HP-UX Directory Server plug-in reference HP-UX Directory Server Version 8.
© Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents I Introduction to Directory Server plug-ins.....................................................................21 1 An overview of Directory Server plug-ins..............................................................23 1.1 What Are Directory Server plug-ins?........................................................................................23 1.2 How Directory Server plug-ins work........................................................................................23 1.2.
5 Front end API functions...........................................................................................49 5.1 Logging messages......................................................................................................................49 5.2 Adding notes to access log entries.............................................................................................49 5.3 Sending data to the client........................................................................................
8 Defining functions for authentication.....................................................................69 8.1 Understanding authentication methods....................................................................................69 8.2 How the Directory Server identifies clients...............................................................................69 8.3 How the authentication process works......................................................................................69 8.
11.4.5 Writing a filter index function..........................................................................................96 11.4.6 Getting and setting parameters in filter index functions.................................................96 11.4.7 Writing a filter matching function....................................................................................97 11.5 Handling sorting by matching rules........................................................................................98 11.
14.16 slapi_compute_callback_t.....................................................................................................127 14.17 slapi_compute_output_t.......................................................................................................128 14.18 Slapi_Connection..................................................................................................................129 14.19 Slapi_CondVar...................................................................................
18 Functions for setting internal operation flags...................................................165 18.1 slapi_add_entry_internal_set_pb().........................................................................................165 18.2 slapi_add_internal_set_pb()...................................................................................................165 18.3 slapi_delete_internal_set_pb()................................................................................................166 18.
20.18 slapi_be_set_flag()................................................................................................................188 20.19 slapi_be_set_instance_info().................................................................................................189 20.20 slapi_be_set_readonly()........................................................................................................189 20.21 slapi_be_setentrypoint().....................................................................
24.12 slapi_entry_attr_get_bool()...................................................................................................217 24.13 slapi_entry_attr_get_charptr()..............................................................................................218 24.14 slapi_entry_attr_get_charray().............................................................................................218 24.15 slapi_entry_attr_get_int().............................................................................
26.9 slapi_filter_get_type().............................................................................................................240 26.10 slapi_filter_join()...................................................................................................................240 26.11 slapi_filter_join_ex().............................................................................................................241 26.12 slapi_filter_list_first().......................................................
33 Functions for LDAPMod manipulation...............................................................265 33.1 slapi_entry2mods().................................................................................................................266 33.2 slapi_mod_add_value()..........................................................................................................267 33.3 slapi_mod_done()...............................................................................................................
34.2 slapi_op_get_type()................................................................................................................285 35 Functions for managing parameter block........................................................287 35.1 slapi_pblock_destroy()...........................................................................................................287 35.2 slapi_pblock_get().............................................................................................................
39 Functions for managing DNs.............................................................................309 39.1 slapi_dn_isroot().....................................................................................................................310 39.2 slapi_dn_normalize_case().....................................................................................................310 39.3 slapi_dn_normalize_to_end()............................................................................................
41.11 slapi_UTF8STRTOLOWER()................................................................................................331 41.12 slapi_utf8StrToUpper().........................................................................................................332 41.13 slapi_UTF8STRTOUPPER()..................................................................................................332 41.14 slapi_utf8ToLower()............................................................................................
44.4 slapi_vattr_value_compare()..................................................................................................354 44.5 slapi_vattr_values_free()........................................................................................................355 44.6 slapi_vattr_values_get()..........................................................................................................355 44.7 slapi_vattr_values_get_ex().....................................................................
51.7 slapi_task_get_data()..............................................................................................................379 51.8 slapi_task_get_refcount().......................................................................................................379 51.9 slapi_task_get_state().............................................................................................................380 51.10 slapi_task_inc_progress()................................................................
56 Parameters that convert strings to entries.........................................................403 57 Parameters for the add function........................................................................405 58 Parameters for the compare function................................................................407 59 Parameters for the delete function.....................................................................409 60 Parameters for the modify function...........................................
71 Parameters for the virtual attribute service........................................................433 VI Support and other resources...................................................................................435 72 Support and other resources.............................................................................437 72.1 Contacting HP........................................................................................................................437 72.1.
Part I Introduction to Directory Server plug-ins 21
1 An overview of Directory Server plug-ins This document describes the HP-UX Directory Server plug-ins. This chapter introduces you to HP-UX Directory Server plug-ins and discusses the different types of plug-ins that you can write. If you have already written a plug-in for Directory Server, refer to “Using Directory Server plug-in APIs” for information on migrating your plug-in to the latest version of Directory Server. 1.
In most plug-in function calls, the server passes a parameter block to the function. The parameter block contains data relevant to the operation. In most Directory Server plug-in functions you write, you access and modify the data in the parameter block. For example, when the Directory Server receives an LDAP add request, the server does the following: 1. 2. 3. 4. 5. Parses the request, and retrieves the new DN and the entry to be added. Places pointers to the DN and the entry in the parameter block.
Figure 1-1 Directory Server architecture 1.3 Types of Directory Server plug-ins You can write the following types of plug-ins for Directory Server: Preoperation/data validation The server calls a preoperation/data validation plug-in function before performing an LDAP operation. The main purpose of this type of plug-in is to validate data before the data is added to the directory or before it is used in an operation.
The server calls entry fetch plug-in functions after retrieving an entry from the database back end. For example, you can create an entry storage plug-in that encrypts an entry before it is saved to the database and an entry fetch plug-in that decrypts an entry after it is read from the database. Extended operation The server calls an extended operation plug-in function when the client requests an operation by OID.
Figure 1-2 Architecture of the Directory Server and server plug-ins 1.4 Using Directory Server plug-in APIs When using Directory Server plug-in APIs, you should be aware of the following: • • • • • Plug-in files and examples are installed separately from other Directory Server packages, and these files can be installed in any directory. The main header file is /opt/dirsrv/devel/include/slapi-plugin.h. Plug-in directives can be added to the /etc/opt/dirsrv/slapd-instance_name/dse.ldif file.
Netscape Portable Runtime (NSPR) PRNetADDr structure for storing the IP addresses. Because of this, the NSPR files are shipped with Directory Server. The NSPR API allows compliant applications to use system facilities such as threads, thread synchronization, I/O, interval timing, atomic operations, and several other low-level services in a platform-independent manner. 1.5 Deprecated functions and replacements Several functions have been deprecated in the Directory Server plug-in API.
Table 1-1 Deprecated functions and suggested replacements (continued) Deprecated function Suggested replacement function All these functions are designed to work with entry DNs, but they no longer work with the Slapi_DN structure. These DN functions have been deprecated. New DN management functions, slapi_sdn_*, have been added to slapi-plugin.h.
2 Writing and compiling plug-ins This chapter provides an introduction on how to write and compile HP-UX Directory Server. Chapter 3 “Configuring plug-ins” describes how to load the plug-in into the Directory Server configuration after it has been successfully compiled. If you have already written a plug-in for the Directory Server, see “Using Directory Server plug-in APIs” for information on migrating a custom plug-in to the latest version of Directory Server. 2.
2.1.3 Working with parameter blocks In the functions that you write, you set values in the parameter block that pertain to the operation you are performing. You can also get data from the parameter block that you can use within the plug-in functions. This process is described in “Getting data from the parameter block”. You can also set values in the parameter block during the processing of the plug-in functions.
int ldif_back_init( Slapi_PBlock *pb ) { LDIF *db; /* context of the database */ ... /* Allocate space for the database context, which contains information * about the database and a pointer to the list of entries. */ if ( slapi_pblock_set( pb, SLAPI_PRIVATE, (void *) db ) == -1 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "ldif_back_init" , "Unable to store database information\n" ); } ... } This example uses the “slapi_log_error()” function to notify the user if an error occurred.
NOTE: The initialization function should not do anything more than these three steps. To perform additional configuration or initialization, use a start function. This function is specified by using “slapi_pblock_set()” with the SLAPI_PLUGIN_START_FN parameter in the initialization function.
2.2.3 Registering your plug-in functions Whether the plug-in is registered through the initialization function depends on the type of function being registered. For some plug-in types, you do not need to register the plug-in function from within the initialization function. For example, you register entry store and entry fetch plug-ins by specifying the function names in the plugin directive in the dse.ldif file.
