenLDAP's native debugging
  system, this is sent as a LDAP_DEBUG_ANY and will be logged. Useful for
  debugging scripts or logging bind failures.