2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2017 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (c) 1990 Regents of the University of Michigan.
16 * All rights reserved.
18 * Redistribution and use in source and binary forms are permitted
19 * provided that this notice is preserved and that due credit is given
20 * to the University of Michigan at Ann Arbor. The name of the University
21 * may not be used to endorse or promote products derived from this
22 * software without specific prior written permission. This software
23 * is provided ``as is'' without express or implied warranty.
32 /* include version and API feature defines */
33 #include <ldap_features.h>
37 #define LDAP_VERSION1 1
38 #define LDAP_VERSION2 2
39 #define LDAP_VERSION3 3
41 #define LDAP_VERSION_MIN LDAP_VERSION2
42 #define LDAP_VERSION LDAP_VERSION2
43 #define LDAP_VERSION_MAX LDAP_VERSION3
46 * We use 3000+n here because it is above 1823 (for RFC 1823),
47 * above 2000+rev of IETF LDAPEXT draft (now quite dated),
48 * yet below allocations for new RFCs (just in case there is
49 * someday an RFC produced).
51 #define LDAP_API_VERSION 3001
52 #define LDAP_VENDOR_NAME "OpenLDAP"
54 /* OpenLDAP API Features */
55 #define LDAP_API_FEATURE_X_OPENLDAP LDAP_VENDOR_VERSION
57 #if defined( LDAP_API_FEATURE_X_OPENLDAP_REENTRANT ) || \
58 ( defined( LDAP_THREAD_SAFE ) && \
59 defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )
60 /* -lldap may or may not be thread safe */
61 /* -lldap_r, if available, is always thread safe */
62 # define LDAP_API_FEATURE_THREAD_SAFE 1
63 # define LDAP_API_FEATURE_SESSION_THREAD_SAFE 1
64 # define LDAP_API_FEATURE_OPERATION_THREAD_SAFE 1
66 #if defined( LDAP_THREAD_SAFE ) && \
67 defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )
68 /* #define LDAP_API_FEATURE_SESSION_SAFE 1 */
69 /* #define LDAP_API_OPERATION_SESSION_SAFE 1 */
73 #define LDAP_PORT 389 /* ldap:/// default LDAP port */
74 #define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
76 #define LDAP_ROOT_DSE ""
77 #define LDAP_NO_ATTRS "1.1"
78 #define LDAP_ALL_USER_ATTRIBUTES "*"
79 #define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* RFC 3673 */
81 /* RFC 4511: maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- */
82 #define LDAP_MAXINT (2147483647)
86 * 0x0000 - 0x0fff reserved for api options
87 * 0x1000 - 0x3fff reserved for api extended options
88 * 0x4000 - 0x7fff reserved for private and experimental options
91 #define LDAP_OPT_API_INFO 0x0000
92 #define LDAP_OPT_DESC 0x0001 /* historic */
93 #define LDAP_OPT_DEREF 0x0002
94 #define LDAP_OPT_SIZELIMIT 0x0003
95 #define LDAP_OPT_TIMELIMIT 0x0004
96 /* 0x05 - 0x07 not defined */
97 #define LDAP_OPT_REFERRALS 0x0008
98 #define LDAP_OPT_RESTART 0x0009
99 /* 0x0a - 0x10 not defined */
100 #define LDAP_OPT_PROTOCOL_VERSION 0x0011
101 #define LDAP_OPT_SERVER_CONTROLS 0x0012
102 #define LDAP_OPT_CLIENT_CONTROLS 0x0013
103 /* 0x14 not defined */
104 #define LDAP_OPT_API_FEATURE_INFO 0x0015
105 /* 0x16 - 0x2f not defined */
106 #define LDAP_OPT_HOST_NAME 0x0030
107 #define LDAP_OPT_RESULT_CODE 0x0031
108 #define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE
109 #define LDAP_OPT_DIAGNOSTIC_MESSAGE 0x0032
110 #define LDAP_OPT_ERROR_STRING LDAP_OPT_DIAGNOSTIC_MESSAGE
111 #define LDAP_OPT_MATCHED_DN 0x0033
112 /* 0x0034 - 0x3fff not defined */
113 /* 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT */
114 #define LDAP_OPT_SSPI_FLAGS 0x0092
115 /* 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO */
116 /* 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG */
117 #define LDAP_OPT_SIGN 0x0095
118 #define LDAP_OPT_ENCRYPT 0x0096
119 #define LDAP_OPT_SASL_METHOD 0x0097
120 /* 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE */
121 #define LDAP_OPT_SECURITY_CONTEXT 0x0099
122 /* 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE */
123 /* 0x009B - 0x3fff not defined */
126 #define LDAP_OPT_API_EXTENSION_BASE 0x4000 /* API extensions */
128 /* private and experimental options */
129 /* OpenLDAP specific options */
130 #define LDAP_OPT_DEBUG_LEVEL 0x5001 /* debug level */
131 #define LDAP_OPT_TIMEOUT 0x5002 /* default timeout */
132 #define LDAP_OPT_REFHOPLIMIT 0x5003 /* ref hop limit */
133 #define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket level timeout */
134 #define LDAP_OPT_URI 0x5006
135 #define LDAP_OPT_REFERRAL_URLS 0x5007 /* Referral URLs */
136 #define LDAP_OPT_SOCKBUF 0x5008 /* sockbuf */
137 #define LDAP_OPT_DEFBASE 0x5009 /* searchbase */
138 #define LDAP_OPT_CONNECT_ASYNC 0x5010 /* create connections asynchronously */
139 #define LDAP_OPT_CONNECT_CB 0x5011 /* connection callbacks */
140 #define LDAP_OPT_SESSION_REFCNT 0x5012 /* session reference count */
142 /* OpenLDAP TLS options */
143 #define LDAP_OPT_X_TLS 0x6000
144 #define LDAP_OPT_X_TLS_CTX 0x6001 /* OpenSSL CTX* */
145 #define LDAP_OPT_X_TLS_CACERTFILE 0x6002
146 #define LDAP_OPT_X_TLS_CACERTDIR 0x6003
147 #define LDAP_OPT_X_TLS_CERTFILE 0x6004
148 #define LDAP_OPT_X_TLS_KEYFILE 0x6005
149 #define LDAP_OPT_X_TLS_REQUIRE_CERT 0x6006
150 #define LDAP_OPT_X_TLS_PROTOCOL_MIN 0x6007
151 #define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6008
152 #define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
153 #define LDAP_OPT_X_TLS_SSL_CTX 0x600a /* OpenSSL SSL* */
154 #define LDAP_OPT_X_TLS_CRLCHECK 0x600b
155 #define LDAP_OPT_X_TLS_CONNECT_CB 0x600c
156 #define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d
157 #define LDAP_OPT_X_TLS_DHFILE 0x600e
158 #define LDAP_OPT_X_TLS_NEWCTX 0x600f
159 #define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
160 #define LDAP_OPT_X_TLS_PACKAGE 0x6011
161 #define LDAP_OPT_X_TLS_ECNAME 0x6012
162 #define LDAP_OPT_X_TLS_VERSION 0x6013 /* read-only */
163 #define LDAP_OPT_X_TLS_CIPHER 0x6014 /* read-only */
164 #define LDAP_OPT_X_TLS_PEERCERT 0x6015 /* read-only */
165 #define LDAP_OPT_X_TLS_CACERT 0x6016
166 #define LDAP_OPT_X_TLS_CERT 0x6017
167 #define LDAP_OPT_X_TLS_KEY 0x6018
168 #define LDAP_OPT_X_TLS_PEERKEY_HASH 0x6019
170 #define LDAP_OPT_X_TLS_NEVER 0
171 #define LDAP_OPT_X_TLS_HARD 1
172 #define LDAP_OPT_X_TLS_DEMAND 2
173 #define LDAP_OPT_X_TLS_ALLOW 3
174 #define LDAP_OPT_X_TLS_TRY 4
176 #define LDAP_OPT_X_TLS_CRL_NONE 0
177 #define LDAP_OPT_X_TLS_CRL_PEER 1
178 #define LDAP_OPT_X_TLS_CRL_ALL 2
180 /* for LDAP_OPT_X_TLS_PROTOCOL_MIN */
181 #define LDAP_OPT_X_TLS_PROTOCOL(maj,min) (((maj) << 8) + (min))
182 #define LDAP_OPT_X_TLS_PROTOCOL_SSL2 (2 << 8)
183 #define LDAP_OPT_X_TLS_PROTOCOL_SSL3 (3 << 8)
184 #define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 ((3 << 8) + 1)
185 #define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 ((3 << 8) + 2)
186 #define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 ((3 << 8) + 3)
188 /* OpenLDAP SASL options */
189 #define LDAP_OPT_X_SASL_MECH 0x6100
190 #define LDAP_OPT_X_SASL_REALM 0x6101
191 #define LDAP_OPT_X_SASL_AUTHCID 0x6102
192 #define LDAP_OPT_X_SASL_AUTHZID 0x6103
193 #define LDAP_OPT_X_SASL_SSF 0x6104 /* read-only */
194 #define LDAP_OPT_X_SASL_SSF_EXTERNAL 0x6105 /* write-only */
195 #define LDAP_OPT_X_SASL_SECPROPS 0x6106 /* write-only */
196 #define LDAP_OPT_X_SASL_SSF_MIN 0x6107
197 #define LDAP_OPT_X_SASL_SSF_MAX 0x6108
198 #define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
199 #define LDAP_OPT_X_SASL_MECHLIST 0x610a /* read-only */
200 #define LDAP_OPT_X_SASL_NOCANON 0x610b
201 #define LDAP_OPT_X_SASL_USERNAME 0x610c /* read-only */
202 #define LDAP_OPT_X_SASL_GSS_CREDS 0x610d
204 /* OpenLDAP GSSAPI options */
205 #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT 0x6200
206 #define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL 0x6201
209 * OpenLDAP per connection tcp-keepalive settings
210 * (Linux only, ignored where unsupported)
212 #define LDAP_OPT_X_KEEPALIVE_IDLE 0x6300
213 #define LDAP_OPT_X_KEEPALIVE_PROBES 0x6301
214 #define LDAP_OPT_X_KEEPALIVE_INTERVAL 0x6302
216 /* Private API Extensions -- reserved for application use */
217 #define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000 /* Private API inclusive */
220 * ldap_get_option() and ldap_set_option() return values.