/* If a problem occurs, log an error message, return -1.*/ slapi_log_error(SLAPI_LOG_PLUGIN, "searchdn_preop_init" , "Error registeringfunction.\n" ); return( -1 ); } /* If the plug-in was successfully registered, log a * message and return 0. */ slapi_log_error( SLAPI_LOG_PLUGIN, "searchdn_preop_init" , "Plug-in successfully registered.\n" ); return( 0 ); } 2.
3 Configuring plug-ins After you compile your server plug-in, you need to configure the HP-UX Directory Server so that it correctly loads your plug-in. The following sections describe this process. 3.1 Creating a plug-in configuration file To add your plug-in to the Directory Server configuration, you need to create an LDIF representation of your plug-in entry, add the plug-in entry to the Directory Server configuration, and reload the server configuration.
• • • Line 10 uses the nsslapd-pluginid attribute to set the name of the plug-in. The name that you specify here will show up in the Directory Server Console. In this example, the plug-in identification is set to Example Preoperation Plug-in. Line 11 sets the version number of the plug-in. This version number is also displayed in the Directory Server Console and is used to track the version of the distributed plug-in.
3.1.2 Specifying the order of plug-in directives Generally speaking, you cannot rely on plug-ins being called in any particular order. For example, you cannot rely on a particular preoperation plug-in to be called before another. All plug-ins should be written so that they function correctly irrespective of the order in which they are called. If necessary, you can name the plug-ins to take advantage of the alphabetical order in which the server loads plug-ins.
Table 3-1 Directives for specifying different plug-in types (continued) Directive Description Example of use object Declares an object plug-in. Object plug-ins can install SLAPI_PLUGIN_START_FN, SLAPI_PLUGIN_CLOSE_FN, and SLAPI_PLUGIN_POSTSTART_FN functions. They can also use the slapi_register_plugin() call to register any other kind of plug-in. Object plug-ins are typically used to simplify configuration of a group of related plug-ins (one entry under cn=config instead of many).
Example 3-1 Extended operation plug-in dn: cn=Test ExtendedOp,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject cn: Test ExtendedOp nsslapd-pluginPath: /opt/dirsrv/devel/example/libtest-plugin.so nsslapd-pluginInitfunc: testexop_init nsslapd-pluginType: extendedop nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: test-extendedop nsslapd-pluginarg0: 1.2.3.
4 An example plug-in This chapter provides an example of a preoperation HP-UX Directory Server plug-in that you can compile and run. It provides both the source code and a Makefile that you can use to build the plug-in. Even though you may not understand all the functionality contained in the example, all the necessary concepts are explained in detail in the chapters that follow. The example shows how to create a preoperation plug-in for the LDAP search operation.
/* Set test_preop_search() as the function to call before * executing LDAP search operations. */ slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_SEARCH_FN, (void *) test_preop_search ) !=0 ) { /* Log an error message and return -1 if a problem occurred. */ slapi_log_error( SLAPI_LOG_PLUGIN, "test_preop_init" ,"Error regis\ tering the plug-in.\n" ); return( -1 ); } /* If successful, log a message and return 0 */ slapi_log_error( SLAPI_LOG_PLUGIN, "test_preop_init" ,"Plug-in success\ fully registered.
switch( deref ) { case LDAP_DEREF_NEVER: slapi_log_error( SLAPI_LOG_PLUGIN, "SLAPI_SEARCH_DEREF" ,"LDAP_DEREF_NEVER\n" ); break; case LDAP_DEREF_SEARCHING: slapi_log_error( SLAPI_LOG_PLUGIN, "SLAPI_SEARCH_DEREF" ,"LDAP_DEREF_SEARCHING\n" ); break; case LDAP_DEREF_FINDING: slapi_log_error( SLAPI_LOG_PLUGIN, "SLAPI_SEARCH_DEREF" ,"LDAP_DEREF_FINDING\n" ); break; case LDAP_DEREF_ALWAYS: slapi_log_error( SLAPI_LOG_PLUGIN, "SLAPI_SEARCH_DEREF" ,"LDAP_DEREF_ALWAYS\n" ); break; default: slapi_log_error( SLAPI_LOG_
3. 4. Shut down the Directory Server. Restart the Directory Server. To restart the Directory Server; you can either use the Directory Server Console or use the restart-slapd script. # /opt/dirsrv/slapd-instance_name/restart-slapd When you restart the Directory Server, it will read the entries in the dse.ldif file, which contains the entry for your new plug-in. It is a good idea to check the plug-ins list in the Directory Server Console to ensure that your plug-in loaded. 4.
Part II Writing functions and plug-ins 47
5 Front end API functions The HP-UX Directory Server (Directory Server) provides some general-purpose, front end API functions that allow you to work with the entries in the Directory Server. This chapter explains how to use the front end API functions to accomplish various tasks; you can call these functions in your plug-in to interact with the client (for example, to send results or result codes), log messages, and work with entries, attributes, and filters.
lapi_send_ldap_referral()For example, the following statement sends an LDAP_SUCCESS status code back to the client: slapi_send_ldap_result( pb, LDAP_SUCCESS, NULL, "The operation was pro\ cessed successfully.\n", 0, NULL ); Important: Ensure that you send only one result per operation to the client. 5.4 Determining if an operation was abandoned At any point in time, the client can choose to abandon an LDAP operation.
Table 5-1 Front end functions for manipulating entries and attributes (continued) Front end function Description “slapi_entry_first_attr()” Get the attributes of an entry. “slapi_entry_next_attr()” “slapi_entry_attr_find()” Find the values for a specified attribute. slapi_entry_attr_merge_sv() Merge an attribute and its values into an entry. slapi_entry_add_values_sv() Add values to an attribute in an entry. 5.5.1 Creating a new entry In some situations, you might need to create a new entry.
You can use the following functions to convert between the LDIF string representation of an entry and its Slapi_Entry data type: • To convert an entry from the Slapi_Entry data type to its LDIF string representation, call the “slapi_entry2str()” and “slapi_entry2str_with_options()” functions. This function returns the LDIF string representation of the entry, or NULL if an error occurs. When the string is no longer required, you should free it from memory by calling the slapi_ch_free_string() function.
5.5.3.3.2 Finding a specific attribute in an entry To determine if an entry contains a specific attribute, call the “slapi_entry_attr_find()” function. This function returns 0 if the entry contains the attribute, -1 if it does not. 5.5.3.4 Adding and removing values You can call front end routines to add or remove attributes and values in an entry. The front end provides the following functionality: • • • To add new values to an entry, call the slapi_entry_add_values_sv() function.
5.6.3 Getting the parent DN of a DN To get a copy of the parent DN for a DN, call either the slapi_sdn_get_parent() or the slapi_sdn_get_backend_parent() function. These functions return the parent DN of dn. If dn is a suffix served by the back end, slapi_sdn_get_backend_parent() returns NULL. When you are finished working with the parent DN, you should free it from memory by calling slapi_ch_free_string(). 5.6.
5.7.1 Determining if an entry matches a filter After retrieving a filter from the SLAPI_SEARCH_FILTER parameter of the parameter block, you can call the “slapi_filter_test()” function to determine if entries in your database match the filter. 5.7.2 Getting the filter type To determine the type of filter that you are using, call the “slapi_filter_get_choice()” function.
Note: You do not need to free the values returned by the “slapi_filter_get_ava()”, “slapi_filter_get_type()”, and “slapi_filter_get_subfilt()” functions. 5.7.4 Converting a string to a filter A search filter can be represented by either the data type “Slapi_Filter” or as a string. In a parameter block for a search operation, SLAPI_SEARCH_FILTER is a filter of the data type Slapi_Filter and SLAPI_SEARCH_STRFILTER is the string representation of that filter.
6 Writing pre- and postoperation plug-ins This chapter explains how to write functions that the HP-UX Directory Server (Directory Server) calls before and after executing an LDAP operation. These functions are called preoperation and postoperation plug-in functions. 6.
