X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-tcl%2FREADME.back-tcl;h=d0112d42409a6acbb87099924193b46f16fab9ab;hb=08059f1633bfd9d0a709761b026bdb8e4441c6e6;hp=b7b890be5696c950a36b1463e749657bcfba601f;hpb=4a8ab5dbf2ba037b0824d64bb3217ca06671884a;p=openldap diff --git a/servers/slapd/back-tcl/README.back-tcl b/servers/slapd/back-tcl/README.back-tcl index b7b890be56..d0112d4240 100644 --- a/servers/slapd/back-tcl/README.back-tcl +++ b/servers/slapd/back-tcl/README.back-tcl @@ -1,206 +1 @@ -Tcl Backend Interface for OpenLDAP - - ----------------------------- -Synopsis of slapd.conf setup ----------------------------- - -database tcl -suffix o=Suffix - -# The full path to the tcl script used for this database -scriptpath /usr/lib/ldap/database.tcl - -# The procs for each ldap function. This is similar to how -# the shell backend setup works, but these refer to -# the tcl procs in the 'scriptpath' script that handle them -search -add -delete -modify -bind -unbind -modrdn -compare -abandon - -# This is one of the biggest pluses of using the tcl backend. -# The realm let's you group several databases to the same interpreter. -# This basically means they share the same global variables and proc -# space. So global variables, as well as all the procs, are callable -# between databases. If no tclrealm is specified, it is put into the -# "default" realm. -tclrealm - - ------------------------------------------ -Synopsis of variables passed to the procs ------------------------------------------ - -abandon { action msgid suffix } - - action - Always equal to ABANDON - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one is - an entry in a tcl formatted list (surrounded by {}'s) - -add { action msgid suffix entry } - - action - Always equal to ADD - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one is - an entry in a tcl formatted list (surrounded by {}'s) - entry - Full entry to add. Each "type: val" is an element in a - tcl formatted list. - -bind { action msgid suffix dn method cred_len cred } - - action - Always equal to BIND - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is an entry in a tcl formatted list (surrounded by {}'s) - dn - DN being bound to - method - One of the ldap authentication methods - cred_len - Length of cred - cred - Credentials being used to authenticate, according to - RFC, if this value is empty, then it should be - considered an anonomous bind (??) - -compare { action msgid suffix dn ava_type ava_value } - - action - Always equal to COMPARE - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is and entry in a tcl formatted list (surrounded by {}'s) - dn - DN for compare - ava_type - Type for comparison - ava_value - Value to compare - -delete { action msgid suffix dn } - - action - Always equal to DELETE - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is and entry in a tcl formatted list (surrounded by {}'s) - dn - DN to delete - -modify { action msgid suffix dn mods } - - action - Always equal to MODIFY - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is and entry in a tcl formatted list (surrounded by {}'s) - dn - DN to modify - mods - Tcl list of modifications. List is formatted in this way: - - { - { {op: type} {type: val} } - { {op: type} {type: val} {type: val} } - ... - } - - Newlines are not present in the actual var, they are - present here for clarification. "op" is the type of - modification (add, delete, replace). - -modrdn { action msgid suffix dn newrdn deleteoldrdn } - - action - Always equal to MODRDN - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is and entry in a tcl formatted list (surrounded by {}'s) - dn - DN who's RDN is being renamed - newrdn - New RDN - deleteoldrdn - Boolean stating whether or not the old RDN should - be removed after being renamed - -search { action msgid suffix base scope deref sizelimit timelimit - filterstr attrsonly attrlist } - - action - Always equal to SEARCH - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is and entry in a tcl formatted list (surrounded by {}'s) - base - Base for this search - scope - Scope of search, ( 0 | 1 | 2 ) - deref - Alias dereferencing ( 0 | 1 | 2 | 3 ) - sizelimit - Script should try not to return more data that this - timelimit - Time limit for search - filterstr - Filter string as sent by the requestor. - attrsonly - Boolean for whether to list only the attributes - instead of attributes and their values. - attrlist - Tcl list if to retrieve. - -unbind { action msgid suffix dn } - - action - Always equal to UNBIND - msgid - The msgid of this ldap session - suffix - List of suffix(es) associated with the call. Each one - is and entry in a tcl formatted list (surrounded by {}'s) - dn - DN to unbind - - ------------------------------------- -Synopsis of Return Method and Syntax ------------------------------------- - -There are only 2 return types. All procs must return a result to show -status of the operation. The result is in this form: - - { RESULT {code: } {matched: } {info: } {} } - -This is best accomplished with this type of tcl code - - lappend ret_val "RESULT" - lappend ret_val "code: 0" - lappend ret_val "" - return $ret_val - -The final empty string (item in list) is necessary to point to the end of -list. The 'code', 'matched', and 'info' values are not necessary, and -default values are given if not specified. The 'code' value is usually an -LDAP error in decimal notation from ldap.h. The 'info', may be sent back -to the client, depending on the function. LDAP uses the value of 'code' to -indicate whether or not the authentication is acceptible in the bind proc. - -The other type of return is for searches. It is similar format to the -shell backend return (as is most of the syntax here). Its format follows: - - {dn: o=Company, c=US} {attr: val} {objectclass: val} {} - {dn: o=CompanyB, c=US} {attr: val} {objectclass: val} {} - -Again, newlines are for visual purposes here. Also note the {} marking the -end of the entry (same effect as a newline in ldif format). Here is some -example code again, showing a full search proc example. - -# Note that 'args' lets you lump all possible args into one var, used -# here for simplicity of example -proc ldap:search { args } { - # perform some operations - - lappend ret_val "dn: $rdn,$base" - lappend ret_val "objectclass: $objcl" - lappend ret_val "sn: $rdn" - lappend ret_val "mail: $email" - lappend ret_val "" -# Now setup the result - lappend ret_val "RESULT" - lappend ret_val "code: 0" - lappend ret_val "" - - return $ret_val -} - -NOTE: Newlines in the return value is acceptable in search entries (i.e. -when returning base64 encoded binary entries). - - -------------------------------------- -Synopsis of Builtin Commands and Vars -------------------------------------- - -ldap:debug - - Allows you to send debug messages through OpenLDAP's native debugging - system, this is sent as a LDAP_DEBUG_ANY and will be logged. Useful for - debugging scripts or logging bind failures. +The Tcl Backend is described in the slapd-tcl(5) manual page.