221 * As later versions may return other values indicating
222 * failure, current applications should only compare returned
223 * value against LDAP_OPT_SUCCESS.
225 #define LDAP_OPT_SUCCESS 0
226 #define LDAP_OPT_ERROR (-1)
228 /* option on/off values */
229 #define LDAP_OPT_ON ((void *) &ber_pvt_opt_on)
230 #define LDAP_OPT_OFF ((void *) 0)
232 typedef struct ldapapiinfo {
233 int ldapai_info_version; /* version of LDAPAPIInfo */
234 #define LDAP_API_INFO_VERSION (1)
235 int ldapai_api_version; /* revision of API supported */
236 int ldapai_protocol_version; /* highest LDAP version supported */
237 char **ldapai_extensions; /* names of API extensions */
238 char *ldapai_vendor_name; /* name of supplier */
239 int ldapai_vendor_version; /* supplier-specific version * 100 */
242 typedef struct ldap_apifeature_info {
243 int ldapaif_info_version; /* version of LDAPAPIFeatureInfo */
244 #define LDAP_FEATURE_INFO_VERSION (1) /* apifeature_info struct version */
245 char* ldapaif_name; /* LDAP_API_FEATURE_* (less prefix) */
246 int ldapaif_version; /* value of LDAP_API_FEATURE_... */
247 } LDAPAPIFeatureInfo;
250 * LDAP Control structure
252 typedef struct ldapcontrol {
253 char * ldctl_oid; /* numericoid of control */
254 struct berval ldctl_value; /* encoded value of control */
255 char ldctl_iscritical; /* criticality */
259 /* standard track controls */
260 #define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */
261 #define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18" /* RFC 4370 */
262 #define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */
264 #define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3"/* RFC 3876 */
266 #define LDAP_CONTROL_ASSERT "1.3.6.1.1.12" /* RFC 4528 */
267 #define LDAP_CONTROL_PRE_READ "1.3.6.1.1.13.1" /* RFC 4527 */
268 #define LDAP_CONTROL_POST_READ "1.3.6.1.1.13.2" /* RFC 4527 */
270 #define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */
271 #define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */
273 /* non-standard track controls */
274 #define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */
276 #define LDAP_CONTROL_AUTHZID_REQUEST "2.16.840.1.113730.4.16" /* RFC 3829 */
277 #define LDAP_CONTROL_AUTHZID_RESPONSE "2.16.840.1.113730.4.15" /* RFC 3829 */
279 /* LDAP Content Synchronization Operation -- RFC 4533 */
280 #define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1"
281 #define LDAP_CONTROL_SYNC LDAP_SYNC_OID ".1"
282 #define LDAP_CONTROL_SYNC_STATE LDAP_SYNC_OID ".2"
283 #define LDAP_CONTROL_SYNC_DONE LDAP_SYNC_OID ".3"
284 #define LDAP_SYNC_INFO LDAP_SYNC_OID ".4"
286 #define LDAP_SYNC_NONE 0x00
287 #define LDAP_SYNC_REFRESH_ONLY 0x01
288 #define LDAP_SYNC_RESERVED 0x02
289 #define LDAP_SYNC_REFRESH_AND_PERSIST 0x03
291 #define LDAP_SYNC_REFRESH_PRESENTS 0
292 #define LDAP_SYNC_REFRESH_DELETES 1
294 #define LDAP_TAG_SYNC_NEW_COOKIE ((ber_tag_t) 0x80U)
295 #define LDAP_TAG_SYNC_REFRESH_DELETE ((ber_tag_t) 0xa1U)
296 #define LDAP_TAG_SYNC_REFRESH_PRESENT ((ber_tag_t) 0xa2U)
297 #define LDAP_TAG_SYNC_ID_SET ((ber_tag_t) 0xa3U)
299 #define LDAP_TAG_SYNC_COOKIE ((ber_tag_t) 0x04U)
300 #define LDAP_TAG_REFRESHDELETES ((ber_tag_t) 0x01U)
301 #define LDAP_TAG_REFRESHDONE ((ber_tag_t) 0x01U)
302 #define LDAP_TAG_RELOAD_HINT ((ber_tag_t) 0x01U)
304 #define LDAP_SYNC_PRESENT 0
305 #define LDAP_SYNC_ADD 1
306 #define LDAP_SYNC_MODIFY 2
307 #define LDAP_SYNC_DELETE 3
308 #define LDAP_SYNC_NEW_COOKIE 4
310 /* LDAP Don't Use Copy Control (RFC 6171) */
311 #define LDAP_CONTROL_DONTUSECOPY "1.3.6.1.1.22"
313 /* Password policy Controls *//* work in progress */
314 /* ITS#3458: released; disabled by default */
315 #define LDAP_CONTROL_PASSWORDPOLICYREQUEST "1.3.6.1.4.1.42.2.27.8.5.1"
316 #define LDAP_CONTROL_PASSWORDPOLICYRESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"
318 /* various works in progress */
319 #define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.666.5.2"
320 #define LDAP_CONTROL_NO_SUBORDINATES "1.3.6.1.4.1.4203.666.5.11"
321 #define LDAP_CONTROL_RELAX "1.3.6.1.4.1.4203.666.5.12"
322 #define LDAP_CONTROL_MANAGEDIT LDAP_CONTROL_RELAX
323 #define LDAP_CONTROL_SLURP "1.3.6.1.4.1.4203.666.5.13"
324 #define LDAP_CONTROL_VALSORT "1.3.6.1.4.1.4203.666.5.14"
325 #define LDAP_CONTROL_X_DEREF "1.3.6.1.4.1.4203.666.5.16"
326 #define LDAP_CONTROL_X_WHATFAILED "1.3.6.1.4.1.4203.666.5.17"
328 /* LDAP Chaining Behavior Control *//* work in progress */
329 /* <draft-sermersheim-ldap-chaining>;
330 * see also LDAP_NO_REFERRALS_FOUND, LDAP_CANNOT_CHAIN */
331 #define LDAP_CONTROL_X_CHAINING_BEHAVIOR "1.3.6.1.4.1.4203.666.11.3"
333 #define LDAP_CHAINING_PREFERRED 0
334 #define LDAP_CHAINING_REQUIRED 1
335 #define LDAP_REFERRALS_PREFERRED 2
336 #define LDAP_REFERRALS_REQUIRED 3
338 /* MS Active Directory controls (for compatibility) */
339 #define LDAP_CONTROL_X_LAZY_COMMIT "1.2.840.113556.1.4.619"
340 #define LDAP_CONTROL_X_INCREMENTAL_VALUES "1.2.840.113556.1.4.802"
341 #define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
342 #define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
343 #define LDAP_CONTROL_X_SEARCH_OPTIONS "1.2.840.113556.1.4.1340"
344 #define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
345 #define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
346 #define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
348 /* MS Active Directory controls - not implemented in slapd(8) */
349 #define LDAP_CONTROL_X_EXTENDED_DN "1.2.840.113556.1.4.529"
351 /* <draft-wahl-ldap-session> */
352 #define LDAP_CONTROL_X_SESSION_TRACKING "1.3.6.1.4.1.21008.108.63.1"
353 #define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \
354 LDAP_CONTROL_X_SESSION_TRACKING ".1"
355 #define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_MULTI_SESSION_ID \
356 LDAP_CONTROL_X_SESSION_TRACKING ".2"
357 #define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \
358 LDAP_CONTROL_X_SESSION_TRACKING ".3"
359 /* various expired works */
361 /* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
362 #define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
363 #define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
364 #define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
365 #define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST
367 /* LDAP Persistent Search Control *//* not implemented in slapd(8) */
368 #define LDAP_CONTROL_PERSIST_REQUEST "2.16.840.1.113730.3.4.3"
369 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE "2.16.840.1.113730.3.4.7"
370 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_ADD 0x1
371 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_DELETE 0x2
372 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_MODIFY 0x4
373 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_RENAME 0x8
376 #define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
377 #define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
379 /* LDAP Unsolicited Notifications */
380 #define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 4511 */
381 #define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION
383 /* LDAP Extended Operations */
384 #define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" /* RFC 4511 */
386 #define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" /* RFC 3062 */
387 #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
388 #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U)
389 #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
390 #define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U)
392 #define LDAP_EXOP_CANCEL "1.3.6.1.1.8" /* RFC 3909 */
393 #define LDAP_EXOP_X_CANCEL LDAP_EXOP_CANCEL
395 #define LDAP_EXOP_REFRESH "1.3.6.1.4.1.1466.101.119.1" /* RFC 2589 */
396 #define LDAP_TAG_EXOP_REFRESH_REQ_DN ((ber_tag_t) 0x80U)
397 #define LDAP_TAG_EXOP_REFRESH_REQ_TTL ((ber_tag_t) 0x81U)
398 #define LDAP_TAG_EXOP_REFRESH_RES_TTL ((ber_tag_t) 0x81U)
400 #define LDAP_EXOP_VERIFY_CREDENTIALS "1.3.6.1.4.1.4203.666.6.5"
401 #define LDAP_EXOP_X_VERIFY_CREDENTIALS LDAP_EXOP_VERIFY_CREDENTIALS
403 #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ((ber_tag_t) 0x80U)
404 #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ((ber_tag_t) 0x81U)
405 #define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ((ber_tag_t) 0xa2U) /* context specific + constructed + 2 */