Figure 6-1 Calling preoperation and postoperation plug-in functions 6.2 Types of preoperation and postoperation functions Preoperation and postoperation functions are specified in a parameter block that you can set on server startup. Each function corresponds to an ID in the parameter block. In your initialization function, you can call the “slapi_pblock_set()” function to specify the name of your function that corresponds to the preoperation or postoperation function.
Table 6-1 Functions called before the Directory Server executes an operation (continued) ID in parameter nlock Description Further information “Processing an LDAP search SLAPI_PLUGIN_PRE_SEARCH_FN Specifies the function called before the Directory Server executes an LDAP search operation”. operation. SLAPI_PLUGIN_PRE_COMPARE_FN Specifies the function called before the Directory Server executes an LDAP compare operation.
Table 6-2 Functions called after the Directory Server executes an operation (continued) ID in parameter block Description Further information “Processing an LDAP search SLAPI_PLUGIN_POST_SEARCH_FN Specifies the function called after the Directory Server executes an LDAP search operation”. operation. SLAPI_PLUGIN_POST_COMPARE_FN Specifies the function called after the Directory Server executes an LDAP compare operation. “Processing an LDAP compare operation”.
7 Defining functions for LDAP operations This chapter explains how to write preoperation and postoperation functions for specific LDAP operations. In general, the functions outlined here use a parameter block to pass information between the plug-in and the HP-UX Directory Server. Because of this, these plug-in functions will pass a single argument, a parameter block defined by the data type Slapi_PBlock. Refer to “Passing data with parameter blocks” for more information. 7.
Table 7-1 Parameters for the bind operation (continued) Parameter ID Data type Description SLAPI_BIND_RET_SASLCREDS struct berval * The credentials that you want sent to the client. Set this before calling “slapi_send_ldap_result()”. SLAPI_BIND_SASLMECHANISM char * SASL mechanism used; for example, LDAP_SASL_EXTERNAL. If the SLAPI_BIND_SASLMECHANISM parameter is empty, simple authentication was used, and simple credentials were provided. 7.
If the base DN is not a DSE, the front end finds the back end that services the suffix specified in the base DN. The front end then passes the search criteria to the search function for that back end. The front end makes this information available to preoperation and postoperation plug-in functions in the form of parameters in a parameter block.
7.4.2 Iterating through candidates In addition to the parameters specified in “Processing an LDAP search operation”, the next entry function has access to the following parameters (which are set by the front end and the back end during the course of executing a search operation): Table 7-3 Information available to the next entry function Parameter ID Data type Description SLAPI_SEARCH_RESULT_SET void * Set of search results.
7.6 Processing an LDAP add operation When the Directory Server receives an LDAP add request from a client, the front end normalizes the DN of the new entry. The front end makes this information available to preoperation and postoperation plug-in functions in the form of parameters in a parameter block. Table 7-5 Information processed during an LDAP add operation Parameter ID Data type Description SLAPI_ADD_TARGET char * DN of the entry to be added.
Table 7-6 Information processed during an LDAP modify operation Parameter ID Data type Description SLAPI_MODIFY_TARGET char * DN of the entry to be modified. SLAPI_MODIFY_MODS LDAPMod ** A NULL-terminated array of LDAPMod structures, which represent the modifications to be performed on the entry. The modify function should check the following: • If the operation has been abandoned, the function should return -1.
Table 7-7 Information processed during an LDAP modify RDN operation Parameter ID Data type Description SLAPI_MODRDN_TARGET char * DN of the entry that you want to rename. SLAPI_MODRDN_NEWRDN char * New RDN to assign to the entry. SLAPI_MODRDN_DELOLDRDN int Specifies whether to delete the old RDN. • 0 = Do not delete the old RDN. • 1 = Delete the old RDN SLAPI_MODRDN_NEWSUPERIOR char * DN of the new parent of the entry, if the entry is being moved to a new location in the directory tree.
to preoperation and postoperation plug-in functions in the form of parameters in a parameter block. Table 7-8 Information processed during an LDAP delete operation Parameter ID Data type Description SLAPI_DELETE_TARGET char * DN of the entry to delete. If the delete function is successful, it should return 0. 7.10 Processing an LDAP abandon operation When the Directory Server receives an LDAP abandon request from a client, the front end gets the message ID of the operation that should be abandoned.
8 Defining functions for authentication This chapter explains how to write a plug-in function to bypass or replace the standard function for authentication with your own function. 8.1 Understanding authentication methods Authentication methods for LDAP is described in RFC 2829, which you can find at http:// www.ietf.org/rfc/rfc2251.
4. If the method of authentication is LDAP_AUTH_SASL (SASL authentication), the server determines whether the SASL mechanism (specified in the request) is supported. If the SASL mechanism is not supported by the server, the server sends an [LDAP_AUTH_METHOD_NOT_SUPPORTED] result code back to the client and ends the processing of the bind request. 5. If the method of authentication is LDAP_AUTH_SIMPLE (simple authentication), the server checks if the DN is an empty string or if there are no credentials.
• • If the function returns a nonzero value, the server ends the processing of the bind request. The bind function is responsible for sending the appropriate result code back to the client before returning a nonzero value. If the function returns 0, the server continues processing the bind request. The server sends the [LDAP_SUCCESS] result code back to the client. (The bind function does not do this.) 11.
Figure 8-1 Using a preoperation bind plug-in function to handle authentication Figure 8-2 “How your preoperation bind plug-in function can authenticate LDAP clients” illustrates the steps that your preoperation bind plug-in function must take to authenticate LDAP clients to the Directory Server. Figure 8-2 How your preoperation bind plug-in function can authenticate LDAP clients 8.5.1 Defining your authentication function The following sections cover guidelines for defining your authentication function.
Note: Refer to the following source file for an example of a preoperation plug-in function that handles authentication: /opt/dirsrv/devel/example/testbind.c 8.5.1.1 Getting and checking the bind parameters Call the “slapi_pblock_get()” function to get the values of the following parameters: • • • SLAPI_BIND_TARGET - A string value specifying the DN as which the client is attempting to authenticate.
• SHA The Secure Hashing Algorithm is used, and can be defined using the sha-password-storage-scheme plug-in. • SSHA The Salted Secure Hashing Algorithm is used, and can be defined using the ssha-password-storage-scheme plug-in. If you need to compare the client's credentials against the value of the userPassword attribute, you can call the slapi_pw_find_sv() function.
values of the SLAPI_BIND_METHOD parameter (such as LDAP_AUTH_SIMPLE and LDAP_AUTH_SASL) are integer values defined in the ldap.h header file. • If required, specify the credentials that you want sent back to the client. If the value of the SLAPI_BIND_METHOD parameter is LDAP_AUTH_SASL and you want to return a set of credentials to the client, call “slapi_pblock_set()” to set the SLAPI_BIND_RET_SASLCREDS parameter to the credentials. • Send the result of the authentication process back to the client.
Slapi_Entry **entries = NULL; Slapi_Attr *attr = NULL; /* Log a message to the server error log. */ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind" ,"Preoperation bind function called.\n" ); /* Gets parameters available when processing an LDAP bind operation.
/* Set the DN and the authentication method for the connection. */ if ( slapi_pblock_set( pb, SLAPI_CONN_DN, slapi_ch_strdup( dn ) ) != 0 || slapi_pblock_set( pb, SLAPI_CONN_AUTHTYPE, SLAPD_AUTH_SIMPLE ) != 0 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "testbind_init" , "Failed to set DN and auth method for connection\n" ); rc = LDAP_OPERATIONS_ERROR; break; } /* Send a "success" result code back to the client.
slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,(void *)&bindpdesc ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_BIND_FN,(void *) test_bind ) != 0 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "testbind_init" , "Failed to set version and function\n" ); return( -1 ); } return( 0 ); } 8.5.3.3 Registering the plug-in To register the plug-in, add the following to the end of the /etc/opt/dirsrv/slapd-instance_name/dse.
