1 .TH LDAP_GET_OPTION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldap_get_option, ldap_set_option \- LDAP option handling routines
8 OpenLDAP LDAP (libldap, \-lldap)
13 .BI "int ldap_get_option(LDAP *" ld ", int " option ", void *" outvalue ");"
15 .BI "int ldap_set_option(LDAP *" ld ", int " option ", const void *" invalue ");"
18 These routines provide access to options stored either in a LDAP handle
19 or as global options, where applicable.
20 They make use of a neutral interface, where the type of the value
22 .BR ldap_get_option (3)
24 .BR ldap_set_option (3)
27 The actual type is determined based on the value of the
30 Global options are set/retrieved by passing a NULL LDAP handle.
32 .B LDAP_OPT_API_FEATURE_INFO
34 .BR "LDAPAPIFeatureInfo" ;
37 .BR "LDAPAPIFeatureInfo *" ,
38 pointing to an already allocated struct.
39 This is a read-only option.
43 .BR "struct ldapapiinfo" ;
46 .BR "struct ldapapiinfo *" ,
47 pointing to an already allocated struct.
48 This is a read-only option.
50 .B LDAP_OPT_CLIENT_CONTROLS
51 Sets/gets the client-side controls to be used for all operations.
52 This is now deprecated as modern LDAP C API provides replacements
53 for all main operations which accepts client-side controls as
54 explicit arguments; see for example
55 .BR ldap_search_ext (3),
57 .BR ldap_modify_ext (3)
61 .BR "LDAPControl ***" ,
62 and the caller is responsible of freeing the returned controls, if any,
64 .BR ldap_controls_free (3),
68 .BR "LDAPControl **" ;
69 the library duplicates the controls passed via
72 .B LDAP_OPT_CONNECT_ASYNC
73 Sets/gets the status of the asynchronous connect flag.
74 The value should either be
78 When set, the library will call
80 and return, without waiting for response.
81 This leaves the handler in a connecting state.
82 Subsequent calls to library routines will poll for completion
83 of the connect before performing further operations.
84 As a consequence, library calls that need to establish a connection
85 with a DSA do not block even for the network timeout
87 .BR LDAP_OPT_NETWORK_TIMEOUT ).
88 This option is OpenLDAP specific.
90 .B LDAP_OPT_CONNECT_CB
91 This option allows to set a connect callback.
94 must be a pointer to a
95 .IR "struct ldap_conncb" .
96 Callbacks are executed in last in-first served order.
97 Hanlder-specific callbacks are executed first, followed by global ones.
98 Right before freeing the callback structure, the
100 callback handler is passed a
104 .BR ldap_get_option (3)
105 for this option removes the callback whose pointer matches
107 This option is OpenLDAP specific.
109 .B LDAP_OPT_DEBUG_LEVEL
110 Sets/gets the debug level of the client library.
117 This option is OpenLDAP specific.
120 Sets/gets a string containing the DN to be used as default base
121 for search operations.
125 and the caller is responsible of freeing the returned string by calling
126 .BR ldap_memfree (3),
131 the library duplicates the corresponding string.
132 This option is OpenLDAP specific.
135 Sets/gets the value that defines when alias dereferencing must occur.
141 and they cannot be NULL.
147 .BR LDAP_DEREF_SEARCHING ,
148 .BR LDAP_DEREF_FINDING ,
150 .BR LDAP_DEREF_ALWAYS .
151 Note that this has ever been the only means to determine alias dereferencing
152 within search operations.
155 Returns the file descriptor associated to the socket buffer
156 of the LDAP handle passed in as
161 This is a read-only, handler-specific option.
163 .B LDAP_OPT_DIAGNOSTIC_MESSAGE
164 Sets/gets a string containing the error string associated to the LDAP handle.
165 This option was formerly known as
166 .BR LDAP_OPT_ERROR_STRING .
170 and the caller is responsible of freeing the returned string by calling
171 .BR ldap_memfree (3),
176 the library duplicates the corresponding string.
178 .B LDAP_OPT_HOST_NAME
179 Sets/gets a space-separated list of hosts to be contacted by the library
180 when trying to establish a connection.
181 This is now deprecated in favor of
186 and the caller is responsible of freeing the resulting string by calling
187 .BR ldap_memfree (3),
192 the library duplicates the corresponding string.
194 .B LDAP_OPT_MATCHED_DN
195 Sets/gets a string containing the matched DN associated to the LDAP handle.
199 and the caller is responsible of freeing the returned string by calling
200 .BR ldap_memfree (3),
205 the library duplicates the corresponding string.
207 .B LDAP_OPT_NETWORK_TIMEOUT
208 Sets/gets the network timeout value after which
209 .BR poll (2)/ select (2)
212 returns in case of no activity.
215 .BR "struct timeval **"
216 (the caller has to free
221 .BR "struct timeval *" ,
222 and they cannot be NULL. Using a struct with seconds set to \-1 results
223 in an infinite timeout, which is the default.
