.SH SASL OPTIONS
The SASL options are OpenLDAP specific.
.TP
-.B LDAP_OPT_X_SASL_MECH
-Gets the SASL mechanism;
+.B LDAP_OPT_X_SASL_AUTHCID
+Gets the SASL authentication identity;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller.
.TP
-.B LDAP_OPT_X_SASL_REALM
-Gets the SASL realm;
+.B LDAP_OPT_X_SASL_AUTHZID
+Gets the SASL authorization identity;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller.
.TP
-.B LDAP_OPT_X_SASL_AUTHCID
-Gets the SASL authentication identity;
+.B LDAP_OPT_X_SASL_MAXBUFSIZE
+Gets/sets SASL maximum buffer size;
+.BR invalue
+must be
+.BR "const ber_len_t *" ,
+while
.BR outvalue
-must be a
-.BR "char **" ,
-its content needs to be freed by the caller.
+must be
+.BR "ber_len_t *" .
+See also
+.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
-.B LDAP_OPT_X_SASL_AUTHZID
-Gets the SASL authorization identity;
+.B LDAP_OPT_X_SASL_MECH
+Gets the SASL mechanism;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller.
.TP
-.B LDAP_OPT_X_SASL_SSF
-Gets the SASL SSF;
+.B LDAP_OPT_X_SASL_MECHLIST
+Gets the list of the available mechanisms,
+in form of a NULL-terminated array of strings;
.BR outvalue
-must be a
-.BR "int *" .
+must be
+.BR "char ***" .
.TP
-.B LDAP_OPT_X_SASL_SSF_EXTERNAL
-Sets the SASL SSF value related to an authentication
-performed using an EXTERNAL mechanism;
-.BR invalue
+.B LDAP_OPT_X_SASL_NOCANON
+Sets/gets the NOCANON flag.
+When unset, the hostname is canonicalized.
+The value should either be
+.BR LDAP_OPT_OFF
+or
+.BR LDAP_OPT_ON .
+.TP
+.B LDAP_OPT_X_SASL_REALM
+Gets the SASL realm;
+.BR outvalue
must be a
-.BR "ber_len_t *" .
+.BR "char **" ,
+its content needs to be freed by the caller.
.TP
.B LDAP_OPT_X_SASL_SECPROPS
-Set the SASL secprops;
+Sets the SASL secprops;
.BR invalue
must be a
.BR "char *" ,
.BR noanonymous ,
.BR minssf=<minssf> ,
.BR maxssf=<maxssf> ,
-.BR maxbufsize=<maxbufsize> ,
-with
-.BR "minssf >= 0" ,
-.BR "maxssf <= 2**31 - 1" ,
-.BR "maxbufsize <= 65536" .
+.BR maxbufsize=<maxbufsize> .
.TP
-.B LDAP_OPT_X_SASL_SSF_MIN
-Gets/sets SASL minimum SSF;
-.BR invalue
-must be
-.BR "const ber_len_t *" ,
-while
+.B LDAP_OPT_X_SASL_SSF
+Gets the SASL SSF;
.BR outvalue
-must be
+must be a
+.BR "ber_len_t *" .
+.TP
+.B LDAP_OPT_X_SASL_SSF_EXTERNAL
+Sets the SASL SSF value related to an authentication
+performed using an EXTERNAL mechanism;
+.BR invalue
+must be a
.BR "ber_len_t *" .
-See also
-.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_SSF_MAX
Gets/sets SASL maximum SSF;
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
-.B LDAP_OPT_X_SASL_MAXBUFSIZE
-Gets/sets SASL maximum buffer size;
+.B LDAP_OPT_X_SASL_SSF_MIN
+Gets/sets SASL minimum SSF;
.BR invalue
must be
.BR "const ber_len_t *" ,
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
-.B LDAP_OPT_X_SASL_MECHLIST
-Gets the list of the available mechanisms,
-in form of a NULL-terminated array of strings;
-.BR outvalue
-must be
-.BR "char ***" .
-.TP
-.B LDAP_OPT_X_SASL_NOCANON
-Sets/gets the NOCANON flag.
-When unset, the hostname is canonicalized.
-The value should either be
-.BR LDAP_OPT_OFF
-or
-.BR LDAP_OPT_ON .
-.TP
.B LDAP_OPT_X_SASL_USERNAME
Gets the SASL username;
.BR outvalue
must be a
.BR "char **" .
-It points to memory that belongs to the handle;
-the caller must not muck with it.
+Its content needs to be freed by the caller.
.SH TLS OPTIONS
The TLS options are OpenLDAP specific.
+.\".TP
+.\".B LDAP_OPT_X_TLS
+.\"Sets/gets the TLS mode.
.TP
-.B LDAP_OPT_X_TLS
-Sets/gets the TLS mode, one of
-.BR LDAP_OPT_X_TLS_NEVER ,
-.BR LDAP_OPT_X_TLS_HARD ,
-.BR LDAP_OPT_X_TLS_DEMAND ,
-.BR LDAP_OPT_X_TLS_ALLOW ,
-.BR LDAP_OPT_X_TLS_TRY .
-.TP
-.B LDAP_OPT_X_TLS_CTX
-Sets/gets the OpenSSL CTX.