• • msgidp is a pointer to the message ID for this bind operation. To check the result of this operation, call the ldap_result() function and the ldap_parse_sasl_bind_result() function. servercredp is a pointer to a pointer to the berval structure containing any credentials returned by the server. These are the credentials that you set as the value of the SLAPI_BIND_RET_SASLCREDS parameter in your preoperation bind plug-in function.
char buf[ 128 ]; struct berval cred; struct berval *servcred; int version; /* get a handle to an LDAP connection */ if ( (ld = ldap_init( "localhost" , 389 )) == NULL ) { perror( "ldap_init" ); return( 1 ); } /* Set the LDAP protocol version supported by the client * to 3. (By default, this is set to 2. Extended operations * are part of version 3 of the LDAP protocol.) */ version = LDAP_VERSION3; ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ); /* authenticate */ cred.bv_val = "magic" ; cred.
9 Writing entry store/fetch plug-ins This chapter describes how to write entry store and entry fetch plug-ins. You can use these types of plug-ins to invoke functions before and after data is read from the default database. 9.1 How entry store/fetch plug-ins work Entry store plug-in functions are called before data is written to the database. Entry fetch plug-in functions are called after data is read from the default database.
Note: Refer to the following source file for example entry store and entry fetch plug-in functions: /opt/dirsrv/devel/example/testentry.c 9.3 Registering entry store/fetch functions Unlike most other types of plug-in functions, you do not set the function name in the parameter block in order to register an entry store or entry fetch plug-in function. Instead, you specify the function name directly in the server configuration file. Procedure 9-1 To register an entry store or entry fetch plug-in function: 1.
10 Writing extended operation plug-ins This chapter explains how to write plug-in functions to handle extended operations. Extended operations are defined in the LDAP v3 protocol. 10.1 How extended operation plug-ins work You can define your own operation that you want the HP-UX Directory Server to perform. If you create a custom extended operation, you assign an object identifier (OID) to identify that operation. LDAP clients request the operation by sending an extended operation request.
Typically, your function should perform an operation on the value specified in the SLAPI_EXT_OP_REQ_VALUE parameter. After the extended operation completes, your function should return a single value, according to the following: • If your function has sent a result code back to the client, you should return the value SLAPI_PLUGIN_EXTENDED_SENT_RESULT. This indicates that the front end does not need to send a result code.
/* Specify the function that the server should call */ slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_FN, (void*)extended_op ) != 0 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "extended_init" , "An error occurred.\n" ); return( -1 ); } slapi_log_error( SLAPI_LOG_PLUGIN, "extended_init" , "Plug-unsuccessfully registered.
11 Writing matching rule plug-ins This chapter explains how to write plug-in functions that handle matching rules. 11.1 Understanding matching rules A matching rule specifies how one or more attributes of a particular syntax should be compared against assertion values. For example, a matching rule that specifies a “sound-alike” comparison attempts to match values that sound like the specified value. Each matching rule is identified by a unique OID (for example, “1.2.3.4”).
11.2 Understanding matching rule plug-ins A matching rule plug-in can create filters that the server can use when handling extensible search filters. A matching rule plug-in can also create indexes to index entries for extensible searches. 11.2.1 Functions defined in matching rule plug-ins The matching rule plug-in consists of the following: • • • • • • • • • An indexer function. [Optional]. A filter function. A filter function that uses the index to speed up searches. [Optional].
11.2.3 How the server associates plug-ins with OIDs The server associates plug-ins with OIDs using the following process: • • • • When the server encounters the OID for a matching rule, it attempts to find the plug-in associated with that matching rule. If no plug-in is associated with the matching rule, the server calls each matching rule plug-in to find one that handles the specified matching rule.
• • The filter object specified in the SLAPI_PLUGIN_OBJECT parameter. The filter destructor function specified in the SLAPI_PLUGIN_DESTROY_FN parameter. Information specified in the filter object is used by both the filter index function and the filter matching function. 11.2.4 How the server uses parameter blocks The server uses parameter blocks as a means to pass information to and from plug-in functions.
• • • 4. 5. The server first verifies that the SLAPI_PLUGIN_MR_INDEX_FN parameter specifies an indexer function and the SLAPI_PLUGIN_MR_OID parameter specifies the official OID of the matching rule. If these are both set, the server sets the SLAPI_PLUGIN_MR_VALUES parameter to the array of berval structures containing the new or modified values that need to be indexed and calls the indexer function.
Table 11-1 Input and output parameters available to an indexer factory function Parameter name Data type Description SLAPI_PLUGIN_MR_OID char * Input parameter. Matching rule OID (if any) specified in the index directive. SLAPI_PLUGIN_MR_TYPE char * Input parameter. Attribute type (if any) specified in the index directive. SLAPI_PLUGIN_MR_USAGE unsigned int Input parameter. Specifies the intended use of the indexer object.
11.3.6 Getting and setting parameters in indexer functions The following table summarizes the different parameters that the indexer function should get and set in the parameter block that is passed in. Table 11-2 Input and output parameters available to an indexer function Parameter name Data type Description SLAPI_PLUGIN_MR_VALUES struct berval ** Input parameter. Pointer to an array of berval structures containing the values of the entry's attributes that need to be indexed.
d. SLAPI_PLUGIN_MR_INDEX_FN parameter) to generate the key (specified in the SLAPI_PLUGIN_MR_KEYS parameter). The server uses the keys and the query operator to find potential candidates in the indexes. The server considers all entries to be potential candidates if at least one of the following is true: • • • The matching rule plug-in has no indexer function (specified in the SLAPI_PLUGIN_MR_INDEX_FN parameter).
11.4.3 Writing a filter factory function The filter factory function takes a single Slapi_PBlock argument. This function should be thread-safe. The server may call this function concurrently. (Each incoming LDAP request is handled by a separate thread. Multiple threads may call this function if processing multiple requests that have extensible match filters.) The filter factory function should perform the following tasks: 1.
Table 11-4 Input and output parameters available to a filter factory function Parameter name Data type Description SLAPI_PLUGIN_MR_OID char * Input parameter. Matching rule OID (if any) specified in the extensible match filter. SLAPI_PLUGIN_MR_TYPE char * Input parameter. Attribute type (if any) specified in the extensible match filter. SLAPI_PLUGIN_MR_VALUE struct berval * Input parameter. Value specified in the extensible match filter. SLAPI_PLUGIN_PRIVATE void * Input parameter.
Table 11-5 Input and output parameters available to a filter index function Parameter name Data type Description SLAPI_PLUGIN_OBJECT void * Input and Output parameter. Pointer to the filter object created by the factory function. For details, refer to “Writing a filter factory function”. SLAPI_PLUGIN_MR_QUERY_OPERATOR int Output parameter.
11.5 Handling sorting by matching rules If you have set up indexing by a matching rule, you can also sort search results by that matching rule. The server can use the keys in the index to sort the search results. When processing a request to sort by a matching rule, the server does the following: 1. In a new Slapi_PBlock parameter block, the server sets the following parameters: • Sets the OID in the SLAPI_PLUGIN_MR_OID parameter.
In order to add your plug-in to that internal list, you need to write an initialization function. The initialization function takes a single Slapi_PBlock argument. The function should set the following parameters: • The SLAPI_PLUGIN_MR_FILTER_CREATE_FN parameter should be set to the filter factory function. Refer to “How the server handles the filter”, and “Writing a filter factory function”, for details.
nsslapd-pluginPath: /opt/dirsrv/devel/example/libtest-plugin.so nsslapd-pluginInitfunc: testmatchrule_init nsslapd-pluginType: matchingRule nsslapd-pluginEnabled: on nsslapd-pluginId: test-matchingrule nsslapd-pluginarg0: /etc/opt/dirsrv/slapd-host1/filename.conf 11.9 Specifying start and close functions For each matching rule operation plug-in, you can specify the name of a function to be called after the server starts and before the server is shut down.
12 Using the custom distribution logic The distribution plug-in provided with HP-UX Directory Server distributes a flat namespace, allowing you to associate several databases with a single suffix. 12.1 About distributing flat namespaces You can distribute entries located in a flat tree structure. Imagine you administer the directory for example.com, an ISP. The directory for example.
function and library are part of the entry for the dc=example,dc=com suffix and appear as follows: nsslapd-distribution-plugin: /path/to/a/shared/library nsslapd-distribution-funct: distribution-function-name Each time the server gets a request for a suffix that contains the distribution function, the function is called. The function then decides which database (back end) processes the request.