407 #define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* RFC 4532 */
408 #define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I
410 /* various works in progress */
411 #define LDAP_EXOP_TURN "1.3.6.1.1.19" /* RFC 4531 */
412 #define LDAP_EXOP_X_TURN LDAP_EXOP_TURN
414 /* LDAP Distributed Procedures <draft-sermersheim-ldap-distproc> */
415 /* a work in progress */
416 #define LDAP_X_DISTPROC_BASE "1.3.6.1.4.1.4203.666.11.6"
417 #define LDAP_EXOP_X_CHAINEDREQUEST LDAP_X_DISTPROC_BASE ".1"
418 #define LDAP_FEATURE_X_CANCHAINOPS LDAP_X_DISTPROC_BASE ".2"
419 #define LDAP_CONTROL_X_RETURNCONTREF LDAP_X_DISTPROC_BASE ".3"
420 #define LDAP_URLEXT_X_LOCALREFOID LDAP_X_DISTPROC_BASE ".4"
421 #define LDAP_URLEXT_X_REFTYPEOID LDAP_X_DISTPROC_BASE ".5"
422 #define LDAP_URLEXT_X_SEARCHEDSUBTREEOID \
423 LDAP_X_DISTPROC_BASE ".6"
424 #define LDAP_URLEXT_X_FAILEDNAMEOID LDAP_X_DISTPROC_BASE ".7"
425 #define LDAP_URLEXT_X_LOCALREF "x-localReference"
426 #define LDAP_URLEXT_X_REFTYPE "x-referenceType"
427 #define LDAP_URLEXT_X_SEARCHEDSUBTREE "x-searchedSubtree"
428 #define LDAP_URLEXT_X_FAILEDNAME "x-failedName"
430 #define LDAP_TXN "1.3.6.1.1.21" /* RFC 5805 */
431 #define LDAP_EXOP_TXN_START LDAP_X_TXN ".1"
432 #define LDAP_CONTROL_TXN_SPEC LDAP_X_TXN ".2"
433 #define LDAP_EXOP_TXN_END LDAP_X_TXN ".3"
434 #define LDAP_EXOP_TXN_ABORTED_NOTICE LDAP_X_TXN ".4"
436 #define LDAP_X_TXN LDAP_TXN
437 #define LDAP_EXOP_X_TXN_START LDAP_EXOP_TXN_START
438 #define LDAP_CONTROL_X_TXN_SPEC LDAP_CONTROL_TXN_SPEC
439 #define LDAP_EXOP_X_TXN_END LDAP_EXOP_TXN_END
440 #define LDAP_EXOP_X_TXN_ABORTED_NOTICE LDAP_EXOP_TXN_ABORTED_NOTICE
443 #define LDAP_FEATURE_ALL_OP_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* RFC 3673 */
444 #define LDAP_FEATURE_OBJECTCLASS_ATTRS \
445 "1.3.6.1.4.1.4203.1.5.2" /* @objectClass - new number to be assigned */
446 #define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3" /* (&) (|) */
447 #define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"
448 #define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"
449 #define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.1.14"
451 /* LDAP Experimental (works in progress) Features */
452 #define LDAP_FEATURE_SUBORDINATE_SCOPE \
453 "1.3.6.1.4.1.4203.666.8.1" /* "children" */
454 #define LDAP_FEATURE_CHILDREN_SCOPE LDAP_FEATURE_SUBORDINATE_SCOPE
457 * specific LDAP instantiations of BER types we know about
460 /* Overview of LBER tag construction
467 * 1 0 = CONTEXT-SPECIFIC
474 * | 5 ... 1 | TAG-NUMBER
478 #define LDAP_TAG_MESSAGE ((ber_tag_t) 0x30U) /* constructed + 16 */
479 #define LDAP_TAG_MSGID ((ber_tag_t) 0x02U) /* integer */
481 #define LDAP_TAG_LDAPDN ((ber_tag_t) 0x04U) /* octet string */
482 #define LDAP_TAG_LDAPCRED ((ber_tag_t) 0x04U) /* octet string */
484 #define LDAP_TAG_CONTROLS ((ber_tag_t) 0xa0U) /* context specific + constructed + 0 */
485 #define LDAP_TAG_REFERRAL ((ber_tag_t) 0xa3U) /* context specific + constructed + 3 */
487 #define LDAP_TAG_NEWSUPERIOR ((ber_tag_t) 0x80U) /* context-specific + primitive + 0 */
489 #define LDAP_TAG_EXOP_REQ_OID ((ber_tag_t) 0x80U) /* context specific + primitive */
490 #define LDAP_TAG_EXOP_REQ_VALUE ((ber_tag_t) 0x81U) /* context specific + primitive */
491 #define LDAP_TAG_EXOP_RES_OID ((ber_tag_t) 0x8aU) /* context specific + primitive */
492 #define LDAP_TAG_EXOP_RES_VALUE ((ber_tag_t) 0x8bU) /* context specific + primitive */
494 #define LDAP_TAG_IM_RES_OID ((ber_tag_t) 0x80U) /* context specific + primitive */
495 #define LDAP_TAG_IM_RES_VALUE ((ber_tag_t) 0x81U) /* context specific + primitive */
497 #define LDAP_TAG_SASL_RES_CREDS ((ber_tag_t) 0x87U) /* context specific + primitive */
499 /* LDAP Request Messages */
500 #define LDAP_REQ_BIND ((ber_tag_t) 0x60U) /* application + constructed */
501 #define LDAP_REQ_UNBIND ((ber_tag_t) 0x42U) /* application + primitive */
502 #define LDAP_REQ_SEARCH ((ber_tag_t) 0x63U) /* application + constructed */
503 #define LDAP_REQ_MODIFY ((ber_tag_t) 0x66U) /* application + constructed */
504 #define LDAP_REQ_ADD ((ber_tag_t) 0x68U) /* application + constructed */
505 #define LDAP_REQ_DELETE ((ber_tag_t) 0x4aU) /* application + primitive */
506 #define LDAP_REQ_MODDN ((ber_tag_t) 0x6cU) /* application + constructed */
507 #define LDAP_REQ_MODRDN LDAP_REQ_MODDN
508 #define LDAP_REQ_RENAME LDAP_REQ_MODDN
509 #define LDAP_REQ_COMPARE ((ber_tag_t) 0x6eU) /* application + constructed */
510 #define LDAP_REQ_ABANDON ((ber_tag_t) 0x50U) /* application + primitive */
511 #define LDAP_REQ_EXTENDED ((ber_tag_t) 0x77U) /* application + constructed */
513 /* LDAP Response Messages */
514 #define LDAP_RES_BIND ((ber_tag_t) 0x61U) /* application + constructed */
515 #define LDAP_RES_SEARCH_ENTRY ((ber_tag_t) 0x64U) /* application + constructed */
516 #define LDAP_RES_SEARCH_REFERENCE ((ber_tag_t) 0x73U) /* V3: application + constructed */
517 #define LDAP_RES_SEARCH_RESULT ((ber_tag_t) 0x65U) /* application + constructed */
518 #define LDAP_RES_MODIFY ((ber_tag_t) 0x67U) /* application + constructed */
519 #define LDAP_RES_ADD ((ber_tag_t) 0x69U) /* application + constructed */
520 #define LDAP_RES_DELETE ((ber_tag_t) 0x6bU) /* application + constructed */
521 #define LDAP_RES_MODDN ((ber_tag_t) 0x6dU) /* application + constructed */
522 #define LDAP_RES_MODRDN LDAP_RES_MODDN /* application + constructed */
523 #define LDAP_RES_RENAME LDAP_RES_MODDN /* application + constructed */
524 #define LDAP_RES_COMPARE ((ber_tag_t) 0x6fU) /* application + constructed */
525 #define LDAP_RES_EXTENDED ((ber_tag_t) 0x78U) /* V3: application + constructed */
526 #define LDAP_RES_INTERMEDIATE ((ber_tag_t) 0x79U) /* V3+: application + constructed */
528 #define LDAP_RES_ANY (-1)
529 #define LDAP_RES_UNSOLICITED (0)
533 #define LDAP_SASL_SIMPLE ((char*)0)
534 #define LDAP_SASL_NULL ("")
537 /* authentication methods available */
538 #define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */
539 #define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
540 #define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */
541 #define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */
542 #define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
543 #define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
545 /* used by the Windows API but not used on the wire */
546 #define LDAP_AUTH_NEGOTIATE ((ber_tag_t) 0x04FFU)
549 #define LDAP_FILTER_AND ((ber_tag_t) 0xa0U) /* context specific + constructed */
550 #define LDAP_FILTER_OR ((ber_tag_t) 0xa1U) /* context specific + constructed */
551 #define LDAP_FILTER_NOT ((ber_tag_t) 0xa2U) /* context specific + constructed */
552 #define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */
553 #define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */
554 #define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */
555 #define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */
556 #define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */
557 #define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */
558 #define LDAP_FILTER_EXT ((ber_tag_t) 0xa9U) /* context specific + constructed */
560 /* extended filter component types */
561 #define LDAP_FILTER_EXT_OID ((ber_tag_t) 0x81U) /* context specific */
562 #define LDAP_FILTER_EXT_TYPE ((ber_tag_t) 0x82U) /* context specific */
563 #define LDAP_FILTER_EXT_VALUE ((ber_tag_t) 0x83U) /* context specific */
564 #define LDAP_FILTER_EXT_DNATTRS ((ber_tag_t) 0x84U) /* context specific */
566 /* substring filter component types */
567 #define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
568 #define LDAP_SUBSTRING_ANY ((ber_tag_t) 0x81U) /* context specific */
569 #define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */
572 #define LDAP_SCOPE_BASE ((ber_int_t) 0x0000)
573 #define LDAP_SCOPE_BASEOBJECT LDAP_SCOPE_BASE
574 #define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001)
575 #define LDAP_SCOPE_ONE LDAP_SCOPE_ONELEVEL
576 #define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002)
577 #define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE
578 #define LDAP_SCOPE_SUBORDINATE ((ber_int_t) 0x0003) /* OpenLDAP extension */
579 #define LDAP_SCOPE_CHILDREN LDAP_SCOPE_SUBORDINATE
580 #define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */
582 /* substring filter component types */
