1 .TH LDAP_GET_OPTION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
3 .\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
4 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
6 ldap_get_option, ldap_set_option \- LDAP option handling routines
8 OpenLDAP LDAP (libldap, \-lldap)
13 .BI "int ldap_get_option(LDAP *" ld ", int " option ", void *" outvalue ");"
15 .BI "int ldap_set_option(LDAP *" ld ", int " option ", const void *" invalue ");"
18 These routines provide access to options stored either in a LDAP handle
19 or as global options, where applicable.
20 They make use of a neutral interface, where the type of the value
22 .BR ldap_get_option (3)
24 .BR ldap_set_option (3)
27 The actual type is determined based on the value of the
30 Global options are set/retrieved by passing a NULL LDAP handle.
32 .B LDAP_OPT_API_FEATURE_INFO
34 .BR "LDAPAPIFeatureInfo" ;
37 .BR "LDAPAPIFeatureInfo *" ,
38 pointing to an already allocated struct.
39 This is a read-only option.
43 .BR "struct ldapapiinfo" ;
46 .BR "struct ldapapiinfo *" ,
47 pointing to an already allocated struct.
48 This is a read-only option.
50 .B LDAP_OPT_CLIENT_CONTROLS
51 Sets/gets the client-side controls to be used for all operations.
52 This is now deprecated as modern LDAP C API provides replacements
53 for all main operations which accepts client-side controls as
54 explicit arguments; see for example
55 .BR ldap_search_ext (3),
57 .BR ldap_modify_ext (3)
61 .BR "LDAPControl ***" ,
62 and the caller is responsible of freeing the returned controls, if any,
64 .BR ldap_controls_free (3),
68 .BR "LDAPControl **" ;
69 the library duplicates the controls passed via
72 .B LDAP_OPT_CONNECT_ASYNC
73 Sets/gets the status of the asynchronous connect flag.
74 The value should either be
78 When set, the library will call
80 and return, without waiting for response.
81 This leaves the handler in a connecting state.
82 Subsequent calls to library routines will poll for completion
83 of the connect before performing further operations.
84 As a consequence, library calls that need to establish a connection
85 with a DSA do not block even for the network timeout
87 .BR LDAP_OPT_NETWORK_TIMEOUT ).
88 This option is OpenLDAP specific.
90 .B LDAP_OPT_CONNECT_CB
91 This option allows to set a connect callback.
94 must be a pointer to a
95 .IR "struct ldap_conncb" .
96 Callbacks are executed in last in-first served order.
97 Hanlder-specific callbacks are executed first, followed by global ones.
98 Right before freeing the callback structure, the
100 callback handler is passed a
104 .BR ldap_get_option (3)
105 for this option removes the callback whose pointer matches
107 This option is OpenLDAP specific.
109 .B LDAP_OPT_DEBUG_LEVEL
110 Sets/gets the debug level of the client library.
117 This option is OpenLDAP specific.
120 Sets/gets a string containing the DN to be used as default base
121 for search operations.
125 and the caller is responsible of freeing the returned string by calling
126 .BR ldap_memfree (3),
131 the library duplicates the corresponding string.
132 This option is OpenLDAP specific.
135 Sets/gets the value that defines when alias dereferencing must occur.
141 and they cannot be NULL.
147 .BR LDAP_DEREF_SEARCHING ,
148 .BR LDAP_DEREF_FINDING ,
150 .BR LDAP_DEREF_ALWAYS .
151 Note that this has ever been the only means to determine alias dereferencing
152 within search operations.
155 Returns the file descriptor associated to the socket buffer
156 of the LDAP handle passed in as
161 This is a read-only, handler-specific option.
163 .B LDAP_OPT_DIAGNOSTIC_MESSAGE
164 Sets/gets a string containing the error string associated to the LDAP handle.
165 This option was formerly known as
166 .BR LDAP_OPT_ERROR_STRING .
170 and the caller is responsible of freeing the returned string by calling
171 .BR ldap_memfree (3),
176 the library duplicates the corresponding string.
178 .B LDAP_OPT_HOST_NAME
179 Sets/gets a space-separated list of hosts to be contacted by the library
180 when trying to establish a connection.
181 This is now deprecated in favor of
186 and the caller is responsible of freeing the resulting string by calling
187 .BR ldap_memfree (3),
192 the library duplicates the corresponding string.
194 .B LDAP_OPT_MATCHED_DN
195 Sets/gets a string containing the matched DN associated to the LDAP handle.
199 and the caller is responsible of freeing the returned string by calling
200 .BR ldap_memfree (3),
205 the library duplicates the corresponding string.
207 .B LDAP_OPT_NETWORK_TIMEOUT
208 Sets/gets the network timeout value after which
209 .BR poll (2)/ select (2)
212 returns in case of no activity.