12.3 Adding the distribution function to your directory To declare the distribution function to your directory, you need to add multiple databases to a single suffix, then declare the distribution function in the suffix. These procedures assume you have already created a suffix and associated it with a single database. For the procedure on creating a new suffix and database, refer to the Creating Directory Entries chapter in the HP-UX Directory Server administrator guide.
The database name, given in the DN attribute, must correspond with one of the values in the nsslapd-back end attribute of the suffix entry. 12.3.2 Adding distribution logic to a suffix The distribution logic is a function declared in a suffix. This function is called for every operation reaching this suffix, including the subtree search operations that start above the suffix. You can add a distribution function to a suffix using both the Console and the command-line. 12.3.2.
The following directory contains the uncompiled C code examples: /opt/dirsrv/devel/ example This directory contains the distrib.c file, which contains three example functions (alpha_distribution, hash_distribution, and chaining_distribution) and a Makefile for compiling them. After you have compiled the source code, you will have the distrib-plugin.so file. 12.
13 Using data interoperability plug-ins This chapter explains how to use the Data Interoperability (DIOP) feature of the HP-UX Directory Server (Directory Server). The DIOP feature refers to Directory Server's ability to work with a proprietary database, instead of the default database created during installation.
Table 13-1 Plug-in status in DIOP-enabled Directory Server (continued) Plug-in name 1 Unsupported plug-ins 2 Plug-in name1 Unsupported plug-ins2 Boolean Syntax - Referential Integrity Postoperation X Case Exact String Syntax - Retro Changelog X Case Ignore String Syntax - Roles X chaining database X Space Insensitive Syntax - Class of Service X State Change X Country String Syntax - Telephone Syntax - Distinguished Name Syntax - UID Uniqueness X Generalized Time Syntax - UR
In the above figure, slapd-configInstance is the configuration Directory Server and slapd-diopInstance is the Directory Server instance with the DIOPplug-in turned on. • • The management and administration of slapd-configInstance is done through the corresponding Directory Server Console, accessible from within the Console. The management and administration of slapd-diopInstance is done by way of the Directory Server Console of the slapd-configInstance instance.
a. In the Directory Server Console, locate and double-click the entry for the second instance of Directory Server. This opens the Directory Server Console for the second instance. b. c. Select the Configuration tab, and expand Plugins. Disable each of these plug-ins listed in Table 13-1 “Plug-in status in DIOP-enabled Directory Server”. To disable a plug-in, select the plug-in, then, on the right panel, uncheck the Enable the Plugin option.
# /opt/dirsrv/slapd-instance_name/start-slapd 2. By using the ldapmmodify command. a. You can also add the above entry by running the ldapmodify command on the slapd-diopInstance server with the LDIF input file containing the above entry. For example, your command might look like this: # ldapmodify -h host -p port -w password \ -D cn=directory manager -vcaf ldif_file_containing_the_entry# After you add the above entry to the server configuration, the DIOP functionality is enabled in the server.
a. b. c. d. Shut down your DIOP-enabled Directory Server. Open the /etc/opt/dirsrv/slapd-instance_name/dse.ldif file in a text editor. Modify the cn=datainterop,cn=plugins,cn=config entry, which holds the plug-in information, with data from your proprietary database plug-in. After you have done the required changes, restart the server to load the modified configuration. # /opt/dirsrv/slapd-instance_name/start-slapd 3. If you want to delete the sample plug-in from the server: a.
Table 13-2 Elements of preoperation plug-in Element Description Description of the plug-in #define PLUGIN_NAME "nullsuffix-preop" static Slapi_PluginDesc plugindesc = { PLUGIN_NAME, PLUGIN_VENDOR, PLUGIN_VERSION, "sample preoperation null suffix plugin" }; Initialization of the plug-in nullsuffix_init( Slapi_PBlock *pb ) by the server In this function, all the callbacks are set up and will be called by the server for each LDAP operation.
4. set args -D /etc/opt/dirsrv/slapd-instance_name \ -i /var/opt/dirsrv/slapd-instance_name/run/slapd-instance_name.pid -d 0 5. 6. break user-defined-function-in-the-plugin run 13.5 Plug-in API reference This section contains reference information on APIs that enable the following: • • “Preserving the default behavior of the server” “Bypassing access control checks” 13.5.
Part III Data type and structure reference 115
14 Data type and structure reference This part summarizes the data types and structures that you can use when writing HP-UX Directory Server plug-in functions. 14.1 berval Represents binary data that is encoded using simplified Basic Encoding Rules (BER).
Table 14-2 Front end API functions for LDAP Controls To perform this action: Call this function: Append a control to the end of an array or to a new array. slapi_add_control_ext() Append an array of controls to the end of an array or to a new array. slapi_add_controls() Create an LDAPControl structure based on a BerElement, “slapi_build_control()” an OID, and a criticality flag. It returns an LDAP error code.
char *mail_values[] = { "bab@example.com" , NULL }; char *dn; ... /* Identify the entry that you want changed */ dn = "cn=Barbara Jensen, ou=Product Development, l=US, dc=example,dc=com" ; /* Specify that you want to replace the value of an attribute */ attribute1.mod_op = LDAP_MOD_REPLACE; /* Specify that you want to change the value of the mail attribute */ attribute1.mod_type = "mail" ; /* Specify the new value of the mail attribute */ attribute1.
Table 14-5 ldapmod field listing Field Description mod_op The operation to be performed on the attribute and the type of data specified as the attribute values. This field can have one of the following values: • #define LDAP_MOD_ADD 0x00 LDAP_MOD_ADD specifies to add the attribute values to the entry. • #define LDAP_MOD_DELETE 0x01 LDAP_MOD_DELETE specifies to remove the attribute values from the entry.
Table 14-6 mrFilterMatchFn parameter listing Parameter Description filter Pointer to the filter structure created by your filter factory function. Refer to “Writing a filter factory function” for more information. entry Pointer to the Slapi_Entry structure representing the candidate entry being checked by the server. attrs Pointer to the Slapi_Attr structure representing the first attribute in the entry. To iterate through the rest of the attributes in the entry, call slapi_entry_next_attr().
Parameters This typedef takes the following parameters: Table 14-9 plugin_result_callback parameters rc The LDAP result code of the internal operation; for example, LDAP_SUCCESS. callback_data This value matches the callback_data pointer that was passed to the original internal operation function. Returns The following table lists this function's possible return values. Table 14-10 plugin_result_callback return values Return value Description 0 Success -1 An error occurred.
14.9 send_ldap_referral_fn_ptr_t send_ldap_referral_fn_ptr_t specifies the prototype for a callback function that you can write to send LDAPv3 referrals (search result references) back to the client. You can register your function so that it is called whenever the slapi_send_ldap_result() function is called. Syntax #include "slapi-plugin.
nentries When sending back the result code for an LDAP search operation, use this argument to specify the number of matching entries found. urls When sending back an LDAP_PARTIAL_RESULTS result code to an LDAPv2 client or an LDAP_REFERRAL result code to an LDAPv3 client, use this argument to specify the array of berval structures containing the referral URLs. Description The slapi_send_ldap_result() function is responsible for sending LDAP result codes back to the client.
attributes. The following table summarizes the front end API functions that you can call to work with attributes. To: Call this function: Add an attribute value. “slapi_attr_add_value()” Return the base type of an attribute. “slapi_attr_basetype()” Duplicate an attribute. “slapi_attr_dup()” Get the first value of an attribute. “slapi_attr_first_value()” Determine if certain flags are set. “slapi_attr_flag_is_set()” Free an attribute.
Description Slapi_Back end is the data type for an opaque structure that represents a back end operation. The following table summarizes the front end API functions that you can call to work with the back end operations. To: Call this function: Add the specified suffix to the given back end and increment the back end's suffix count. “slapi_be_addsuffix()” Set the flag to denote that the back end will be deleted on “slapi_be_delete_onexit()” exiting.
