/* #define LDAP_API_OPERATION_SESSION_SAFE 1 */
#endif
-#define LDAP_PORT 389
+#define LDAP_PORT 389 /* ldap:/// default LDAP port */
+#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
#define LDAP_ROOT_DSE ""
#define LDAP_NO_ATTRS "1.1"
#define LDAP_ALL_USER_ATTRIBUTES "*"
+#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+"
/*
* LDAP_OPTions defined by draft-ldapext-ldap-c-api-02
#define LDAP_OPT_TIMEOUT 0x5002 /* default timeout */
#define LDAP_OPT_REFHOPLIMIT 0x5003 /* ref hop limit */
#define LDAP_OPT_MATCHED_DN 0x5004 /* should have been in draft */
+#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket level timeout */
+
+/* TLS options */
+#define LDAP_OPT_X_TLS_CACERTFILE 0x6001
+#define LDAP_OPT_X_TLS_CACERTDIR 0x6002
+#define LDAP_OPT_X_TLS_CERT 0x6003
+#define LDAP_OPT_X_TLS_CERTFILE 0x6004
+#define LDAP_OPT_X_TLS_KEYFILE 0x6005
+#define LDAP_OPT_X_TLS_REQUIRE_CERT 0x6006
+#define LDAP_OPT_X_TLS 0x6007
+#define LDAP_OPT_X_TLS_PROTOCOL 0x6008
+#define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6009
+
+#define LDAP_OPT_X_TLS_NEVER 0
+#define LDAP_OPT_X_TLS_HARD 1
+#define LDAP_OPT_X_TLS_DEMAND 2
+#define LDAP_OPT_X_TLS_ALLOW 3
+#define LDAP_OPT_X_TLS_TRY 4
/* on/off values */
#define LDAP_OPT_ON ((void *) 1)
char ldctl_iscritical;
} LDAPControl;
-/* LDAP "Standard" Controls */
-
+/* LDAP Controls */
/* chase referrals controls */
#define LDAP_CONTROL_REFERRALS "1.2.840.113666.1.4.616"
#define LDAP_CHASE_SUBORDINATE_REFERRALS 0x0020
#define LDAP_CHASE_EXTERNAL_REFERRALS 0x0040
-/* LDAP "Extension" Controls */
+#define LDAP_CONTROL_MANAGEDSAIT "2.16.16.840.1.113730.3.4.2"
+
+/* LDAP Unsolicited Notifications */
+#define LDAP_NOTICE_DISCONNECT "1.3.6.1.4.1.1466.20036"
-/* LDAP "Private/Experiemental" Controls */
+/* LDAP Extended Operations */
/*
/* general stuff */
#define LDAP_TAG_MESSAGE (ber_tag_t) 0x30U /* constructed + 16 */
-#define OLD_LDAP_TAG_MESSAGE (ber_tag_t) 0x10U /* forgot the constructed bit */
#define LDAP_TAG_MSGID (ber_tag_t) 0x02U /* integer */
#define LDAP_TAG_LDAPDN (ber_tag_t) 0x04U /* octect string */
+#define LDAP_TAG_LDAPCRED (ber_tag_t) 0x04U /* octect string */
#define LDAP_TAG_CONTROLS (ber_tag_t) 0xa0U /* context specific + constructed + 0 */
#define LDAP_TAG_REFERRAL (ber_tag_t) 0xa3U /* context specific + constructed + 3 */
#define LDAP_REQ_ABANDON (ber_tag_t) 0x50U /* application + primitive */
#define LDAP_REQ_EXTENDED (ber_tag_t) 0x77U /* application + constructed */
-/* U-Mich version 3.0 compatibility stuff */
-#define LDAP_REQ_UNBIND_30 (ber_tag_t) 0x62U
-#define LDAP_REQ_DELETE_30 (ber_tag_t) 0x6aU
-#define LDAP_REQ_ABANDON_30 (ber_tag_t) 0x70U
-
-/*
- * old broken stuff for backwards compatibility - forgot application tag
- * and constructed/primitive bit
- */
-#define OLD_LDAP_REQ_BIND (ber_tag_t) 0x00U
-#define OLD_LDAP_REQ_UNBIND (ber_tag_t) 0x02U
-#define OLD_LDAP_REQ_SEARCH (ber_tag_t) 0x03U
-#define OLD_LDAP_REQ_MODIFY (ber_tag_t) 0x06U
-#define OLD_LDAP_REQ_ADD (ber_tag_t) 0x08U
-#define OLD_LDAP_REQ_DELETE (ber_tag_t) 0x0aU
