1 .TH SLAPD-TCL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
4 slapd-tcl \- Tcl backend to slapd
14 Any tcl database section of the configuration file
16 must then specify what Tcl script to use.
18 .B "This backend's calling conventions have changed since OpenLDAP 2.0."
19 Previously, the 2nd argument to the procs was a message ID.
20 Now they are an "operation ID" string.
21 Also, proc abandon now gets a new
27 options apply to the TCL backend database.
28 That is, they must follow a "database tcl" line and come before any
29 subsequent "backend" or "database" lines.
30 Other database options are described in the
34 .B scriptpath <filename.tcl>
35 The full path to the tcl script used for this database.
55 The procs for each ldap function.
56 They refer to the tcl procs in the `scriptpath' script that handles them.
59 .B tclrealm <interpreter name>
60 This is one of the biggest pluses of using the tcl backend.
61 The realm lets you group several databases to the same interpreter.
62 This basically means they share the same global variables and proc space.
63 So global variables, as well as all the procs, are callable between databases.
64 If no tclrealm is specified, it is put into the "default" realm.
65 .SH Variables passed to the procs
67 .B abandon { action opid suffix abandonid }
69 action - Always equal to ABANDON.
70 opid - The opid of this ldap operation.
71 suffix - List of suffix(es) associated with the
72 call. Each one is an entry in a tcl
73 formatted list (surrounded by {}'s).
74 abandonid - The opid of the operation to abandon.
77 .B add "{ action opid suffix entry }"
79 action - Always equal to ADD.
80 opid - The opid of this ldap operation.
81 suffix - List of suffix(es), as above.
82 entry - Full entry to add. Each "type: val" is
83 an element in a tcl formatted list.
86 .B bind "{ action opid suffix dn method cred_len cred }"
88 action - Always equal to BIND.
89 opid - The opid of this ldap operation.
90 suffix - List of suffix(es), as above.
91 dn - DN being bound to.
92 method - One of the ldap authentication methods.
93 cred_len - Length of cred.
94 cred - Credentials being used to authenticate,
95 according to RFC. If this value is empty,
96 then it should be considered an anonymous
100 .B compare "{ action opid suffix dn ava_type ava_value }"
102 action - Always equal to COMPARE.
103 opid - The opid of this ldap operation.
104 suffix - List of suffix(es), as above.
106 ava_type - Type for comparison.
107 ava_value - Value to compare.
110 .B delete "{ action opid suffix dn }"
112 action - Always equal to DELETE.
113 opid - The opid of this ldap operation.
114 suffix - List of suffix(es), as above.
118 .B modify "{ action opid suffix dn mods }"
120 action - Always equal to MODIFY.
121 opid - The opid of this ldap operation.
122 suffix - List of suffix(es), as above.
124 mods - Tcl list of modifications.
125 The list is formatted in this way:
128 { {op: type} {type: val} }
129 { {op: type} {type: val} {type: val} }
133 Newlines are not present in the actual var,
134 they are present here for clarification.
135 "op" is the type of modification
136 (ADD, DELETE, REPLACE).
139 .B modrdn "{ action opid suffix dn newrdn deleteoldrdn }"
141 action - Always equal to MODRDN.
142 opid - The opid of this ldap operation.
143 suffix - List of suffix(es), as above.
144 dn - DN whose RDN is being renamed.
146 deleteoldrdn - Boolean stating whether or not the
147 old RDN should be removed after being renamed.
151 search { action opid suffix base scope deref \
152 sizelimit timelimit filterstr attrsonly attrlist }
154 action - Always equal to SEARCH.
155 opid - The opid of this ldap operation.
156 suffix - List of suffix(es), as above.
157 base - Base for this search.
158 scope - Scope of search, ( 0 | 1 | 2 ).
159 deref - Alias dereferencing ( 0 | 1 | 2 | 3 ).
160 sizelimit - Maximum number of entries to return.
161 timelimit - Time limit for search.
162 filterstr - Filter string as sent by the requester.
163 attrsonly - Boolean for whether to list only the
164 attributes, and not values as well.
165 attrlist - Tcl list if to retrieve.
168 .B unbind "{ action opid suffix dn }"
170 action - Always equal to UNBIND.
171 opid - The opid of this ldap operation.
172 suffix - List of suffix(es), as above.
178 (operation ID) is a "connection ID/message ID" string identifying an
181 .SH Return Method and Syntax
182 There are only 2 return types.
183 All procs must return a result to show status of the operation.
184 The result is in this form:
188 { RESULT {code: <integer>} {matched: <partialdn>}
189 {info: <string>} {} }
193 This is best accomplished with this type of tcl code
197 lappend ret_val "RESULT"
198 lappend ret_val "code: 0"
204 The final empty string (item in list) is necessary to point to the end
206 The `code', `matched', and `info' values are not necessary, and
207 default values are given if not specified.
208 The `code' value is usually an LDAP error in decimal notation from
210 The `info', may be sent back to the client, depending on the
212 In the bind proc, LDAP uses the value of `code' to indicate whether or
213 not the authentication is acceptable.
215 The other type of return is for searches.
216 It is similar format to the shell backend return (as is most of the
222 {dn: o=Company, c=US} {attr: val} {objectclass: val} {}
223 {dn: o=CompanyB, c=US} {attr: val} {objectclass: val} {}
227 Again, newlines are for visual purposes here.
228 Also note the {} marking the end of the entry (same effect as a
229 newline in ldif format).
230 Here is some example code again, showing a full search proc example.
234 # Note that `args' lets you lump all possible args
235 # into one var, used here for simplicity of example
236 proc ldap:search { args } {
237 # ...perform some operations...
239 lappend ret_val "dn: $rdn,$base"
240 lappend ret_val "objectclass: $objcl"
241 lappend ret_val "sn: $rdn"
242 lappend ret_val "mail: $email"
244 # Now setup the result
245 lappend ret_val "RESULT"
246 lappend ret_val "code: 0"
253 NOTE: Newlines in the return value is acceptable in search entries
254 (i.e. when returning base64 encoded binary entries).
256 .SH Builtin Commands and Variables
259 Allows you to send debug messages through OpenLDAP's native debugging
260 system, this is sent as a LDAP_DEBUG_ANY and will be logged.
261 Useful for debugging scripts or logging bind failures.
265 default slapd configuration file