To: Call this function: Return the DN of the next root suffix of the DIT. “slapi_get_next_suffix()” Check if a suffix is a root suffix of the DIT. “slapi_is_root_suffix()” 14.14 slapi_back end_state_change_fnptr slapi_back end_state_change_fnptr specifies the prototype for a callback function, which allows a plug-in to register for callback when a back end state changes. Syntax #include "slapi-plugin.
e Pointer to the Slapi_Entry structure representing the entry to be sent back to the client. outputfn Pointer to the slapi_compute_output_t function responsible for BER-encoding the computed attribute and for adding it to the BER element to be sent to the client. Returns One of the following values: • -1 if the function is not responsible for generating the computed attribute. • 0 if the function successfully generates the computed attribute. • An LDAP error code if an error occurred.
14.18 Slapi_Connection Represents a connection. Syntax #include "slapi-plugin.h" typedef struct conn Slapi_Connection; Description Slapi_Connection is the data type for an opaque structure that represents a connection. 14.19 Slapi_CondVar Represents a condition variable in a directory entry. Syntax #include "slapi-plugin.h" typedef struct slapi_condvar Slapi_CondVar; Description Slapi_CondVar is the data type for an opaque structure that represents a synchronization lock in the server plug-in.
Table 14-13 Functions for Slapi_Counter (continued) To: Call this function: Add a certain amount to the counter value. slapi_counter_add() Subtract a certain amount from the counter value. slapi_counter_subtract() Set the counter to a new, specified value and returns the updated value. slapi_counter_set_value() Get the current value of the counter. slapi_counter_get_value() Destroy an existing counter. slapi_counter_destroy() 14.21 Slapi_DN Represents a distinguished name in a directory entry.
To: Call this function: Check if there is a DN value stored in a Slapi_DN structure. “slapi_sdn_isempty()” Check if a DN is the parent of the parent of a DN. “slapi_sdn_isgrandparent()” Check if a DN is the parent of a DN. slapi_sdn_isparent() Check if a Slapi_DN structure contains a suffix of another. slapi_sdn_issuffix() Allocate new Slapi_DN structure. “slapi_sdn_new()” Create a new Slapi_DN structure. “slapi_sdn_new_dn_byref()” Create a new Slapi_DN structure.
To: Call this function: Allocate memory for an entry structure. “slapi_entry_alloc()” Applies an array of LDAPMod to a Slapi_Entry. “slapi_entry_apply_mods()” Delete an attribute from an entry. “slapi_entry_attr_delete()” Check if an entry contains a specific attribute. “slapi_entry_attr_find()” Get the first value as a string. “slapi_entry_attr_get_charptr()” Get the values of a multi-valued attribute of an entry. “slapi_entry_attr_get_charray()” Get the first value as an integer.
To: Call this function: Set the DN of an entry. “slapi_entry_set_dn()” Set the Slapi_DN value in an entry. “slapi_entry_set_sdn()” Set the unique ID in an entry. “slapi_entry_set_uniqueid()” Return the size of an entry. “slapi_entry_size()” Determine if an entry is the root DSE. “slapi_is_rootdse()” Convert an LDIF description into an entry. “slapi_str2entry()” See also Slapi_Attr 14.23 Slapi_Filter Represents a search filter. Syntax #include "slapi-plugin.
static Slapi_MatchingRuleEntry integerMatch = { INTEGERMATCH_OID, NULL /* no alias? */, "integerMatch", "The rule evaluates to TRUE if and only if the attribute value and the assertion value are the same integer value.", INTEGER_SYNTAX_OID, 0 /* not obsolete */ }; ... int int_init( Slapi_PBlock *pb ) { int rc; ... rc = slapi_matchingrule_register(&integerMatch); ...
#include "slapi-plugin.h" typedef struct slapi_mod Slapi_Mod; Description Slapi_Mod is the data type for an opaque structure that represents LDAPMod modifications to an attribute in a directory entry. The following table summarizes the front end API functions that you can call to manipulate directory entries. To: Call this function: Add a value to a Slapi_Mod structure. “slapi_mod_add_value()” Free internals of Slapi_Mod structure. “slapi_mod_done()” Dump the contents of an LDAPMod to the server log.
Description Slapi_Mods is the data type for an opaque structure that represents LDAPMod manipulations that can be made to a directory entry. The following table summarizes the front end API functions that you can call to manipulate directory entries. To: Call this function: Create a Slapi_Entry from an array of LDAPMod. “slapi_mods2entry()” Append a new mod with a single attribute value to Slapi_Mods structure. “slapi_mods_add()” Append an LDAPMod to a Slapi_Mods structure.
See also LDAPMod and Slapi_Mod 14.27 Slapi_Mutex Represents a mutually exclusive lock in the server plug-in. Syntax #include "slapi-plugin.h" typedef struct slapi_mutex Slapi_Mutex; Description Slapi_Mutex is the data type for an opaque structure that represents a mutual exclusive lock (mutex) in the server plug-in. The following table summarizes the front end API functions that you can call to work with mutually exclusive locks. To: Call this function: Destroy a mutex.
parameters of the Slapi_PBlock structure. You can call slapi_pblock_get() to get the DN and credentials of the client requesting authentication. For plug-in initialization functions, you can use the Slapi_PBlock structure to pass information to the server, such as the description of your plug-in and the names of your plug-in functions. You can set the value of a parameter by calling the slapi_pblock_set() function.
To: Call this function: Perform an internal sequential access operation. “slapi_seq_internal_callback_pb()” Set up a parameter block for use by “slapi_seq_internal_set_pb()” slapi_seq_internal_callback_pb() for an internal, sequential-access operation. 14.30 Slapi_PluginDesc Represents information about a server plug-in.
To: Call this function: Check if a Slapi_RDN structure contains any RDN matching a given type. “slapi_rdn_contains_attr()” Clear a Slapi_RDN structure. “slapi_rdn_done()” Free a Slapi_RDN structure. “slapi_rdn_free()” Get the type/value pair of the first RDN. “slapi_rdn_get_first()” Get the index of the RDN. “slapi_rdn_get_index()” Get the position and the attribute value of the first RDN. Get the RDN type/value pair from the RDN. “slapi_rdn_get_next()” Get the number of RDN type/value pairs.
Associated typedefs There are two additional typedef declarations associated with the Slapi_Task structure. Table 14-15 typedefs for the Slapi_Task structure typedef Description dseCallbackFn Sets callback information for the front end plug-in. TaskCallbackFn Defines a callback used by Slapi_Task cancel and destructor functions. Associated functions All the available functions for Directory Server tasks are listed in Table 14-16 “Functions for the Slapi_Task structure”.
• • • SLAPI_DSE_CALLBACK_OK (0) for successful operations, meaning that any directory changes can be performed. SLAPI_DSE_CALLBACK_ERROR (1) for any errors, which means that any directory changes cannot be performed. SLAPI_DSE_CALLBACK_DO_NOT_APPLY (-1), which is returned if there are no errors but the changes should still not be applied. This only applies for modify operations; otherwise, the server itnerprets SLAPI_DSE_CALLBACK_DO_NOT_APPLY as SLAPI_DSE_CALLBACK_ERROR.
The following table summarizes the front end API functions that you can call to work with directory entry values. To: Call this function: Compare a value. “slapi_value_compare()” Duplicate a value. Free a Slapi_Value structure from memory. “slapi_value_free()” Get the berval structure of the value. “slapi_value_get_berval()” Convert the value of an integer. “slapi_value_get_int()” Get the length of a value. “slapi_value_get_length()” Get the actual length of the value.
Slapi_ValueSet is the data type for an opaque structure that represents set of Slapi_Value (or a list of Slapi_Value). Syntax #include "slapi-plugin.h" typedef struct slapi_value_set Slapi_ValueSet; The following table summarizes the front end API functions that you can call to work with sets of Slapi_Value. To: Call this function: Add a Slapi_Value in the Slapi_ValueSet structure. “slapi_valueset_add_value()” Count the values in a valueset.
14.36.1 winsync_can_add_to_ad_cb Sets a callbacks to determine if an entry in the Directory Server should be added to the Active Directory server if the entry does not already exist in the Windows domain. Syntax #include "slapi-plugin.
Parameter Description ds_suffix The Directory Server suffix being synchronized. ad_suffix The Active Directory suffix being synchronized. Returns • • There are two possible returns: For a Directory Server user, this returns 12. For a Directory Server group, this returns 13. See also • winsync_plugin_call_pre_ds_add_* • map_entry_dn_inbound 14.36.3 winsync_plugin_init_cb Initializes the synchronization plug-in.