583 #define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
584 #define LDAP_SUBSTRING_ANY ((ber_tag_t) 0x81U) /* context specific */
585 #define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */
590 #define LDAP_SUCCESS 0x00
592 #define LDAP_RANGE(n,x,y) (((x) <= (n)) && ((n) <= (y)))
594 #define LDAP_OPERATIONS_ERROR 0x01
595 #define LDAP_PROTOCOL_ERROR 0x02
596 #define LDAP_TIMELIMIT_EXCEEDED 0x03
597 #define LDAP_SIZELIMIT_EXCEEDED 0x04
598 #define LDAP_COMPARE_FALSE 0x05
599 #define LDAP_COMPARE_TRUE 0x06
600 #define LDAP_AUTH_METHOD_NOT_SUPPORTED 0x07
601 #define LDAP_STRONG_AUTH_NOT_SUPPORTED LDAP_AUTH_METHOD_NOT_SUPPORTED
602 #define LDAP_STRONG_AUTH_REQUIRED 0x08
603 #define LDAP_STRONGER_AUTH_REQUIRED LDAP_STRONG_AUTH_REQUIRED
604 #define LDAP_PARTIAL_RESULTS 0x09 /* LDAPv2+ (not LDAPv3) */
606 #define LDAP_REFERRAL 0x0a /* LDAPv3 */
607 #define LDAP_ADMINLIMIT_EXCEEDED 0x0b /* LDAPv3 */
608 #define LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c /* LDAPv3 */
609 #define LDAP_CONFIDENTIALITY_REQUIRED 0x0d /* LDAPv3 */
610 #define LDAP_SASL_BIND_IN_PROGRESS 0x0e /* LDAPv3 */
612 #define LDAP_ATTR_ERROR(n) LDAP_RANGE((n),0x10,0x15) /* 16-21 */
614 #define LDAP_NO_SUCH_ATTRIBUTE 0x10
615 #define LDAP_UNDEFINED_TYPE 0x11
616 #define LDAP_INAPPROPRIATE_MATCHING 0x12
617 #define LDAP_CONSTRAINT_VIOLATION 0x13
618 #define LDAP_TYPE_OR_VALUE_EXISTS 0x14
619 #define LDAP_INVALID_SYNTAX 0x15
621 #define LDAP_NAME_ERROR(n) LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
623 #define LDAP_NO_SUCH_OBJECT 0x20
624 #define LDAP_ALIAS_PROBLEM 0x21
625 #define LDAP_INVALID_DN_SYNTAX 0x22
626 #define LDAP_IS_LEAF 0x23 /* not LDAPv3 */
627 #define LDAP_ALIAS_DEREF_PROBLEM 0x24
629 #define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
631 #define LDAP_X_PROXY_AUTHZ_FAILURE 0x2F /* LDAPv3 proxy authorization */
632 #define LDAP_INAPPROPRIATE_AUTH 0x30
633 #define LDAP_INVALID_CREDENTIALS 0x31
634 #define LDAP_INSUFFICIENT_ACCESS 0x32
636 #define LDAP_SERVICE_ERROR(n) LDAP_RANGE((n),0x33,0x36) /* 51-54 */
638 #define LDAP_BUSY 0x33
639 #define LDAP_UNAVAILABLE 0x34
640 #define LDAP_UNWILLING_TO_PERFORM 0x35
641 #define LDAP_LOOP_DETECT 0x36
643 #define LDAP_UPDATE_ERROR(n) LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
645 #define LDAP_NAMING_VIOLATION 0x40
646 #define LDAP_OBJECT_CLASS_VIOLATION 0x41
647 #define LDAP_NOT_ALLOWED_ON_NONLEAF 0x42
648 #define LDAP_NOT_ALLOWED_ON_RDN 0x43
649 #define LDAP_ALREADY_EXISTS 0x44
650 #define LDAP_NO_OBJECT_CLASS_MODS 0x45
651 #define LDAP_RESULTS_TOO_LARGE 0x46 /* CLDAP */
652 #define LDAP_AFFECTS_MULTIPLE_DSAS 0x47
654 #define LDAP_VLV_ERROR 0x4C
656 #define LDAP_OTHER 0x50
658 /* LCUP operation codes (113-117) - not implemented */
659 #define LDAP_CUP_RESOURCES_EXHAUSTED 0x71
660 #define LDAP_CUP_SECURITY_VIOLATION 0x72
661 #define LDAP_CUP_INVALID_DATA 0x73
662 #define LDAP_CUP_UNSUPPORTED_SCHEME 0x74
663 #define LDAP_CUP_RELOAD_REQUIRED 0x75
665 /* Cancel operation codes (118-121) */
666 #define LDAP_CANCELLED 0x76
667 #define LDAP_NO_SUCH_OPERATION 0x77
668 #define LDAP_TOO_LATE 0x78
669 #define LDAP_CANNOT_CANCEL 0x79
671 /* Assertion control (122) */
672 #define LDAP_ASSERTION_FAILED 0x7A
674 /* Proxied Authorization Denied (123) */
675 #define LDAP_PROXIED_AUTHORIZATION_DENIED 0x7B
677 /* Experimental result codes */
678 #define LDAP_E_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF)
680 /* LDAP Sync (4096) */
681 #define LDAP_SYNC_REFRESH_REQUIRED 0x1000
684 /* Private Use result codes */
685 #define LDAP_X_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF)
687 #define LDAP_X_SYNC_REFRESH_REQUIRED 0x4100 /* defunct */
688 #define LDAP_X_ASSERTION_FAILED 0x410f /* defunct */
690 /* for the LDAP No-Op control */
691 #define LDAP_X_NO_OPERATION 0x410e
693 /* for the Chaining Behavior control (consecutive result codes requested;
694 * see <draft-sermersheim-ldap-chaining> ) */
695 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
696 #define LDAP_X_NO_REFERRALS_FOUND 0x4110
697 #define LDAP_X_CANNOT_CHAIN 0x4111
700 /* for Distributed Procedures (see <draft-sermersheim-ldap-distproc>) */
701 #ifdef LDAP_X_DISTPROC_BASE
702 #define LDAP_X_INVALIDREFERENCE 0x4112
706 #define LDAP_X_TXN_SPECIFY_OKAY 0x4120
707 #define LDAP_X_TXN_ID_INVALID 0x4121
712 * Based on draft-ietf-ldap-c-api-xx
713 * but with new negative code values
715 #define LDAP_API_ERROR(n) ((n)<0)
716 #define LDAP_API_RESULT(n) ((n)<=0)
718 #define LDAP_SERVER_DOWN (-1)
719 #define LDAP_LOCAL_ERROR (-2)
720 #define LDAP_ENCODING_ERROR (-3)
721 #define LDAP_DECODING_ERROR (-4)
722 #define LDAP_TIMEOUT (-5)
723 #define LDAP_AUTH_UNKNOWN (-6)
724 #define LDAP_FILTER_ERROR (-7)
725 #define LDAP_USER_CANCELLED (-8)
726 #define LDAP_PARAM_ERROR (-9)
727 #define LDAP_NO_MEMORY (-10)
728 #define LDAP_CONNECT_ERROR (-11)
729 #define LDAP_NOT_SUPPORTED (-12)
730 #define LDAP_CONTROL_NOT_FOUND (-13)
731 #define LDAP_NO_RESULTS_RETURNED (-14)
732 #define LDAP_MORE_RESULTS_TO_RETURN (-15) /* Obsolete */
733 #define LDAP_CLIENT_LOOP (-16)
734 #define LDAP_REFERRAL_LIMIT_EXCEEDED (-17)
735 #define LDAP_X_CONNECTING (-18)
739 * This structure represents both ldap messages and ldap responses.
740 * These are really the same, except in the case of search responses,
741 * where a response has multiple messages.
744 typedef struct ldapmsg LDAPMessage;
746 /* for modifications */
747 typedef struct ldapmod {
750 #define LDAP_MOD_OP (0x0007)
751 #define LDAP_MOD_ADD (0x0000)
752 #define LDAP_MOD_DELETE (0x0001)
753 #define LDAP_MOD_REPLACE (0x0002)
754 #define LDAP_MOD_INCREMENT (0x0003) /* OpenLDAP extension */
755 #define LDAP_MOD_BVALUES (0x0080)
756 /* IMPORTANT: do not use code 0x1000 (or above),
757 * it is used internally by the backends!
758 * (see ldap/servers/slapd/slap.h)
764 struct berval **modv_bvals;
766 #define mod_values mod_vals.modv_strvals
767 #define mod_bvalues mod_vals.modv_bvals
771 * structure representing an ldap session which can
772 * encompass connections to multiple servers (in the
773 * face of referrals).
775 typedef struct ldap LDAP;
777 #define LDAP_DEREF_NEVER 0x00
778 #define LDAP_DEREF_SEARCHING 0x01
779 #define LDAP_DEREF_FINDING 0x02
780 #define LDAP_DEREF_ALWAYS 0x03
782 #define LDAP_NO_LIMIT 0
784 /* how many messages to retrieve results for */
785 #define LDAP_MSG_ONE 0x00
786 #define LDAP_MSG_ALL 0x01
787 #define LDAP_MSG_RECEIVED 0x02
790 * types for ldap URL handling
792 typedef struct ldap_url_desc {
793 struct ldap_url_desc *lud_next;
805 #define LDAP_URL_SUCCESS 0x00 /* Success */
806 #define LDAP_URL_ERR_MEM 0x01 /* can't allocate memory space */
807 #define LDAP_URL_ERR_PARAM 0x02 /* parameter is bad */
809 #define LDAP_URL_ERR_BADSCHEME 0x03 /* URL doesn't begin with "ldap[si]://" */
810 #define LDAP_URL_ERR_BADENCLOSURE 0x04 /* URL is missing trailing ">" */
811 #define LDAP_URL_ERR_BADURL 0x05 /* URL is bad */
812 #define LDAP_URL_ERR_BADHOST 0x06 /* host port is bad */
813 #define LDAP_URL_ERR_BADATTRS 0x07 /* bad (or missing) attributes */
814 #define LDAP_URL_ERR_BADSCOPE 0x08 /* scope string is invalid (or missing) */
815 #define LDAP_URL_ERR_BADFILTER 0x09 /* bad or missing filter */
816 #define LDAP_URL_ERR_BADEXTS 0x0a /* bad or missing extensions */
819 * LDAP sync (RFC4533) API
822 typedef struct ldap_sync_t ldap_sync_t;
825 /* these are private - the client should never see them */
826 LDAP_SYNC_CAPI_NONE = -1,
828 LDAP_SYNC_CAPI_PHASE_FLAG = 0x10U,
829 LDAP_SYNC_CAPI_IDSET_FLAG = 0x20U,
830 LDAP_SYNC_CAPI_DONE_FLAG = 0x40U,
832 /* these are passed to ls_search_entry() */
833 LDAP_SYNC_CAPI_PRESENT = LDAP_SYNC_PRESENT,
834 LDAP_SYNC_CAPI_ADD = LDAP_SYNC_ADD,
835 LDAP_SYNC_CAPI_MODIFY = LDAP_SYNC_MODIFY,
836 LDAP_SYNC_CAPI_DELETE = LDAP_SYNC_DELETE,
838 /* these are passed to ls_intermediate() */
839 LDAP_SYNC_CAPI_PRESENTS = ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_PRESENT ),
840 LDAP_SYNC_CAPI_DELETES = ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_DELETE ),
842 LDAP_SYNC_CAPI_PRESENTS_IDSET = ( LDAP_SYNC_CAPI_PRESENTS | LDAP_SYNC_CAPI_IDSET_FLAG ),
843 LDAP_SYNC_CAPI_DELETES_IDSET = ( LDAP_SYNC_CAPI_DELETES | LDAP_SYNC_CAPI_IDSET_FLAG ),
845 LDAP_SYNC_CAPI_DONE = ( LDAP_SYNC_CAPI_DONE_FLAG | LDAP_SYNC_CAPI_PRESENTS )
846 } ldap_sync_refresh_t;
849 * Called when an entry is returned by ldap_result().