-#define OLD_LDAP_REQ_MODRDN (ber_tag_t) 0x0cU
-#define OLD_LDAP_REQ_COMPARE (ber_tag_t) 0x0eU
-#define OLD_LDAP_REQ_ABANDON (ber_tag_t) 0x10U
-
/* possible result types a server can return */
#define LDAP_RES_BIND (ber_tag_t) 0x61U /* application + constructed */
#define LDAP_RES_SEARCH_ENTRY (ber_tag_t) 0x64U /* application + constructed */
#define LDAP_RES_EXTENDED (ber_tag_t) 0x78U /* V3: application + constructed */
#define LDAP_RES_ANY ((ber_tag_t)(~0))
-/* old broken stuff for backwards compatibility */
-#define OLD_LDAP_RES_BIND (ber_tag_t) 0x01UL
-#define OLD_LDAP_RES_SEARCH_ENTRY (ber_tag_t) 0x04UL
-#define OLD_LDAP_RES_SEARCH_RESULT (ber_tag_t) 0x05U
-#define OLD_LDAP_RES_MODIFY (ber_tag_t) 0x07U
-#define OLD_LDAP_RES_ADD (ber_tag_t) 0x09U
-#define OLD_LDAP_RES_DELETE (ber_tag_t) 0x0bU
-#define OLD_LDAP_RES_MODRDN (ber_tag_t) 0x0dU
-#define OLD_LDAP_RES_MODDN OLD_LDAP_RES_MODRDN
-#define OLD_LDAP_RES_COMPARE (ber_tag_t) 0x0fU
/* sasl methods */
#define LDAP_SASL_SIMPLE NULL
#define LDAP_AUTH_KRBV41 (ber_tag_t) 0x81U /* context specific + primitive */
#define LDAP_AUTH_KRBV42 (ber_tag_t) 0x82U /* context specific + primitive */
-/* U-Mich version 3.0 compatibility auth methods */
-#define LDAP_AUTH_SIMPLE_30 (ber_tag_t) 0xa0U /* context specific + constructed */
-#define LDAP_AUTH_KRBV41_30 (ber_tag_t) 0xa1U /* context specific + constructed */
-#define LDAP_AUTH_KRBV42_30 (ber_tag_t) 0xa2U /* context specific + constructed */
-
-/* old broken stuff */
-#define OLD_LDAP_AUTH_SIMPLE (ber_tag_t) 0x00U
-#define OLD_LDAP_AUTH_KRBV4 (ber_tag_t) 0x01U
-#define OLD_LDAP_AUTH_KRBV42 (ber_tag_t) 0x02U
/* filter types */
#define LDAP_FILTER_AND (ber_tag_t) 0xa0U /* context specific + constructed */
#define LDAP_FILTER_LE (ber_tag_t) 0xa6U /* context specific + constructed */
#define LDAP_FILTER_PRESENT (ber_tag_t) 0x87U /* context specific + primitive */
#define LDAP_FILTER_APPROX (ber_tag_t) 0xa8U /* context specific + constructed */
-#define LDAP_FILTER_EXTENDED (ber_tag_t) 0xa9U /* context specific + constructed */
-
-/* U-Mich version 3.0 compatibility filter types */
-#define LDAP_FILTER_PRESENT_30 (ber_tag_t) 0xa7U /* context specific + constructed */
-
-/* old broken stuff */
-#define OLD_LDAP_FILTER_AND (ber_tag_t) 0x00U
-#define OLD_LDAP_FILTER_OR (ber_tag_t) 0x01U
-#define OLD_LDAP_FILTER_NOT (ber_tag_t) 0x02U
-#define OLD_LDAP_FILTER_EQUALITY (ber_tag_t) 0x03U
-#define OLD_LDAP_FILTER_SUBSTRINGS (ber_tag_t) 0x04U
-#define OLD_LDAP_FILTER_GE (ber_tag_t) 0x05U
-#define OLD_LDAP_FILTER_LE (ber_tag_t) 0x06U
-#define OLD_LDAP_FILTER_PRESENT (ber_tag_t) 0x07U
-#define OLD_LDAP_FILTER_APPROX (ber_tag_t) 0x08U
+#define LDAP_FILTER_EXT (ber_tag_t) 0xa9U /* context specific + constructed */
/* extended filter component types */
-#define LDAP_FILTER_EXTENDED_OID (ber_tag_t) 0x81U /* context specific */
-#define LDAP_FILTER_EXTENDED_TYPE (ber_tag_t) 0x82U /* context specific */
-#define LDAP_FILTER_EXTENDED_VALUE (ber_tag_t) 0x83U /* context specific */