224 This option is OpenLDAP specific.
226 .B LDAP_OPT_PROTOCOL_VERSION
227 Sets/gets the protocol version.
234 .B LDAP_OPT_REFERRAL_URLS
235 Sets/gets an array containing the referral URIs associated to the LDAP handle.
239 and the caller is responsible of freeing the returned string by calling
240 .BR ber_memvfree (3),
243 must be a NULL-terminated
245 the library duplicates the corresponding string.
246 This option is OpenLDAP specific.
248 .B LDAP_OPT_REFERRALS
249 Determines whether the library should implicitly chase referrals or not.
255 their value should either be
260 .B LDAP_OPT_REFHOPLIMIT
261 This option is OpenLDAP specific.
262 It is not currently implemented.
265 Determines whether the library should implicitly restart connections (FIXME).
271 their value should either be
276 .B LDAP_OPT_RESULT_CODE
277 Sets/gets the LDAP result code associated to the handle.
278 This option was formerly known as
279 .BR LDAP_OPT_ERROR_NUMBER .
287 .B LDAP_OPT_SERVER_CONTROLS
288 Sets/gets the server-side controls to be used for all operations.
289 This is now deprecated as modern LDAP C API provides replacements
290 for all main operations which accepts server-side controls as
291 explicit arguments; see for example
292 .BR ldap_search_ext (3),
293 .BR ldap_add_ext (3),
294 .BR ldap_modify_ext (3)
298 .BR "LDAPControl ***" ,
299 and the caller is responsible of freeing the returned controls, if any,
301 .BR ldap_controls_free (3),
305 .BR "LDAPControl **" ;
306 the library duplicates the controls passed via
309 .B LDAP_OPT_SIZELIMIT
310 Sets/gets the value that defines the maximum number of entries
311 to be returned by a search operation.
317 and they cannot be NULL.
320 Returns a pointer to the socket buffer of the LDAP handle passed in as
325 This is a read-only, handler-specific option.
326 This option is OpenLDAP specific.
328 .B LDAP_OPT_TIMELIMIT
329 Sets/gets the value that defines the time limit after which
330 a search operation should be terminated by the server.
336 and they cannot be NULL.
339 Sets/gets a timeout value for the synchronous API calls.
342 .BR "struct timeval **"
343 (the caller has to free
348 .BR "struct timeval *" ,
349 and they cannot be NULL. Using a struct with seconds set to \-1 results
350 in an infinite timeout, which is the default.
351 This option is OpenLDAP specific.
354 Sets/gets a comma- or space-separated list of URIs to be contacted by the library
355 when trying to establish a connection.
359 and the caller is responsible of freeing the resulting string by calling
360 .BR ldap_memfree (3),
365 the library parses the string into a list of
367 structures, so the invocation of
368 .BR ldap_set_option (3)
369 may fail if URL parsing fails.
370 URIs may only contain the
377 This option is OpenLDAP specific.
379 The SASL options are OpenLDAP specific.
381 .B LDAP_OPT_X_SASL_AUTHCID
382 Gets the SASL authentication identity;
386 its content needs to be freed by the caller.
388 .B LDAP_OPT_X_SASL_AUTHZID
389 Gets the SASL authorization identity;
393 its content needs to be freed by the caller.
395 .B LDAP_OPT_X_SASL_MAXBUFSIZE
396 Gets/sets SASL maximum buffer size;
399 .BR "const ber_len_t *" ,
405 .BR LDAP_OPT_X_SASL_SECPROPS .
407 .B LDAP_OPT_X_SASL_MECH
408 Gets the SASL mechanism;
412 its content needs to be freed by the caller.
414 .B LDAP_OPT_X_SASL_MECHLIST
415 Gets the list of the available mechanisms,
416 in form of a NULL-terminated array of strings;
421 .B LDAP_OPT_X_SASL_NOCANON
422 Sets/gets the NOCANON flag.
423 When unset, the hostname is canonicalized.
424 The value should either be
429 .B LDAP_OPT_X_SASL_REALM
434 its content needs to be freed by the caller.
436 .B LDAP_OPT_X_SASL_SECPROPS
437 Sets the SASL secprops;
441 containing a comma-separated list of properties.
450 .BR minssf=<minssf> ,
451 .BR maxssf=<maxssf> ,
452 .BR maxbufsize=<maxbufsize> .
454 .B LDAP_OPT_X_SASL_SSF
460 .B LDAP_OPT_X_SASL_SSF_EXTERNAL
461 Sets the SASL SSF value related to an authentication
462 performed using an EXTERNAL mechanism;
467 .B LDAP_OPT_X_SASL_SSF_MAX
468 Gets/sets SASL maximum SSF;
471 .BR "const ber_len_t *" ,
477 .BR LDAP_OPT_X_SASL_SECPROPS .