850 * If phase is LDAP_SYNC_CAPI_ADD or LDAP_SYNC_CAPI_MODIFY,
851 * the entry has been either added or modified, and thus
852 * the complete view of the entry should be in the LDAPMessage.
853 * If phase is LDAP_SYNC_CAPI_PRESENT or LDAP_SYNC_CAPI_DELETE,
854 * only the DN should be in the LDAPMessage.
856 typedef int (*ldap_sync_search_entry_f) LDAP_P((
859 struct berval *entryUUID,
860 ldap_sync_refresh_t phase ));
863 * Called when a reference is returned; the client should know
864 * what to do with it.
866 typedef int (*ldap_sync_search_reference_f) LDAP_P((
871 * Called when specific intermediate/final messages are returned.
872 * If phase is LDAP_SYNC_CAPI_PRESENTS or LDAP_SYNC_CAPI_DELETES,
873 * a "presents" or "deletes" phase begins.
874 * If phase is LDAP_SYNC_CAPI_DONE, a special "presents" phase
875 * with refreshDone set to "TRUE" has been returned, to indicate
876 * that the refresh phase of a refreshAndPersist is complete.
877 * In the above cases, syncUUIDs is NULL.
879 * If phase is LDAP_SYNC_CAPI_PRESENTS_IDSET or
880 * LDAP_SYNC_CAPI_DELETES_IDSET, syncUUIDs is an array of UUIDs
881 * that are either present or have been deleted.
883 typedef int (*ldap_sync_intermediate_f) LDAP_P((
887 ldap_sync_refresh_t phase ));
890 * Called when a searchResultDone is returned. In refreshAndPersist,
891 * this can only occur if the search for any reason is being terminated
894 typedef int (*ldap_sync_search_result_f) LDAP_P((
897 int refreshDeletes ));
900 * This structure contains all information about the persistent search;
901 * the caller is responsible for connecting, setting version, binding, tls...
904 /* conf search params */
915 /* helpers - add as appropriate */
916 ldap_sync_search_entry_f ls_search_entry;
917 ldap_sync_search_reference_f ls_search_reference;
918 ldap_sync_intermediate_f ls_intermediate;
919 ldap_sync_search_result_f ls_search_result;
921 /* set by the caller as appropriate */
927 /* --- the parameters below are private - do not modify --- */
929 /* FIXME: make the structure opaque, and provide an interface
930 * to modify the public values? */
936 /* needed by refreshOnly */
939 /* opaque - need to pass between sessions, updated by the API */
940 struct berval ls_cookie;
942 /* state variable - do not modify */
943 ldap_sync_refresh_t ls_refreshPhase;
947 * End of LDAP sync (RFC4533) API
951 * Connection callbacks...
956 /* Called after a connection is established */
957 typedef int (ldap_conn_add_f) LDAP_P(( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, struct sockaddr *addr,
958 struct ldap_conncb *ctx ));
959 /* Called before a connection is closed */
960 typedef void (ldap_conn_del_f) LDAP_P(( LDAP *ld, Sockbuf *sb, struct ldap_conncb *ctx ));
962 /* Callbacks are pushed on a stack. Last one pushed is first one executed. The
963 * delete callback is called with a NULL Sockbuf just before freeing the LDAP handle.
965 typedef struct ldap_conncb {
966 ldap_conn_add_f *lc_add;
967 ldap_conn_del_f *lc_del;
972 * The API draft spec says we should declare (or cause to be declared)
973 * 'struct timeval'. We don't. See IETF LDAPext discussions.
981 ldap_get_option LDAP_P((
987 ldap_set_option LDAP_P((
990 LDAP_CONST void *invalue));
992 /* V3 REBIND Function Callback Prototype */
993 typedef int (LDAP_REBIND_PROC) LDAP_P((
994 LDAP *ld, LDAP_CONST char *url,
995 ber_tag_t request, ber_int_t msgid,
999 ldap_set_rebind_proc LDAP_P((
1001 LDAP_REBIND_PROC *rebind_proc,
1004 /* V3 referral selection Function Callback Prototype */
1005 typedef int (LDAP_NEXTREF_PROC) LDAP_P((
1006 LDAP *ld, char ***refsp, int *cntp,
1010 ldap_set_nextref_proc LDAP_P((
1012 LDAP_NEXTREF_PROC *nextref_proc,
1015 /* V3 URLLIST Function Callback Prototype */
1016 typedef int (LDAP_URLLIST_PROC) LDAP_P((
1018 LDAPURLDesc **urllist,
1023 ldap_set_urllist_proc LDAP_P((
1025 LDAP_URLLIST_PROC *urllist_proc,
1033 ldap_create_control LDAP_P(( /* deprecated, use ldap_control_create */
1034 LDAP_CONST char *requestOID,
1037 LDAPControl **ctrlp ));
1039 LDAP_F( LDAPControl * )
1040 ldap_find_control LDAP_P(( /* deprecated, use ldap_control_find */
1041 LDAP_CONST char *oid,
1042 LDAPControl **ctrls ));
1046 ldap_control_create LDAP_P((
1047 LDAP_CONST char *requestOID,
1049 struct berval *value,
1051 LDAPControl **ctrlp ));
1053 LDAP_F( LDAPControl * )
1054 ldap_control_find LDAP_P((
1055 LDAP_CONST char *oid,
1056 LDAPControl **ctrls,
1057 LDAPControl ***nextctrlp ));
1060 ldap_control_free LDAP_P((
1061 LDAPControl *ctrl ));
1064 ldap_controls_free LDAP_P((
1065 LDAPControl **ctrls ));
1067 LDAP_F( LDAPControl ** )
1068 ldap_controls_dup LDAP_P((
1069 LDAPControl *LDAP_CONST *controls ));
1071 LDAP_F( LDAPControl * )
1072 ldap_control_dup LDAP_P((
1073 LDAP_CONST LDAPControl *c ));
1079 ldap_domain2dn LDAP_P((
1080 LDAP_CONST char* domain,
1084 ldap_dn2domain LDAP_P((
1085 LDAP_CONST char* dn,
1089 ldap_domain2hostlist LDAP_P((
1090 LDAP_CONST char *domain,
1097 ldap_extended_operation LDAP_P((
1099 LDAP_CONST char *reqoid,
1100 struct berval *reqdata,
1101 LDAPControl **serverctrls,
1102 LDAPControl **clientctrls,
1106 ldap_extended_operation_s LDAP_P((
1108 LDAP_CONST char *reqoid,
1109 struct berval *reqdata,
1110 LDAPControl **serverctrls,
1111 LDAPControl **clientctrls,
1113 struct berval **retdatap ));
1116 ldap_parse_extended_result LDAP_P((
1120 struct berval **retdatap,
1124 ldap_parse_intermediate LDAP_P((
1128 struct berval **retdatap,
1129 LDAPControl ***serverctrls,
1137 ldap_abandon_ext LDAP_P((
1140 LDAPControl **serverctrls,
1141 LDAPControl **clientctrls ));
1145 ldap_abandon LDAP_P(( /* deprecated, use ldap_abandon_ext */
1154 ldap_add_ext LDAP_P((
1156 LDAP_CONST char *dn,
1158 LDAPControl **serverctrls,
1159 LDAPControl **clientctrls,
1163 ldap_add_ext_s LDAP_P((
1165 LDAP_CONST char *dn,
1167 LDAPControl **serverctrls,
1168 LDAPControl **clientctrls ));
1172 ldap_add LDAP_P(( /* deprecated, use ldap_add_ext */
1174 LDAP_CONST char *dn,
1178 ldap_add_s LDAP_P(( /* deprecated, use ldap_add_ext_s */
1180 LDAP_CONST char *dn,
1189 ldap_sasl_bind LDAP_P((
1191 LDAP_CONST char *dn,
1192 LDAP_CONST char *mechanism,
1193 struct berval *cred,
1194 LDAPControl **serverctrls,
1195 LDAPControl **clientctrls,
1198 /* Interaction flags (should be passed about in a control)
1199 * Automatic (default): use defaults, prompt otherwise
1200 * Interactive: prompt always
1201 * Quiet: never prompt
1203 #define LDAP_SASL_AUTOMATIC 0U
1204 #define LDAP_SASL_INTERACTIVE 1U
1205 #define LDAP_SASL_QUIET 2U
1208 * V3 SASL Interaction Function Callback Prototype
1209 * when using Cyrus SASL, interact is pointer to sasl_interact_t
1210 * should likely passed in a control (and provided controls)
1212 typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
1213 LDAP *ld, unsigned flags, void* defaults, void *interact ));
1216 ldap_sasl_interactive_bind LDAP_P((
1218 LDAP_CONST char *dn, /* usually NULL */
1219 LDAP_CONST char *saslMechanism,
1220 LDAPControl **serverControls,
1221 LDAPControl **clientControls,
1223 /* should be client controls */
1225 LDAP_SASL_INTERACT_PROC *proc,
1228 /* as obtained from ldap_result() */
1229 LDAPMessage *result,
1231 /* returned during bind processing */
1236 ldap_sasl_interactive_bind_s LDAP_P((
1238 LDAP_CONST char *dn, /* usually NULL */
1239 LDAP_CONST char *saslMechanism,
1240 LDAPControl **serverControls,
1241 LDAPControl **clientControls,
1243 /* should be client controls */
1245 LDAP_SASL_INTERACT_PROC *proc,
