1 .TH SLAPD-TCL 5 "2 May 2002" "OpenLDAP LDVERSION"
4 slapd-tcl \- Tcl backend to slapd
14 Any tcl database section of the configuration file
16 must then specify what Tcl script to use.
20 options apply to the TCL backend database.
21 That is, they must follow a "database tcl" line and come before any
22 subsequent "backend" or "database" lines.
23 Other database options are described in the
27 .B scriptpath <filename.tcl>
28 The full path to the tcl script used for this database.
48 The procs for each ldap function.
49 They refer to the tcl procs in the `scriptpath' script that handles them.
52 .B tclrealm <interpreter name>
53 This is one of the biggest pluses of using the tcl backend.
54 The realm lets you group several databases to the same interpreter.
55 This basically means they share the same global variables and proc space.
56 So global variables, as well as all the procs, are callable between databases.
57 If no tclrealm is specified, it is put into the "default" realm.
58 .SH Variables passed to the procs
60 .B abandon { action msgid suffix }
62 action - Always equal to ABANDON.
63 msgid - The msgid of this ldap operation.
64 suffix - List of suffix(es) associated with the
65 call. Each one is an entry in a tcl
66 formatted list (surrounded by {}'s).
69 .B add "{ action msgid suffix entry }"
71 action - Always equal to ADD.
72 msgid - The msgid of this ldap operation.
73 suffix - List of suffix(es), as above.
74 entry - Full entry to add. Each "type: val" is
75 an element in a tcl formatted list.
78 .B bind "{ action msgid suffix dn method cred_len cred }"
80 action - Always equal to BIND.
81 msgid - The msgid of this ldap operation.
82 suffix - List of suffix(es), as above.
83 dn - DN being bound to.
84 method - One of the ldap authentication methods.
85 cred_len - Length of cred.
86 cred - Credentials being used to authenticate,
87 according to RFC. If this value is empty,
88 then it should be considered an anonymous
92 .B compare "{ action msgid suffix dn ava_type ava_value }"
94 action - Always equal to COMPARE.
95 msgid - The msgid of this ldap operation.
96 suffix - List of suffix(es), as above.
98 ava_type - Type for comparison.
99 ava_value - Value to compare.
102 .B delete "{ action msgid suffix dn }"
104 action - Always equal to DELETE.
105 msgid - The msgid of this ldap operation.
106 suffix - List of suffix(es), as above.
110 .B modify "{ action msgid suffix dn mods }"
112 action - Always equal to MODIFY.
113 msgid - The msgid of this ldap operation.
114 suffix - List of suffix(es), as above.
116 mods - Tcl list of modifications.
117 The list is formatted in this way:
120 { {op: type} {type: val} }
121 { {op: type} {type: val} {type: val} }
125 Newlines are not present in the actual var,
126 they are present here for clarification.
127 "op" is the type of modification
128 (ADD, DELETE, REPLACE).
131 .B modrdn "{ action msgid suffix dn newrdn deleteoldrdn }"
133 action - Always equal to MODRDN.
134 msgid - The msgid of this ldap operation.
135 suffix - List of suffix(es), as above.
136 dn - DN whose RDN is being renamed.
138 deleteoldrdn - Boolean stating whether or not the
139 old RDN should be removed after being renamed.
143 search { action msgid suffix base scope deref \
144 sizelimit timelimit filterstr attrsonly attrlist }
146 action - Always equal to SEARCH.
147 msgid - The msgid of this ldap operation.
148 suffix - List of suffix(es), as above.
149 base - Base for this search.
150 scope - Scope of search, ( 0 | 1 | 2 ).
151 deref - Alias dereferencing ( 0 | 1 | 2 | 3 ).
152 sizelimit - Maximum number of entries to return.
153 timelimit - Time limit for search.
154 filterstr - Filter string as sent by the requester.
155 attrsonly - Boolean for whether to list only the
156 attributes, and not values as well.
157 attrlist - Tcl list if to retrieve.
160 .B unbind "{ action msgid suffix dn }"
162 action - Always equal to UNBIND.
163 msgid - The msgid of this ldap operation.
164 suffix - List of suffix(es), as above.
168 .SH Return Method and Syntax
169 There are only 2 return types.
170 All procs must return a result to show status of the operation.
171 The result is in this form:
175 { RESULT {code: <integer>} {matched: <partialdn>}
176 {info: <string>} {} }
180 This is best accomplished with this type of tcl code
184 lappend ret_val "RESULT"
185 lappend ret_val "code: 0"
191 The final empty string (item in list) is necessary to point to the end
193 The `code', `matched', and `info' values are not necessary, and
194 default values are given if not specified.
195 The `code' value is usually an LDAP error in decimal notation from
197 The `info', may be sent back to the client, depending on the
199 In the bind proc, LDAP uses the value of `code' to indicate whether or
200 not the authentication is acceptable.
202 The other type of return is for searches.
203 It is similar format to the shell backend return (as is most of the
209 {dn: o=Company, c=US} {attr: val} {objectclass: val} {}
210 {dn: o=CompanyB, c=US} {attr: val} {objectclass: val} {}
214 Again, newlines are for visual purposes here.
215 Also note the {} marking the end of the entry (same effect as a
216 newline in ldif format).
217 Here is some example code again, showing a full search proc example.
221 # Note that `args' lets you lump all possible args
222 # into one var, used here for simplicity of example
223 proc ldap:search { args } {
224 # ...perform some operations...
226 lappend ret_val "dn: $rdn,$base"
227 lappend ret_val "objectclass: $objcl"
228 lappend ret_val "sn: $rdn"
229 lappend ret_val "mail: $email"
231 # Now setup the result
232 lappend ret_val "RESULT"
233 lappend ret_val "code: 0"
240 NOTE: Newlines in the return value is acceptable in search entries
241 (i.e. when returning base64 encoded binary entries).
243 .SH Builtin Commands and Variables
246 Allows you to send debug messages through OpenLDAP's native debugging
247 system, this is sent as a LDAP_DEBUG_ANY and will be logged.
248 Useful for debugging scripts or logging bind failures.
252 default slapd configuration file