Table 14-19 winsync_pre_add_cb parameters (continued) Parameter Description ad_entry The processed Active Directory entry. ds_entry The entry to be added to the Directory Server. Any modifications to the new entry should be made to this entry. This included changing the DN, because the DN of this processing entry is used as the target DN for the final new entry in the Directory Server. This processing entry already has the default schema mapping applied.
*rawentry, Slapi_Entry *ad_entry, Slapi_Entry *ds_entry, Slapi_Mods *smods, int *do_modify); Parameters This function takes the following parameters: Table 14-21 winsync_pre_mod_cb parameters Parameter Description rawentry The unprocessed Active Directory entry, as it is read directly from Active Directory. This entry is read-only. ad_entry The processed Active Directory entry. This DN is set if the modify is against the Active Directory entry.
Table 14-22 winsync_search_params_cb parameters (continued) Parameter Description attrs Pointer to the Slapi_Attr structure representing the first attribute in the entry. This can be either NULL or a null-terminated array of strings. The attributes can be added using slapi_ch_array_add. For example: slapi_ch_array_add(attrs, slapi_ch_strdup("myattr")); attrs are freed using slapi_ch_array_free, so the caller must own the memory. serverctrls Pointer to the LDAPControl* structure.
Part IV Function reference This part contains reference information on HP-UX Directory Server (Directory Server) server plug-in API. The server plug-in API includes the above functions. Each chapter summarizes the front end functions in a table followed by the function details.
15 Distribution routines This chapter contains reference information on distribution routines. Table 15-1 Distribution routines Function Description “distribution_plugin_entry_point()” Allows for back end distribution. 15.1 distribution_plugin_entry_point() Description Back end distribution is the capability to span the LDAP subtree contents under a specified DIT node into multiple back ends in the same server and/or database links to other servers.
16 Functions for access control This chapter contains reference information on access control routines. Table 16-1 Access control routines Function Description “slapi_access_allowed()” Determines if the user who is requesting the current operation has the access rights to perform an operation on a given entry, attribute, or value. “slapi_acl_check_mods()” Determines if a user has the rights to perform the specified modifications on an entry.
#include "slapi-plugin.h" int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr, struct berval *val, int access ); Parameters This function takes the following parameters: pb Parameter block passed into this function. e Entry for which you want to check the access rights. attr Attribute for which you want to check the access rights. val Pointer to the berval structure containing the value for which you want to check the access rights.
As part of the process of determining if the user has access rights, the “slapi_acl_check_mods()” function does the following: • Checks if access control for the directory is disabled (for example, if the dse.ldif file contains the directive access control off). If access control is disabled, the function returns LDAP_SUCCESS. • For each value in each attribute specified in the LDAPMod array, the function determines if the user has permissions to write to that value.
16.3 slapi_acl_verify_aci_syntax() Description Determines whether the access control items (ACIs) on an entry are valid. Syntax #include "slapi-plugin.h" int slapi_acl_verify_aci_syntax (Slapi_Entry *e, char **errbuf); Parameters This function takes the following parameters: e Entry for which you want to check the ACIs. errbuf Pointer to the error message returned if the ACI syntax is invalid. Returns • • This function returns one of the following values: 0 if successful. -1 if an error occurs.
17 Functions for internal operations and plug-in callback This chapter contains reference information on routines for internal operations and plug-in callbacks. These functions can be used for internal operations based on DN as well as on unique ID. These functions should be used by all new plug-ins, and, preferably, old plug-ins should be changed to use them to take advantage of new plug-in configuration capabilities and to use an extensible interface.
17.2 slapi_delete_internal_pb() Description This function performs an internal delete operation based on a parameter block to remove a directory entry. The parameter block should be initialized by calling slapi_delete_internal_set_pb(). Syntax #include "slapi-plugin.h" int slapi_delete_internal_pb(Slapi_PBlock *pb); Parameters A parameter block that has been initialized using slapi_delete_internal_set_pb().
17.5 slapi_modrdn_internal_pb() Description This function performs an internal modify RDN operation based on a parameter block to rename a directory entry. The parameter block should be initialized by calling slapi_rename_internal_set_pb(). Syntax #include "slapi-plugin.h" int slapi_modrdn_internal_pb(Slapi_PBlock *pb); Parameters This function takes the following parameter: A parameter block that has been initialized using slapi_rename_internal_set_pb().
The referral URLs passed to the referral entry callback function do not need to be freed. If you need to access a referral string after returning from the callback function, call slapi_ch_strdup() to make a copy. You do not need to call “slapi_free_search_results_internal()” after calling slapi_search_internal_callback_pb. 17.7 slapi_search_internal_get_entry() Description This function performs an internal search operation to read one entry; that is, it performs a base object search.
Memory concerns “slapi_free_search_results_internal()” should be called to dispose of any entires and other items that were allocated by a call to slapi_search_internal_pb(). 17.
18 Functions for setting internal operation flags This chapter contains reference information on routines for setting internal-operation flags. Table 18-1 Internal operation flag routines Function Description “slapi_add_entry_internal_set_pb()” Sets up a parameter block so that it can be used by slapi_add_internal_pb() for an internal add operation.
“slapi_add_entry_internal_set_pb()” except that it constructs the entry from a DN and a set of attributes. The function sets pblock to contain the following data: • • • SLAPI_TARGET_DN set to DN of the new entry. SLAPI_CONTROLS_ARG set to request controls, if present. SLAPI_ADD_ENTRY set to Slapi_Entry to add. Syntax #include "slapi-plugin.
controls List of controls associated with the operation. uniqueid Unique identifier of the entry to be removed. All directory entries contain a unique identifier. Unlike the distinguished name (DN), the unique identifier of an entry never changes, providing a good way to refer unambiguously to an entry in a distributed/replicated environment. plugin_identity Plug-in identity; a cookie that identifies the plug-in to the Directory Server during an internal operation.
18.5 slapi_rename_internal_set_pb() Description This function populates pblock with parameters for use by slapi_modrdn_internal_pb() for an internal rename operation. The function sets the parameter block to contain the following data. Syntax #include "slapi-plugin.
For unique ID-based search: • • SLAPI_TARGET_DN set to the DN that allows to select the right back end. SLAPI_TARGET_UNIQUEID set to the unique ID of the entry. For DN-based search: • • • • • • SLAPI_TARGET_DN set to the search base. SLAPI_SEARCH_SCOPE set to the search scope. SLAPI_SEARCH_STRFILTER set to the search filter. SLAPI_CONTROLS_ARG set to request controls, if present. SLAPI_SEARCH_ATTRS set to the list of attributes to return.
#include "slapi-plugin.h" int slapi_seq_internal_callback_pb(Slapi_PBlock *pb, void *callback_data, plugin_result_callback res_callback, plugin_search_entry_callback srch_callback, plugin_referral_entry_callback ref_callback); Parameters This function takes the following parameters: pb Parameter block initialized with operation parameters. The easiest way to provide required parameters is by calling “slapi_seq_internal_callback_pb()” function. Parameters can also be set directly.
19 Functions for handling attributes This chapter contains reference information on attribute routines. Table 19-1 Attribute routines Function Description “slapi_attr_add_value()” Adds a value to an attribute. “slapi_attr_basetype()” Returns the base type of an attribute. “slapi_attr_dup()” Duplicates an attribute. “slapi_attr_first_value()” Gets the first value of an attribute. “slapi_attr_flag_is_set()” Determines if certain flags are set. “slapi_attr_free()” Frees an attribute.
Parameters This function takes the following parameters: a The attribute that will contain the values. v Values to be added to the attribute. Returns This function always returns 0. See also • “slapi_attr_first_value()” • “slapi_attr_next_value()” • “slapi_attr_get_numvalues()” • “slapi_attr_value_cmp()” • slapi_attr_value_find() 19.2 slapi_attr_basetype() Description This function returns the base type of an attribute (for example, if given cn;lang-jp, returns cn). Syntax #include "slapi-plugin.