-#define LDAP_FILTER_EXTENDED_DNATTRS (ber_tag_t) 0x84U /* context specific */
+#define LDAP_FILTER_EXT_OID (ber_tag_t) 0x81U /* context specific */
+#define LDAP_FILTER_EXT_TYPE (ber_tag_t) 0x82U /* context specific */
+#define LDAP_FILTER_EXT_VALUE (ber_tag_t) 0x83U /* context specific */
+#define LDAP_FILTER_EXT_DNATTRS (ber_tag_t) 0x84U /* context specific */
/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL (ber_tag_t) 0x80U /* context specific */
#define LDAP_SUBSTRING_ANY (ber_tag_t) 0x81U /* context specific */
#define LDAP_SUBSTRING_FINAL (ber_tag_t) 0x82U /* context specific */
-/* U-Mich version 3.0 compatibility substring filter component types */
-#define LDAP_SUBSTRING_INITIAL_30 (ber_tag_t) 0xa0U /* context specific */
-#define LDAP_SUBSTRING_ANY_30 (ber_tag_t) 0xa1U /* context specific */
-#define LDAP_SUBSTRING_FINAL_30 (ber_tag_t) 0xa2U /* context specific */
-
-/* old broken stuff */
-#define OLD_LDAP_SUBSTRING_INITIAL (ber_tag_t) 0x00U
-#define OLD_LDAP_SUBSTRING_ANY (ber_tag_t) 0x01U
-#define OLD_LDAP_SUBSTRING_FINAL (ber_tag_t) 0x02U
-
/* search scopes */
#define LDAP_SCOPE_BASE (ber_int_t) 0x0000
#define LDAP_SCOPE_ONELEVEL (ber_int_t) 0x0001
* possible error codes we can return
*/
+#define LDAP_RANGE(n,x,y) (((x) <= (n)) && ((n) <= (y)))
+
#define LDAP_SUCCESS 0x00
#define LDAP_OPERATIONS_ERROR 0x01
#define LDAP_PROTOCOL_ERROR 0x02
#define LDAP_SIZELIMIT_EXCEEDED 0x04
#define LDAP_COMPARE_FALSE 0x05
#define LDAP_COMPARE_TRUE 0x06
-#define LDAP_STRONG_AUTH_NOT_SUPPORTED 0x07
-#define LDAP_AUTH_METHOD_NOT_SUPPORTED LDAP_STRONG_AUTH_NOT_SUPPORTED
+#define LDAP_AUTH_METHOD_NOT_SUPPORTED 0x07
+#define LDAP_STRONG_AUTH_NOT_SUPPORTED LDAP_AUTH_METHOD_NOT_SUPPORTED
#define LDAP_STRONG_AUTH_REQUIRED 0x08
#define LDAP_PARTIAL_RESULTS 0x09 /* not listed in v3 */
#define LDAP_REFERRAL 0x0a /* LDAPv3 */
#define LDAP_ADMINLIMIT_EXCEEDED 0x0b /* LDAPv3 */
-#define LDAP_UNAVAILABLE_CRITICIAL_EXTENSION 0x0c /* LDAPv3 */
+#define LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c /* LDAPv3 */
#define LDAP_CONFIDENTIALITY_REQUIRED 0x0d /* LDAPv3 */
#define LDAP_SASL_BIND_IN_PROGRESS 0x0e /* LDAPv3 */
+#define LDAP_ATTR_ERROR(n) LDAP_RANGE((n),0x10,0x15) /* 16-21 */
+
#define LDAP_NO_SUCH_ATTRIBUTE 0x10
#define LDAP_UNDEFINED_TYPE 0x11
#define LDAP_INAPPROPRIATE_MATCHING 0x12
#define LDAP_TYPE_OR_VALUE_EXISTS 0x14
#define LDAP_INVALID_SYNTAX 0x15
+#define LDAP_NAME_ERROR(n) LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
+
#define LDAP_NO_SUCH_OBJECT 0x20
#define LDAP_ALIAS_PROBLEM 0x21
#define LDAP_INVALID_DN_SYNTAX 0x22
#define LDAP_IS_LEAF 0x23 /* not LDAPv3 */
#define LDAP_ALIAS_DEREF_PROBLEM 0x24
-#define LDAP_NAME_ERROR(n) (((int)(n) & 0x00f0) == 0x0020)
+#define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x30,0x32) /* 48-50 */
#define LDAP_INAPPROPRIATE_AUTH 0x30
#define LDAP_INVALID_CREDENTIALS 0x31
#define LDAP_INSUFFICIENT_ACCESS 0x32
+
+#define LDAP_SERVICE_ERROR(n) LDAP_RANGE((n),0x33,0x36) /* 51-54 */
+
#define LDAP_BUSY 0x33
#define LDAP_UNAVAILABLE 0x34
#define LDAP_UNWILLING_TO_PERFORM 0x35