+.B LDAP_OPT_X_TLS_CACERTDIR
+Sets/gets the path of the directory containing CA certificates.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
.TP
.B LDAP_OPT_X_TLS_CACERTFILE
Sets/gets the full-path CA certificate file.
-.TP
-.B LDAP_OPT_X_TLS_CACERTDIR
-Sets/gets the path of the directory containing CA certificates.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
.TP
.B LDAP_OPT_X_TLS_CERTFILE
Sets/gets the full-path certificate file.
-.TP
-.B LDAP_OPT_X_TLS_KEYFILE
-Sets/gets the full-path certificate key file.
-.TP
-.B LDAP_OPT_X_TLS_REQUIRE_CERT
-Sets/gets the peer certificate checking strategy,
-one of
-.BR LDAP_OPT_X_TLS_NEVER ,
-.BR LDAP_OPT_X_TLS_HARD ,
-.BR LDAP_OPT_X_TLS_DEMAND ,
-.BR LDAP_OPT_X_TLS_ALLOW ,
-.BR LDAP_OPT_X_TLS_TRY .
-.TP
-.B LDAP_OPT_X_TLS_PROTOCOL_MIN
-Sets/gets the minimum protocol version.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
.TP
.B LDAP_OPT_X_TLS_CIPHER_SUITE
Sets/gets the allowed cipher suite.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
.TP
-.B LDAP_OPT_X_TLS_RANDOM_FILE
-Sets/gets the random file when
-.I /dev/random
-and
-.I /dev/urandom
-are not available.
-Ignored by GNUtls.
+.B LDAP_OPT_X_TLS_CONNECT_ARG
+Sets/gets the connection callback argument.
+.BR invalue
+must be
+.BR "const void *" ;
+.BR outvalue
+must be
+.BR "void **" .
.TP
-.B LDAP_OPT_X_TLS_SSL_CTX
-Sets/gets the OpenSSL SSL CTX.
+.B LDAP_OPT_X_TLS_CONNECT_CB
+Sets/gets the connection callback handle.
+.BR invalue
+must be
+.BR "const LDAP_TLS_CONNECT_CB *" ;
+.BR outvalue
+must be
+.BR "LDAP_TLS_CONNECT_CB **" .
.TP
.B LDAP_OPT_X_TLS_CRLCHECK
Sets/gets the CRL evaluation strategy, one of
.BR LDAP_OPT_X_TLS_CRL_PEER ,
or
.BR LDAP_OPT_X_TLS_CRL_ALL .
+.BR invalue
+must be
+.BR "const int *" ;
+.BR outvalue
+must be
+.BR "int *" .
Requires OpenSSL.
.TP
-.B LDAP_OPT_X_TLS_CONNECT_CB
-Sets/gets the connection callback.
-Currently not implemented.
+.B LDAP_OPT_X_TLS_CRLFILE
+Sets/gets the full-path of the CRL file.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
+This option is only valid for GNUtls.
.TP
-.B LDAP_OPT_X_TLS_CONNECT_ARG
-Sets/gets the connection callback argument.
-Currently not implemented.
+.B LDAP_OPT_X_TLS_CTX
+Sets/gets the OpenSSL CTX.
+.BR invalue
+must be
+.BR "const void *" ;
+.BR outvalue
+must be
+.BR "void **" .
.TP
.B LDAP_OPT_X_TLS_DHFILE
Gets/sets the full-path of the file containing the parameters
for Diffie-Hellman ephemeral key exchange.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
Ignored by GNUtls.
.TP
+.B LDAP_OPT_X_TLS_KEYFILE
+Sets/gets the full-path certificate key file.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
+.TP
.B LDAP_OPT_X_TLS_NEWCTX
Instructs the library to create a new TLS CTX.
-A non-zero
+.BR invalue
+must be
+.BR "const int *" .
+A non-zero value pointed to by
.BR invalue
tells the library to create a CTX for a server.
.TP
-.B LDAP_OPT_X_TLS_CRLFILE
-Sets/gets the full-path of the CRL file.
-This option is only valid for GNUtls.
+.B LDAP_OPT_X_TLS_PROTOCOL_MIN
+Sets/gets the minimum protocol version.
+.BR invalue
+must be
+.BR "const int *" ;
+.BR outvalue
+must be
+.BR "int *" .
+.TP
+.B LDAP_OPT_X_TLS_RANDOM_FILE
+Sets/gets the random file when
+.I /dev/random
+and
+.I /dev/urandom
+are not available.
+.BR invalue
+must be
+.BR "const char *" ;
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller.
+Ignored by GNUtls.
+.TP
+.B LDAP_OPT_X_TLS_REQUIRE_CERT
+Sets/gets the peer certificate checking strategy,
+one of
+.BR LDAP_OPT_X_TLS_NEVER ,
+.BR LDAP_OPT_X_TLS_HARD ,
+.BR LDAP_OPT_X_TLS_DEMAND ,
+.BR LDAP_OPT_X_TLS_ALLOW ,
+.BR LDAP_OPT_X_TLS_TRY .
+.TP
+.B LDAP_OPT_X_TLS_SSL_CTX
+Gets the OpenSSL SSL CTX;
+.BR outvalue
+must be
+.BR "void **" .
.SH ERRORS
On success, the functions return
.BR LDAP_OPT_SUCCESS ,
projects / openldap / commitdiff