1249 ldap_sasl_bind_s LDAP_P((
1251 LDAP_CONST char *dn,
1252 LDAP_CONST char *mechanism,
1253 struct berval *cred,
1254 LDAPControl **serverctrls,
1255 LDAPControl **clientctrls,
1256 struct berval **servercredp ));
1259 ldap_parse_sasl_bind_result LDAP_P((
1262 struct berval **servercredp,
1271 ldap_bind LDAP_P(( /* deprecated, use ldap_sasl_bind */
1273 LDAP_CONST char *who,
1274 LDAP_CONST char *passwd,
1278 ldap_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
1280 LDAP_CONST char *who,
1281 LDAP_CONST char *cred,
1288 ldap_simple_bind LDAP_P(( /* deprecated, use ldap_sasl_bind */
1290 LDAP_CONST char *who,
1291 LDAP_CONST char *passwd ));
1294 ldap_simple_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
1296 LDAP_CONST char *who,
1297 LDAP_CONST char *passwd ));
1306 ldap_compare_ext LDAP_P((
1308 LDAP_CONST char *dn,
1309 LDAP_CONST char *attr,
1310 struct berval *bvalue,
1311 LDAPControl **serverctrls,
1312 LDAPControl **clientctrls,
1316 ldap_compare_ext_s LDAP_P((
1318 LDAP_CONST char *dn,
1319 LDAP_CONST char *attr,
1320 struct berval *bvalue,
1321 LDAPControl **serverctrls,
1322 LDAPControl **clientctrls ));
1326 ldap_compare LDAP_P(( /* deprecated, use ldap_compare_ext */
1328 LDAP_CONST char *dn,
1329 LDAP_CONST char *attr,
1330 LDAP_CONST char *value ));
1333 ldap_compare_s LDAP_P(( /* deprecated, use ldap_compare_ext_s */
1335 LDAP_CONST char *dn,
1336 LDAP_CONST char *attr,
1337 LDAP_CONST char *value ));
1345 ldap_delete_ext LDAP_P((
1347 LDAP_CONST char *dn,
1348 LDAPControl **serverctrls,
1349 LDAPControl **clientctrls,
1353 ldap_delete_ext_s LDAP_P((
1355 LDAP_CONST char *dn,
1356 LDAPControl **serverctrls,
1357 LDAPControl **clientctrls ));
1361 ldap_delete LDAP_P(( /* deprecated, use ldap_delete_ext */
1363 LDAP_CONST char *dn ));
1366 ldap_delete_s LDAP_P(( /* deprecated, use ldap_delete_ext_s */
1368 LDAP_CONST char *dn ));
1376 ldap_parse_result LDAP_P((
1383 LDAPControl ***serverctrls,
1387 ldap_err2string LDAP_P((
1392 ldap_result2error LDAP_P(( /* deprecated, use ldap_parse_result */
1398 ldap_perror LDAP_P(( /* deprecated, use ldap_err2string */
1400 LDAP_CONST char *s ));
1408 ldap_gssapi_bind LDAP_P((
1410 LDAP_CONST char *dn,
1411 LDAP_CONST char *creds ));
1414 ldap_gssapi_bind_s LDAP_P((
1416 LDAP_CONST char *dn,
1417 LDAP_CONST char *creds ));
1424 ldap_modify_ext LDAP_P((
1426 LDAP_CONST char *dn,
1428 LDAPControl **serverctrls,
1429 LDAPControl **clientctrls,
1433 ldap_modify_ext_s LDAP_P((
1435 LDAP_CONST char *dn,
1437 LDAPControl **serverctrls,
1438 LDAPControl **clientctrls ));
1442 ldap_modify LDAP_P(( /* deprecated, use ldap_modify_ext */
1444 LDAP_CONST char *dn,
1448 ldap_modify_s LDAP_P(( /* deprecated, use ldap_modify_ext_s */
1450 LDAP_CONST char *dn,
1459 ldap_rename LDAP_P((
1461 LDAP_CONST char *dn,
1462 LDAP_CONST char *newrdn,
1463 LDAP_CONST char *newSuperior,
1465 LDAPControl **sctrls,
1466 LDAPControl **cctrls,
1470 ldap_rename_s LDAP_P((
1472 LDAP_CONST char *dn,
1473 LDAP_CONST char *newrdn,
1474 LDAP_CONST char *newSuperior,
1476 LDAPControl **sctrls,
1477 LDAPControl **cctrls ));
1481 ldap_rename2 LDAP_P(( /* deprecated, use ldap_rename */
1483 LDAP_CONST char *dn,
1484 LDAP_CONST char *newrdn,
1485 LDAP_CONST char *newSuperior,
1486 int deleteoldrdn ));
1489 ldap_rename2_s LDAP_P(( /* deprecated, use ldap_rename_s */
1491 LDAP_CONST char *dn,
1492 LDAP_CONST char *newrdn,
1493 LDAP_CONST char *newSuperior,
1494 int deleteoldrdn ));
1497 ldap_modrdn LDAP_P(( /* deprecated, use ldap_rename */
1499 LDAP_CONST char *dn,
1500 LDAP_CONST char *newrdn ));
1503 ldap_modrdn_s LDAP_P(( /* deprecated, use ldap_rename_s */
1505 LDAP_CONST char *dn,
1506 LDAP_CONST char *newrdn ));
1509 ldap_modrdn2 LDAP_P(( /* deprecated, use ldap_rename */
1511 LDAP_CONST char *dn,
1512 LDAP_CONST char *newrdn,
1513 int deleteoldrdn ));
1516 ldap_modrdn2_s LDAP_P(( /* deprecated, use ldap_rename_s */
1518 LDAP_CONST char *dn,
1519 LDAP_CONST char *newrdn,
1529 ldap_init LDAP_P(( /* deprecated, use ldap_create or ldap_initialize */
1530 LDAP_CONST char *host,
1534 ldap_open LDAP_P(( /* deprecated, use ldap_create or ldap_initialize */
1535 LDAP_CONST char *host,
1540 ldap_create LDAP_P((
1544 ldap_initialize LDAP_P((
1546 LDAP_CONST char *url ));
1553 ldap_connect( LDAP *ld );
1560 ldap_tls_inplace LDAP_P((
1564 ldap_start_tls LDAP_P((
1566 LDAPControl **serverctrls,
1567 LDAPControl **clientctrls,
1571 ldap_install_tls LDAP_P((
1575 ldap_start_tls_s LDAP_P((
1577 LDAPControl **serverctrls,
1578 LDAPControl **clientctrls ));
1583 LDAP_F( LDAPMessage * )
1584 ldap_first_message LDAP_P((
1586 LDAPMessage *chain ));
1588 LDAP_F( LDAPMessage * )
1589 ldap_next_message LDAP_P((
1591 LDAPMessage *msg ));
1594 ldap_count_messages LDAP_P((
1596 LDAPMessage *chain ));
1601 LDAP_F( LDAPMessage * )
1602 ldap_first_reference LDAP_P((
1604 LDAPMessage *chain ));
1606 LDAP_F( LDAPMessage * )
1607 ldap_next_reference LDAP_P((
1609 LDAPMessage *ref ));
1612 ldap_count_references LDAP_P((
1614 LDAPMessage *chain ));
1617 ldap_parse_reference LDAP_P((
1621 LDAPControl ***serverctrls,
1628 LDAP_F( LDAPMessage * )
1629 ldap_first_entry LDAP_P((
1631 LDAPMessage *chain ));
1633 LDAP_F( LDAPMessage * )
1634 ldap_next_entry LDAP_P((
1636 LDAPMessage *entry ));
1639 ldap_count_entries LDAP_P((
1641 LDAPMessage *chain ));
1644 ldap_get_entry_controls LDAP_P((
1647 LDAPControl ***serverctrls));
1653 LDAP_F( LDAPMessage * )
1654 ldap_delete_result_entry LDAP_P((
1659 ldap_add_result_entry LDAP_P((
1668 ldap_get_dn LDAP_P((
1670 LDAPMessage *entry ));
1672 typedef struct ldap_ava {
1673 struct berval la_attr;
1674 struct berval la_value;
1676 #define LDAP_AVA_NULL 0x0000U
1677 #define LDAP_AVA_STRING 0x0001U
1678 #define LDAP_AVA_BINARY 0x0002U
1679 #define LDAP_AVA_NONPRINTABLE 0x0004U
1680 #define LDAP_AVA_FREE_ATTR 0x0010U
1681 #define LDAP_AVA_FREE_VALUE 0x0020U
1686 typedef LDAPAVA** LDAPRDN;
1687 typedef LDAPRDN* LDAPDN;
1690 #define LDAP_DN_FORMAT_LDAP 0x0000U
1691 #define LDAP_DN_FORMAT_LDAPV3 0x0010U
1692 #define LDAP_DN_FORMAT_LDAPV2 0x0020U
1693 #define LDAP_DN_FORMAT_DCE 0x0030U
1694 #define LDAP_DN_FORMAT_UFN 0x0040U /* dn2str only */
1695 #define LDAP_DN_FORMAT_AD_CANONICAL 0x0050U /* dn2str only */
1696 #define LDAP_DN_FORMAT_LBER 0x00F0U /* for testing only */
1697 #define LDAP_DN_FORMAT_MASK 0x00F0U
1700 #define LDAP_DN_PRETTY 0x0100U
1701 #define LDAP_DN_SKIP 0x0200U
1702 #define LDAP_DN_P_NOLEADTRAILSPACES 0x1000U
1703 #define LDAP_DN_P_NOSPACEAFTERRDN 0x2000U
1704 #define LDAP_DN_PEDANTIC 0xF000U
1706 LDAP_F( void ) ldap_rdnfree LDAP_P(( LDAPRDN rdn ));
1707 LDAP_F( void ) ldap_dnfree LDAP_P(( LDAPDN dn ));
1716 ldap_str2dn LDAP_P((
1717 LDAP_CONST char *str,
1728 ldap_dn2str LDAP_P((
1734 ldap_bv2rdn LDAP_P((
1741 ldap_str2rdn LDAP_P((
1742 LDAP_CONST char *str,
1748 ldap_rdn2bv LDAP_P((
1754 ldap_rdn2str LDAP_P((
1760 ldap_dn_normalize LDAP_P((
1761 LDAP_CONST char *in, unsigned iflags,
1762 char **out, unsigned oflags ));
1765 ldap_dn2ufn LDAP_P(( /* deprecated, use ldap_str2dn/dn2str */
1766 LDAP_CONST char *dn ));
1769 ldap_explode_dn LDAP_P(( /* deprecated, ldap_str2dn */
1770 LDAP_CONST char *dn,
1774 ldap_explode_rdn LDAP_P(( /* deprecated, ldap_str2rdn */
1775 LDAP_CONST char *rdn,
1778 typedef int LDAPDN_rewrite_func
1779 LDAP_P(( LDAPDN dn, unsigned flags, void *ctx ));
1782 ldap_X509dn2bv LDAP_P(( void *x509_name, struct berval *dn,
1783 LDAPDN_rewrite_func *func, unsigned flags ));