215 .BR "struct timeval **"
216 (the caller has to free
221 .BR "struct timeval *" ,
222 and they cannot be NULL. Using a struct with seconds set to \-1 results
223 in an infinite timeout, which is the default.
224 This option is OpenLDAP specific.
226 .B LDAP_OPT_PROTOCOL_VERSION
227 Sets/gets the protocol version.
234 .B LDAP_OPT_REFERRAL_URLS
235 Sets/gets an array containing the referral URIs associated to the LDAP handle.
239 and the caller is responsible of freeing the returned string by calling
240 .BR ber_memvfree (3),
243 must be a NULL-terminated
245 the library duplicates the corresponding string.
246 This option is OpenLDAP specific.
248 .B LDAP_OPT_REFERRALS
249 Determines whether the library should implicitly chase referrals or not.
255 their value should either be
260 .B LDAP_OPT_REFHOPLIMIT
261 This option is OpenLDAP specific.
262 It is not currently implemented.
265 Determines whether the library should implicitly restart connections (FIXME).
271 their value should either be
276 .B LDAP_OPT_RESULT_CODE
277 Sets/gets the LDAP result code associated to the handle.
278 This option was formerly known as
279 .BR LDAP_OPT_ERROR_NUMBER .
287 .B LDAP_OPT_SERVER_CONTROLS
288 Sets/gets the server-side controls to be used for all operations.
289 This is now deprecated as modern LDAP C API provides replacements
290 for all main operations which accepts server-side controls as
291 explicit arguments; see for example
292 .BR ldap_search_ext (3),
293 .BR ldap_add_ext (3),
294 .BR ldap_modify_ext (3)
298 .BR "LDAPControl ***" ,
299 and the caller is responsible of freeing the returned controls, if any,
301 .BR ldap_controls_free (3),
305 .BR "LDAPControl **" ;
306 the library duplicates the controls passed via
309 .B LDAP_OPT_SIZELIMIT
310 Sets/gets the value that defines the maximum number of entries
311 to be returned by a search operation.
317 and they cannot be NULL.
320 Returns a pointer to the socket buffer of the LDAP handle passed in as
325 This is a read-only, handler-specific option.
326 This option is OpenLDAP specific.
328 .B LDAP_OPT_TIMELIMIT
329 Sets/gets the value that defines the time limit after which
330 a search operation should be terminated by the server.
336 and they cannot be NULL.
339 Sets/gets a timeout value for the synchronous API calls.
342 .BR "struct timeval **"
343 (the caller has to free
348 .BR "struct timeval *" ,
349 and they cannot be NULL. Using a struct with seconds set to \-1 results
350 in an infinite timeout, which is the default.
351 This option is OpenLDAP specific.
354 Sets/gets a comma- or space-separated list of URIs to be contacted by the library
355 when trying to establish a connection.
359 and the caller is responsible of freeing the resulting string by calling
360 .BR ldap_memfree (3),
365 the library parses the string into a list of
367 structures, so the invocation of
368 .BR ldap_set_option (3)
369 may fail if URL parsing fails.
370 URIs may only contain the
377 This option is OpenLDAP specific.
379 The SASL options are OpenLDAP specific.
381 .B LDAP_OPT_X_SASL_MECH
382 Gets the SASL mechanism;
386 its content needs to be freed by the caller.
388 .B LDAP_OPT_X_SASL_REALM
393 its content needs to be freed by the caller.
395 .B LDAP_OPT_X_SASL_AUTHCID
396 Gets the SASL authentication identity;
400 its content needs to be freed by the caller.
402 .B LDAP_OPT_X_SASL_AUTHZID
403 Gets the SASL authorization identity;
407 its content needs to be freed by the caller.
409 .B LDAP_OPT_X_SASL_SSF
415 .B LDAP_OPT_X_SASL_SSF_EXTERNAL
416 Sets the SASL SSF value related to an authentication
417 performed using an EXTERNAL mechanism;
422 .B LDAP_OPT_X_SASL_SECPROPS
423 Set the SASL secprops;
427 containing a comma-separated list of properties.
436 .BR minssf=<minssf> ,
437 .BR maxssf=<maxssf> ,
438 .BR maxbufsize=<maxbufsize> ,
441 .BR "maxssf <= 2**31 - 1" ,
442 .BR "maxbufsize <= 65536" .
444 .B LDAP_OPT_X_SASL_SSF_MIN
445 Gets/sets SASL minimum SSF;
448 .BR "const ber_len_t *" ,
454 .BR LDAP_OPT_X_SASL_SECPROPS .