#define LDAP_LOOP_DETECT 0x36
+#define LDAP_UPDATE_ERROR(n) LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
+
#define LDAP_NAMING_VIOLATION 0x40
#define LDAP_OBJECT_CLASS_VIOLATION 0x41
#define LDAP_NOT_ALLOWED_ON_NONLEAF 0x42
#define LDAP_AFFECTS_MULTIPLE_DSAS 0x47 /* LDAPv3 */
#define LDAP_OTHER 0x50
+
+#define LDAP_API_ERROR(n) LDAP_RANGE((n),0x51,0xff) /* 81+ */
+
#define LDAP_SERVER_DOWN 0x51
#define LDAP_LOCAL_ERROR 0x52
#define LDAP_ENCODING_ERROR 0x53
* types for ldap URL handling
*/
typedef struct ldap_url_desc {
+ int lud_ldaps;
char *lud_host;
int lud_port;
char *lud_dn;
char **lud_attrs;
int lud_scope;
char *lud_filter;
- char *lud_string; /* for internal use only */
+ char **lud_exts;
} LDAPURLDesc;
-#define LDAP_URL_ERR_NOTLDAP 0x01 /* URL doesn't begin with "ldap://" */
-#define LDAP_URL_ERR_NODN 0x02 /* URL has no DN (required) */
-#define LDAP_URL_ERR_BADSCOPE 0x03 /* URL scope string is invalid */
-#define LDAP_URL_ERR_MEM 0x04 /* can't allocate memory space */
+#define LDAP_URL_SUCCESS 0x00 /* Success */
+#define LDAP_URL_ERR_MEM 0x01 /* can't allocate memory space */
+#define LDAP_URL_ERR_PARAM 0x02 /* parameter is bad */
+
+#define LDAP_URL_ERR_NOTLDAP 0x03 /* URL doesn't begin with "ldap[s]://" */
+#define LDAP_URL_ERR_BADENCLOSURE 0x04 /* URL is missing trailing ">" */
+#define LDAP_URL_ERR_BADURL 0x05 /* URL is bad */
+#define LDAP_URL_ERR_BADHOST 0x06 /* host port is bad */
+#define LDAP_URL_ERR_BADATTRS 0x07 /* bad (or missing) attributes */
+#define LDAP_URL_ERR_BADSCOPE 0x08 /* scope string is invalid (or missing) */
+#define LDAP_URL_ERR_BADFILTER 0x09 /* bad or missing filter */
+#define LDAP_URL_ERR_BADEXTS 0x0a /* bad or missing extensions */
/*
* The API draft spec says we should declare (or cause to be declared)
/*
- * in saslbind.c:
+ * in sasl.c:
*/
LDAP_F( int )
ldap_sasl_bind LDAP_P((
struct berval *cred,
LDAPControl **serverctrls,
LDAPControl **clientctrls,
- int msgidp ));
+ int *msgidp ));
LDAP_F( int )
ldap_sasl_bind_s LDAP_P((
* in error.c:
*/
LDAP_F( int )
-ldap_result2error LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAPMessage *r,
- int freeit ));
+ldap_parse_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ int *errcodep,
+ char **matcheddnp,
+ char **errmsgp,
+ char ***referralsp,
+ LDAPControl ***serverctrls,
+ int freeit ));
LDAP_F( char *)
ldap_err2string LDAP_P((
int err ));
+LDAP_F( int )
+ldap_result2error LDAP_P(( /* deprecated */
+ LDAP *ld,
+ LDAPMessage *r,
+ int freeit ));
+
LDAP_F( void )
ldap_perror LDAP_P(( /* deprecated */
LDAP *ld,
struct timeval *timeout,
LDAPMessage **result ));
-LDAP_F( int )
-ldap_parse_result LDAP_P((
- LDAP *ld,
- LDAPMessage *res,
- int *errcodep,
- char **matcheddnp,
- char **errmsgp,
- char ***referralsp,
- LDAPControl ***serverctrls,
- int freeit ));
-
LDAP_F( int )
ldap_msgtype LDAP_P((
LDAPMessage *lm ));
ldap_is_ldap_url LDAP_P((
LDAP_CONST char *url ));
+LDAP_F( int )
+ldap_is_ldaps_url LDAP_P((
+ LDAP_CONST char *url ));
+
LDAP_F( int )
ldap_url_parse LDAP_P((
LDAP_CONST char *url,