1786 ldap_dn2dcedn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
1787 LDAP_CONST char *dn ));
1790 ldap_dcedn2dn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
1791 LDAP_CONST char *dce ));
1794 ldap_dn2ad_canonical LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
1795 LDAP_CONST char *dn ));
1798 ldap_get_dn_ber LDAP_P((
1799 LDAP *ld, LDAPMessage *e, BerElement **berout, struct berval *dn ));
1802 ldap_get_attribute_ber LDAP_P((
1803 LDAP *ld, LDAPMessage *e, BerElement *ber, struct berval *attr,
1804 struct berval **vals ));
1810 ldap_first_attribute LDAP_P((
1813 BerElement **ber ));
1816 ldap_next_attribute LDAP_P((
1825 LDAP_F( struct berval ** )
1826 ldap_get_values_len LDAP_P((
1829 LDAP_CONST char *target ));
1832 ldap_count_values_len LDAP_P((
1833 struct berval **vals ));
1836 ldap_value_free_len LDAP_P((
1837 struct berval **vals ));
1841 ldap_get_values LDAP_P(( /* deprecated, use ldap_get_values_len */
1844 LDAP_CONST char *target ));
1847 ldap_count_values LDAP_P(( /* deprecated, use ldap_count_values_len */
1851 ldap_value_free LDAP_P(( /* deprecated, use ldap_value_free_len */
1859 ldap_result LDAP_P((
1863 struct timeval *timeout,
1864 LDAPMessage **result ));
1867 ldap_msgtype LDAP_P((
1875 ldap_msgfree LDAP_P((
1879 ldap_msgdelete LDAP_P((
1888 ldap_bv2escaped_filter_value LDAP_P((
1890 struct berval *out ));
1893 ldap_search_ext LDAP_P((
1895 LDAP_CONST char *base,
1897 LDAP_CONST char *filter,
1900 LDAPControl **serverctrls,
1901 LDAPControl **clientctrls,
1902 struct timeval *timeout,
1907 ldap_search_ext_s LDAP_P((
1909 LDAP_CONST char *base,
1911 LDAP_CONST char *filter,
1914 LDAPControl **serverctrls,
1915 LDAPControl **clientctrls,
1916 struct timeval *timeout,
1918 LDAPMessage **res ));
1922 ldap_search LDAP_P(( /* deprecated, use ldap_search_ext */
1924 LDAP_CONST char *base,
1926 LDAP_CONST char *filter,
1931 ldap_search_s LDAP_P(( /* deprecated, use ldap_search_ext_s */
1933 LDAP_CONST char *base,
1935 LDAP_CONST char *filter,
1938 LDAPMessage **res ));
1941 ldap_search_st LDAP_P(( /* deprecated, use ldap_search_ext_s */
1943 LDAP_CONST char *base,
1945 LDAP_CONST char *filter,
1948 struct timeval *timeout,
1949 LDAPMessage **res ));
1956 ldap_unbind_ext LDAP_P((
1958 LDAPControl **serverctrls,
1959 LDAPControl **clientctrls));
1962 ldap_unbind_ext_s LDAP_P((
1964 LDAPControl **serverctrls,
1965 LDAPControl **clientctrls));
1968 ldap_destroy LDAP_P((
1973 ldap_unbind LDAP_P(( /* deprecated, use ldap_unbind_ext */
1977 ldap_unbind_s LDAP_P(( /* deprecated, use ldap_unbind_ext_s */
1985 ldap_put_vrFilter LDAP_P((
1994 ldap_memalloc LDAP_P((
1998 ldap_memrealloc LDAP_P((
2003 ldap_memcalloc LDAP_P((
2008 ldap_memfree LDAP_P((
2012 ldap_memvfree LDAP_P((
2016 ldap_strdup LDAP_P((
2017 LDAP_CONST char * ));
2020 ldap_mods_free LDAP_P((
2027 * in sort.c (deprecated, use custom code instead)
2029 typedef int (LDAP_SORT_AD_CMP_PROC) LDAP_P(( /* deprecated */
2030 LDAP_CONST char *left,
2031 LDAP_CONST char *right ));
2033 typedef int (LDAP_SORT_AV_CMP_PROC) LDAP_P(( /* deprecated */
2034 LDAP_CONST void *left,
2035 LDAP_CONST void *right ));
2037 LDAP_F( int ) /* deprecated */
2038 ldap_sort_entries LDAP_P(( LDAP *ld,
2039 LDAPMessage **chain,
2040 LDAP_CONST char *attr,
2041 LDAP_SORT_AD_CMP_PROC *cmp ));
2043 LDAP_F( int ) /* deprecated */
2044 ldap_sort_values LDAP_P((
2047 LDAP_SORT_AV_CMP_PROC *cmp ));
2049 LDAP_F( int ) /* deprecated */
2050 ldap_sort_strcasecmp LDAP_P((
2052 LDAP_CONST void *b ));
2059 ldap_is_ldap_url LDAP_P((
2060 LDAP_CONST char *url ));
2063 ldap_is_ldaps_url LDAP_P((
2064 LDAP_CONST char *url ));
2067 ldap_is_ldapi_url LDAP_P((
2068 LDAP_CONST char *url ));
2071 ldap_url_parse LDAP_P((
2072 LDAP_CONST char *url,
2073 LDAPURLDesc **ludpp ));
2076 ldap_url_desc2str LDAP_P((
2077 LDAPURLDesc *ludp ));
2080 ldap_free_urldesc LDAP_P((
2081 LDAPURLDesc *ludp ));
2085 * LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
2088 #define LDAP_API_FEATURE_CANCEL 1000
2091 ldap_cancel LDAP_P(( LDAP *ld,
2093 LDAPControl **sctrls,
2094 LDAPControl **cctrls,
2098 ldap_cancel_s LDAP_P(( LDAP *ld,
2100 LDAPControl **sctrl,
2101 LDAPControl **cctrl ));
2104 * LDAP Turn Extended Operation <draft-zeilenga-ldap-turn-xx.txt>
2107 #define LDAP_API_FEATURE_TURN 1000
2110 ldap_turn LDAP_P(( LDAP *ld,
2112 LDAP_CONST char* identifier,
2113 LDAPControl **sctrls,
2114 LDAPControl **cctrls,
2118 ldap_turn_s LDAP_P(( LDAP *ld,
2120 LDAP_CONST char* identifier,
2121 LDAPControl **sctrl,
2122 LDAPControl **cctrl ));
2125 * LDAP Paged Results
2128 #define LDAP_API_FEATURE_PAGED_RESULTS 2000
2131 ldap_create_page_control_value LDAP_P((
2134 struct berval *cookie,
2135 struct berval *value ));
2138 ldap_create_page_control LDAP_P((
2141 struct berval *cookie,
2143 LDAPControl **ctrlp ));
2147 ldap_parse_page_control LDAP_P((
2148 /* deprecated, use ldap_parse_pageresponse_control */
2150 LDAPControl **ctrls,
2152 struct berval **cookie ));
2156 ldap_parse_pageresponse_control LDAP_P((
2160 struct berval *cookie ));
2163 * LDAP Server Side Sort
2166 #define LDAP_API_FEATURE_SERVER_SIDE_SORT 2000
2168 /* structure for a sort-key */
2169 typedef struct ldapsortkey {
2170 char *attributeType;
2176 ldap_create_sort_keylist LDAP_P((
2177 LDAPSortKey ***sortKeyList,
2181 ldap_free_sort_keylist LDAP_P((
2182 LDAPSortKey **sortkeylist ));
2185 ldap_create_sort_control_value LDAP_P((
2187 LDAPSortKey **keyList,
2188 struct berval *value ));
2191 ldap_create_sort_control LDAP_P((
2193 LDAPSortKey **keyList,
2195 LDAPControl **ctrlp ));
2198 ldap_parse_sortresponse_control LDAP_P((
2202 char **attribute ));
2205 * LDAP Virtual List View
2208 #define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 2000
2210 /* structure for virtual list */
2211 typedef struct ldapvlvinfo {
2212 ber_int_t ldvlv_version;
2213 ber_int_t ldvlv_before_count;
2214 ber_int_t ldvlv_after_count;
2215 ber_int_t ldvlv_offset;
2216 ber_int_t ldvlv_count;
2217 struct berval * ldvlv_attrvalue;
2218 struct berval * ldvlv_context;
2219 void * ldvlv_extradata;
2223 ldap_create_vlv_control_value LDAP_P((
2225 LDAPVLVInfo *ldvlistp,
2226 struct berval *value));
2229 ldap_create_vlv_control LDAP_P((
2231 LDAPVLVInfo *ldvlistp,
2232 LDAPControl **ctrlp ));
2235 ldap_parse_vlvresponse_control LDAP_P((
2238 ber_int_t *target_posp,
2239 ber_int_t *list_countp,
2240 struct berval **contextp,
2244 * LDAP Verify Credentials
2246 #define LDAP_API_FEATURE_VERIFY_CREDENTIALS 1000
2249 ldap_verify_credentials LDAP_P((
2251 struct berval *cookie,
2252 LDAP_CONST char *dn,
2253 LDAP_CONST char *mechanism,
2254 struct berval *cred,
2255 LDAPControl **ctrls,
2256 LDAPControl **serverctrls,
2257 LDAPControl **clientctrls,
2261 ldap_verify_credentials_s LDAP_P((
2263 struct berval *cookie,
2264 LDAP_CONST char *dn,
2265 LDAP_CONST char *mechanism,
2266 struct berval *cred,
2267 LDAPControl **vcictrls,
2268 LDAPControl **serverctrls,
2269 LDAPControl **clientctrls,
2272 struct berval **scookie,
2273 struct berval **servercredp,
2274 LDAPControl ***vcoctrls));
2278 ldap_parse_verify_credentials LDAP_P((
2283 struct berval **cookie,
2284 struct berval **servercredp,
2285 LDAPControl ***vcctrls));
2287 /* not yet implemented */
2288 /* #define LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 1000 */
2289 #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE
2291 ldap_verify_credentials_interactive LDAP_P((
2293 LDAP_CONST char *dn, /* usually NULL */
2294 LDAP_CONST char *saslMechanism,