456 .B LDAP_OPT_X_SASL_SSF_MAX
457 Gets/sets SASL maximum SSF;
460 .BR "const ber_len_t *" ,
466 .BR LDAP_OPT_X_SASL_SECPROPS .
468 .B LDAP_OPT_X_SASL_MAXBUFSIZE
469 Gets/sets SASL maximum buffer size;
472 .BR "const ber_len_t *" ,
478 .BR LDAP_OPT_X_SASL_SECPROPS .
480 .B LDAP_OPT_X_SASL_MECHLIST
481 Gets the list of the available mechanisms,
482 in form of a NULL-terminated array of strings;
487 .B LDAP_OPT_X_SASL_NOCANON
488 Sets/gets the NOCANON flag.
489 When unset, the hostname is canonicalized.
490 The value should either be
495 .B LDAP_OPT_X_SASL_USERNAME
496 Gets the SASL username;
500 It points to memory that belongs to the handle;
501 the caller must not muck with it.
503 The TLS options are OpenLDAP specific.
506 Sets/gets the TLS mode, one of
507 .BR LDAP_OPT_X_TLS_NEVER ,
508 .BR LDAP_OPT_X_TLS_HARD ,
509 .BR LDAP_OPT_X_TLS_DEMAND ,
510 .BR LDAP_OPT_X_TLS_ALLOW ,
511 .BR LDAP_OPT_X_TLS_TRY .
513 .B LDAP_OPT_X_TLS_CTX
514 Sets/gets the OpenSSL CTX.
516 .B LDAP_OPT_X_TLS_CACERTFILE
517 Sets/gets the full-path CA certificate file.
519 .B LDAP_OPT_X_TLS_CACERTDIR
520 Sets/gets the path of the directory containing CA certificates.
522 .B LDAP_OPT_X_TLS_CERTFILE
523 Sets/gets the full-path certificate file.
525 .B LDAP_OPT_X_TLS_KEYFILE
526 Sets/gets the full-path certificate key file.
528 .B LDAP_OPT_X_TLS_REQUIRE_CERT
529 Sets/gets the peer certificate checking strategy,
531 .BR LDAP_OPT_X_TLS_NEVER ,
532 .BR LDAP_OPT_X_TLS_HARD ,
533 .BR LDAP_OPT_X_TLS_DEMAND ,
534 .BR LDAP_OPT_X_TLS_ALLOW ,
535 .BR LDAP_OPT_X_TLS_TRY .
537 .B LDAP_OPT_X_TLS_PROTOCOL_MIN
538 Sets/gets the minimum protocol version.
540 .B LDAP_OPT_X_TLS_CIPHER_SUITE
541 Sets/gets the allowed cipher suite.
543 .B LDAP_OPT_X_TLS_RANDOM_FILE
544 Sets/gets the random file when
551 .B LDAP_OPT_X_TLS_SSL_CTX
552 Sets/gets the OpenSSL SSL CTX.
554 .B LDAP_OPT_X_TLS_CRLCHECK
555 Sets/gets the CRL evaluation strategy, one of
556 .BR LDAP_OPT_X_TLS_CRL_NONE ,
557 .BR LDAP_OPT_X_TLS_CRL_PEER ,
559 .BR LDAP_OPT_X_TLS_CRL_ALL .
562 .B LDAP_OPT_X_TLS_CONNECT_CB
563 Sets/gets the connection callback.
564 Currently not implemented.
566 .B LDAP_OPT_X_TLS_CONNECT_ARG
567 Sets/gets the connection callback argument.
568 Currently not implemented.
570 .B LDAP_OPT_X_TLS_DHFILE
571 Gets/sets the full-path of the file containing the parameters
572 for Diffie-Hellman ephemeral key exchange.
575 .B LDAP_OPT_X_TLS_NEWCTX
576 Instructs the library to create a new TLS CTX.
579 tells the library to create a CTX for a server.
581 .B LDAP_OPT_X_TLS_CRLFILE
582 Sets/gets the full-path of the CRL file.
583 This option is only valid for GNUtls.
585 On success, the functions return
586 .BR LDAP_OPT_SUCCESS ,
587 while they may return
589 to indicate a generic option handling error.
590 Occasionally, more specific errors can be returned, like
592 to indicate a failure in memory allocation.
594 The LDAP libraries with the
595 .B LDAP_OPT_REFERRALS
598 (default value) automatically follow referrals using an anonymous bind.
599 Application developers are encouraged to either implement consistent
600 referral chasing features, or explicitly disable referral chasing
601 by setting that option to
604 The protocol version used by the library defaults to LDAPv2 (now historic),
605 which corresponds to the
608 Application developers are encouraged to explicitly set
609 .B LDAP_OPT_PROTOCOL_VERSION
612 macro, or to allow users to select the protocol version.
617 (http://www.rfc-editor.org),