479 .B LDAP_OPT_X_SASL_SSF_MIN
480 Gets/sets SASL minimum SSF;
483 .BR "const ber_len_t *" ,
489 .BR LDAP_OPT_X_SASL_SECPROPS .
491 .B LDAP_OPT_X_SASL_USERNAME
492 Gets the SASL username;
496 Its content needs to be freed by the caller.
498 The TCP options are OpenLDAP specific.
499 Mainly intended for use with Linux, they may not be portable.
501 .B LDAP_OPT_X_KEEPALIVE_IDLE
502 Sets/gets the number of seconds a connection needs to remain idle
503 before TCP starts sending keepalive probes.
511 .B LDAP_OPT_X_KEEPALIVE_PROBES
512 Sets/gets the maximum number of keepalive probes TCP should send
513 before dropping the connection.
521 .B LDAP_OPT_X_KEEPALIVE_INTERVAL
522 Sets/gets the interval in seconds between individual keepalive probes.
530 The TLS options are OpenLDAP specific.
533 .\"Sets/gets the TLS mode.
535 .B LDAP_OPT_X_TLS_CACERTDIR
536 Sets/gets the path of the directory containing CA certificates.
543 and its contents need to be freed by the caller.
545 .B LDAP_OPT_X_TLS_CACERTFILE
546 Sets/gets the full-path CA certificate file.
553 and its contents need to be freed by the caller.
555 .B LDAP_OPT_X_TLS_CERTFILE
556 Sets/gets the full-path certificate file.
563 and its contents need to be freed by the caller.
565 .B LDAP_OPT_X_TLS_CIPHER_SUITE
566 Sets/gets the allowed cipher suite.
573 and its contents need to be freed by the caller.
575 .B LDAP_OPT_X_TLS_CONNECT_ARG
576 Sets/gets the connection callback argument.
584 .B LDAP_OPT_X_TLS_CONNECT_CB
585 Sets/gets the connection callback handle.
588 .BR "const LDAP_TLS_CONNECT_CB *" ;
591 .BR "LDAP_TLS_CONNECT_CB **" .
593 .B LDAP_OPT_X_TLS_CRLCHECK
594 Sets/gets the CRL evaluation strategy, one of
595 .BR LDAP_OPT_X_TLS_CRL_NONE ,
596 .BR LDAP_OPT_X_TLS_CRL_PEER ,
598 .BR LDAP_OPT_X_TLS_CRL_ALL .
607 .B LDAP_OPT_X_TLS_CRLFILE
608 Sets/gets the full-path of the CRL file.
615 and its contents need to be freed by the caller.
616 This option is only valid for GNUtls.
618 .B LDAP_OPT_X_TLS_CTX
619 Sets/gets the OpenSSL CTX.
627 .B LDAP_OPT_X_TLS_DHFILE
628 Gets/sets the full-path of the file containing the parameters
629 for Diffie-Hellman ephemeral key exchange.
636 and its contents need to be freed by the caller.
639 .B LDAP_OPT_X_TLS_KEYFILE
640 Sets/gets the full-path certificate key file.
647 and its contents need to be freed by the caller.
649 .B LDAP_OPT_X_TLS_NEWCTX
650 Instructs the library to create a new TLS CTX.
654 A non-zero value pointed to by
656 tells the library to create a CTX for a server.
658 .B LDAP_OPT_X_TLS_PROTOCOL_MIN
659 Sets/gets the minimum protocol version.
667 .B LDAP_OPT_X_TLS_RANDOM_FILE
668 Sets/gets the random file when
679 and its contents need to be freed by the caller.
682 .B LDAP_OPT_X_TLS_REQUIRE_CERT
683 Sets/gets the peer certificate checking strategy,
685 .BR LDAP_OPT_X_TLS_NEVER ,
686 .BR LDAP_OPT_X_TLS_HARD ,
687 .BR LDAP_OPT_X_TLS_DEMAND ,
688 .BR LDAP_OPT_X_TLS_ALLOW ,
689 .BR LDAP_OPT_X_TLS_TRY .
691 .B LDAP_OPT_X_TLS_SSL_CTX
692 Gets the OpenSSL SSL CTX;
697 On success, the functions return
698 .BR LDAP_OPT_SUCCESS ,
699 while they may return
701 to indicate a generic option handling error.
702 Occasionally, more specific errors can be returned, like
704 to indicate a failure in memory allocation.
706 The LDAP libraries with the
707 .B LDAP_OPT_REFERRALS
710 (default value) automatically follow referrals using an anonymous bind.
711 Application developers are encouraged to either implement consistent
712 referral chasing features, or explicitly disable referral chasing
713 by setting that option to
716 The protocol version used by the library defaults to LDAPv2 (now historic),
717 which corresponds to the
720 Application developers are encouraged to explicitly set
721 .B LDAP_OPT_PROTOCOL_VERSION
724 macro, or to allow users to select the protocol version.
729 (http://www.rfc-editor.org),