2295 LDAPControl **vcControls,
2296 LDAPControl **serverControls,
2297 LDAPControl **clientControls,
2299 /* should be client controls */
2301 LDAP_SASL_INTERACT_PROC *proc,
2305 /* as obtained from ldap_result() */
2306 LDAPMessage *result,
2308 /* returned during bind processing */
2317 #define LDAP_API_FEATURE_WHOAMI 1000
2320 ldap_parse_whoami LDAP_P((
2323 struct berval **authzid ));
2326 ldap_whoami LDAP_P(( LDAP *ld,
2327 LDAPControl **sctrls,
2328 LDAPControl **cctrls,
2332 ldap_whoami_s LDAP_P((
2334 struct berval **authzid,
2335 LDAPControl **sctrls,
2336 LDAPControl **cctrls ));
2339 * LDAP Password Modify
2342 #define LDAP_API_FEATURE_PASSWD_MODIFY 1000
2345 ldap_parse_passwd LDAP_P((
2348 struct berval *newpasswd ));
2351 ldap_passwd LDAP_P(( LDAP *ld,
2352 struct berval *user,
2353 struct berval *oldpw,
2354 struct berval *newpw,
2355 LDAPControl **sctrls,
2356 LDAPControl **cctrls,
2360 ldap_passwd_s LDAP_P((
2362 struct berval *user,
2363 struct berval *oldpw,
2364 struct berval *newpw,
2365 struct berval *newpasswd,
2366 LDAPControl **sctrls,
2367 LDAPControl **cctrls ));
2369 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
2371 * LDAP Password Policy controls
2374 #define LDAP_API_FEATURE_PASSWORD_POLICY 1000
2376 typedef enum passpolicyerror_enum {
2377 PP_passwordExpired = 0,
2378 PP_accountLocked = 1,
2379 PP_changeAfterReset = 2,
2380 PP_passwordModNotAllowed = 3,
2381 PP_mustSupplyOldPassword = 4,
2382 PP_insufficientPasswordQuality = 5,
2383 PP_passwordTooShort = 6,
2384 PP_passwordTooYoung = 7,
2385 PP_passwordInHistory = 8,
2387 } LDAPPasswordPolicyError;
2390 ldap_create_passwordpolicy_control LDAP_P((
2392 LDAPControl **ctrlp ));
2395 ldap_parse_passwordpolicy_control LDAP_P((
2400 LDAPPasswordPolicyError *errorp ));
2402 LDAP_F( const char * )
2403 ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
2404 #endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */
2407 * LDAP Dynamic Directory Services Refresh -- RFC 2589
2410 #define LDAP_API_FEATURE_REFRESH 1000
2413 ldap_parse_refresh LDAP_P((
2416 ber_int_t *newttl ));
2419 ldap_refresh LDAP_P(( LDAP *ld,
2422 LDAPControl **sctrls,
2423 LDAPControl **cctrls,
2427 ldap_refresh_s LDAP_P((
2432 LDAPControl **sctrls,
2433 LDAPControl **cctrls ));
2440 ldap_txn_start LDAP_P(( LDAP *ld,
2441 LDAPControl **sctrls,
2442 LDAPControl **cctrls,
2446 ldap_txn_start_s LDAP_P(( LDAP *ld,
2447 LDAPControl **sctrl,
2448 LDAPControl **cctrl,
2449 struct berval **rettxnid ));
2452 ldap_txn_end LDAP_P(( LDAP *ld,
2454 struct berval *txnid,
2455 LDAPControl **sctrls,
2456 LDAPControl **cctrls,
2460 ldap_txn_end_s LDAP_P(( LDAP *ld,
2462 struct berval *txnid,
2463 LDAPControl **sctrl,
2464 LDAPControl **cctrl,
2473 * initialize the persistent search structure
2475 LDAP_F( ldap_sync_t * )
2476 ldap_sync_initialize LDAP_P((
2480 * destroy the persistent search structure
2483 ldap_sync_destroy LDAP_P((
2488 * initialize a refreshOnly sync
2491 ldap_sync_init LDAP_P((
2496 * initialize a refreshOnly sync
2499 ldap_sync_init_refresh_only LDAP_P((
2503 * initialize a refreshAndPersist sync
2506 ldap_sync_init_refresh_and_persist LDAP_P((
2510 * poll for new responses
2513 ldap_sync_poll LDAP_P((
2516 #ifdef LDAP_CONTROL_X_SESSION_TRACKING
2522 ldap_create_session_tracking_value LDAP_P((
2524 char *sessionSourceIp,
2525 char *sessionSourceName,
2527 struct berval *sessionTrackingIdentifier,
2528 struct berval *value ));
2531 ldap_create_session_tracking_control LDAP_P((
2533 char *sessionSourceIp,
2534 char *sessionSourceName,
2536 struct berval *sessionTrackingIdentifier,
2537 LDAPControl **ctrlp ));
2540 ldap_parse_session_tracking_control LDAP_P((
2544 struct berval *name,
2546 struct berval *id ));
2548 #endif /* LDAP_CONTROL_X_SESSION_TRACKING */
2554 ldap_create_assertion_control_value LDAP_P((
2557 struct berval *value ));
2560 ldap_create_assertion_control LDAP_P((
2564 LDAPControl **ctrlp ));
2570 typedef struct LDAPDerefSpec {
2575 typedef struct LDAPDerefVal {
2578 struct LDAPDerefVal *next;
2581 typedef struct LDAPDerefRes {
2583 struct berval derefVal;
2584 LDAPDerefVal *attrVals;
2585 struct LDAPDerefRes *next;
2589 ldap_create_deref_control_value LDAP_P((
2592 struct berval *value ));
2595 ldap_create_deref_control LDAP_P((
2599 LDAPControl **ctrlp ));
2602 ldap_derefresponse_free LDAP_P((
2603 LDAPDerefRes *dr ));
2606 ldap_parse_derefresponse_control LDAP_P((
2609 LDAPDerefRes **drp ));
2612 ldap_parse_deref_control LDAP_P((
2614 LDAPControl **ctrls,
2615 LDAPDerefRes **drp ));
2618 * high level LDIF to LDAP structure support
2620 #define LDIF_DEFAULT_ADD 0x01 /* if changetype missing, assume LDAP_ADD */
2621 #define LDIF_ENTRIES_ONLY 0x02 /* ignore changetypes other than add */
2622 #define LDIF_NO_CONTROLS 0x04 /* ignore control specifications */
2624 typedef struct ldifrecord {
2625 ber_tag_t lr_op; /* type of operation - LDAP_REQ_MODIFY, LDAP_REQ_ADD, etc. */
2626 struct berval lr_dn; /* DN of operation */
2627 LDAPControl **lr_ctrls; /* controls specified for operation */
2628 /* some ops such as LDAP_REQ_DELETE require only a DN */
2629 /* other ops require different data - the ldif_ops union
2630 is used to specify the data for each type of operation */
2632 LDAPMod **lr_mods; /* list of mods for LDAP_REQ_MODIFY, LDAP_REQ_ADD */
2633 #define lrop_mods ldif_ops.lr_mods
2634 struct ldif_op_rename_s {
2635 struct berval lr_newrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
2636 #define lrop_newrdn ldif_ops.ldif_op_rename.lr_newrdn
2637 struct berval lr_newsuperior; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
2638 #define lrop_newsup ldif_ops.ldif_op_rename.lr_newsuperior
2639 int lr_deleteoldrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
2640 #define lrop_delold ldif_ops.ldif_op_rename.lr_deleteoldrdn
2641 } ldif_op_rename; /* rename/moddn/modrdn */
2642 /* the following are for future support */
2643 struct ldif_op_ext_s {
2644 struct berval lr_extop_oid; /* LDAP_REQ_EXTENDED */
2645 #define lrop_extop_oid ldif_ops.ldif_op_ext.lr_extop_oid
2646 struct berval lr_extop_data; /* LDAP_REQ_EXTENDED */
2647 #define lrop_extop_data ldif_ops.ldif_op_ext.lr_extop_data
2648 } ldif_op_ext; /* extended operation */
2649 struct ldif_op_cmp_s {
2650 struct berval lr_cmp_attr; /* LDAP_REQ_COMPARE */
2651 #define lrop_cmp_attr ldif_ops.ldif_op_cmp.lr_cmp_attr
2652 struct berval lr_cmp_bvalue; /* LDAP_REQ_COMPARE */
2653 #define lrop_cmp_bval ldif_ops.ldif_op_cmp.lr_cmp_bvalue
2654 } ldif_op_cmp; /* compare operation */
2656 /* PRIVATE STUFF - DO NOT TOUCH */
2657 /* for efficiency, the implementation allocates memory */
2658 /* in large blobs, and makes the above fields point to */
2659 /* locations inside those blobs - one consequence is that */
2660 /* you cannot simply free the above allocated fields, nor */
2661 /* assign them to be owned by another memory context which */
2662 /* might free them (unless providing your own mem ctx) */
2663 /* we use the fields below to keep track of those blobs */
2664 /* so we that we can free them later */
2665 void *lr_ctx; /* the memory context or NULL */
2668 unsigned char *lr_mops;
2670 struct berval *lr_vals;
2671 struct berval *lr_btype;
2674 /* free internal fields - does not free the LDIFRecord */
2676 ldap_ldif_record_done LDAP_P((
2680 ldap_parse_ldif_record LDAP_P((
2681 struct berval *rbuf,
2682 unsigned long linenum,
2685 unsigned int flags ));
2688 #endif /* _LDAP_H */
projects / openldap / blob