See also • “slapi_attr_new()” • “slapi_attr_init()” • “slapi_attr_free()” 19.4 slapi_attr_first_value() Description Use this function to get the first value of an attribute. This is part of a set of functions to enumerate over an Slapi_Attr structure. Syntax #include "slapi-plugin.h" int slapi_attr_first_value( Slapi_Attr *a, Slapi_Value **v ); Parameters This function takes the following parameters: a Attribute containing the desired value. v Holds the first value of the attribute.
19.6 slapi_attr_free() Description Use this function to free an attribute when you are finished with it. Syntax #include "slapi-plugin.h" void slapi_attr_free( Slapi_Attr **a ); Parameters This function takes the following parameters: Attribute to be freed. a See also • “slapi_attr_new()” • “slapi_attr_init()” • “slapi_attr_dup()” 19.7 slapi_attr_get_bervals_copy() Description pointers.
To determine which flags have been set, you can bitwise AND the value of the flags argument with one or more of the following: SLAPI_ATTR_FLAG_SINGLE Flag that determines if the attribute is single-valued. SLAPI_ATTR_FLAG_OPATTR Flag that determines if the attribute is an operational attribute. SLAPI_ATTR_FLAG_READONLY Flag that determines if the attribute is read-only. Returns This function returns 0 if successful. See also “slapi_attr_flag_is_set()” 19.
#include "slapi-plugin.h" int slapi_attr_get_type( Slapi_Attr *attr, char **type ); Parameters This function takes the following parameters: attr Attribute for which you want to get the type. type When you call slapi_attr_get_type(), this parameter is set to a pointer to the type of the specified attribute. Do not free this attribute type; the type is part of the actual data in the attribute, not a copy of the data. Returns This function returns 0 if successful.
Parameters This function takes the following parameters: a The empty attribute to be initialized. type Attribute type to be initialized. Returns This function returns the newly-initialized attribute. See also • “slapi_attr_new()” • “slapi_attr_free()” • “slapi_attr_dup()” 19.14 slapi_attr_new() Description Use this function to create an empty attribute. Syntax #include "slapi-plugin.h" Slapi_Attr *slapi_attr_new( void ); Parameters Returns This function takes no parameters.
Syntax #include "slapi-plugin.h" int slapi_attr_set_valueset(Slapi_Attr *a, const Slapi_ValueSet *vs); Parameters This function takes the following parameters: a Pointer to the Slapi_Attr structure, the valueset of which you wish to set. vs Pointer to the Slapi_ValueSet structure from which you want to extract the values. Returns This function returns 0 unconditionally. See also “slapi_valueset_set_valueset()” 19.
19.19 slapi_attr_type_cmp() Description Compares two attribute types to determine if they are the same. Syntax #include "slapi-plugin.h" int slapi_attr_type_cmp( const char *t1, const char *t2, int opt ); Parameters This function takes the following parameters: t1 Name of the first attribute type that you want to compare. t2 Name of the second attribute type that you want to compare. opt One of the following values: 0 Compare the types as-is.
19.21 slapi_attr_value_cmp() Description Compares two values for a given attribute to determine if they are equal. Syntax #include "slapi-plugin.h" int slapi_attr_value_cmp( const Slapi_Attr *attr, const struct berval *v1, const struct berval *v2 ); Parameters This function takes the following parameters: attr Attribute used to determine how these values are compared; for example, if the attribute contains case-insensitive strings, the strings are compared without regard to case.
Syntax #include "slapi-plugin.h" void slapi_valueset_set_from_smod(Slapi_ValueSet *vs, Slapi_Mod *smod); Parameters This function takes the following parameters: vs The valueset that will receive changes. smod Holds the changes to an attribute. See also • “slapi_mods_init()” • “slapi_mods_free()” • “slapi_mods_done()” 19.
20 Functions for managing back end operations This chapter contains reference information on routines that help you deal with back ends. Table 20-1 Back end routines Function Description “slapi_be_addsuffix()” Adds the specified suffix to the given back end and increments the back end's suffix count. “slapi_be_delete_onexit()” Sets the flag to denote that the back end will be deleted on exiting. “slapi_be_exist()” Checks if the back end that contains the specified DN exists.
20.1 slapi_be_addsuffix() Description count. Adds the specified suffix to the given back end and increments the back end's suffix Syntax #include "slapi-plugin.h" void slapi_be_addsuffix(Slapi_Back end *be,const Slapi_DN *suffix); Parameters This function takes the following parameters: be Pointer to the structure containing the back end configuration. suffix Suffix that needs to be added to the back end. 20.
Syntax #include "slapi-plugin.h" void * slapi_be_get_instance_info(Slapi_Back end * be); Parameters This function takes the following parameter: Pointer to the structure containing the back end configuration. be Returns This function returns an opaque pointer to the instance information. 20.6 slapi_be_get_name() Description Returns the name of the specified back end. Syntax #include "slapi-plugin.
Returns This function returns 0 if successful, -1 otherwise. 20.9 slapi_be_getsuffix() Description This function returns the n+1 suffix associated with the specified back end. This function is still present for compatibility purposes with previous versions of the Directory Server Plug-in API. Current versions of Directory Server do not support back ends containing multiple suffixes; so, if n is not 0, NULL will be returned. Syntax #include "slapi-plugin.
20.12 slapi_be_issuffix() Description This function checks if the specified suffix exactly matches a registered suffix on a specified back end. Syntax #include "slapi-plugin.h" int slapi_be_issuffix(const Slapi_Back end *be, const Slapi_DN *suffix ); Parameters This function takes the following parameters: be Pointer to the structure containing the back end configuration. suffix DN of the suffix for which you are looking.
20.15 slapi_be_private() Description Verifies if the back end is private. Syntax #include "slapi-plugin.h" int slapi_be_private( Slapi_Back end *be ); Parameters This function takes the following parameter: Pointer to the structure containing the back end configuration. be Returns • • This function returns one of the following values: 0 if the back end is not hidden from the user. 1 if the back end is hidden from the user (for internal use only). 20.
Syntax #include "slapi-plugin.h" void slapi_be_set_flag(Slapi_Back end * be, int flag); Parameters This function takes the following parameters: be Pointer to the structure containing the back end configuration. flag Flag (bitmap) to set in the configuration. 20.19 slapi_be_set_instance_info() Description Sets the instance information of the specified back end with given data. Syntax #include "slapi-plugin.
20.22 slapi_get_first_back end() Description This function returns a pointer to the back end structure of the first back end. If you wish to iterate through all the back ends, use this function in conjunction with “slapi_get_next_back end()”. For example: Slapi_Back end *be = NULL; char *cookie = NULL; be = slapi_get_first_back end (&cookie); while (be ) { ... be = slapi_get_next_back end (cookie); } slapi_ch_free ((void**)&cookie); Syntax #include "slapi-plugin.
20.24 slapi_get_next_back end() Description This function returns a pointer to the next back end. If you wish to iterate through all the back ends, use this function in conjunction with “slapi_get_first_back end()”. For example: Slapi_Back end *be = NULL; char *cookie = NULL; be = slapi_get_first_back end (&cookie); while (be ) { ... be = slapi_get_next_back end (cookie); } slapi_ch_free ((void**)&cookie); Syntax #include "slapi-plugin.
See also “slapi_get_first_suffix()” 20.26 slapi_is_root_suffix() Description Checks if a suffix is a root suffix of the DIT. Syntax #include "slapi-plugin.h" int slapi_is_root_suffix(Slapi_DN * dn); Parameters DN to check. dn Returns • • This function takes the following parameter: This function returns one of the following values: 0 if the DN is not a root suffix. 1 if the DN is a root suffix. 20.
1 If the specified callback was not unregistered successfully; for example, if it were not found. See also “slapi_register_back end_state_change()” 20.
21 Functions for dealing with controls This chapter contains reference information on routines for dealing with controls. Table 21-1 Routines for dealing with controls Function Description slapi_add_control_ext() Adds the specified control to the end of an array of controls. slapi_add_controls() Appends all of an array of controls to an existing array of controls. “slapi_build_control()” Creates an LDAPControl structure based on a BerElement, an OID, and a criticality flag.
21.2 slapi_add_controls() This function specifies an array of LDAPControls, and either appends the array to the end of a specified array or uses it to create a new array. An existing array is grown using slapi_ch_realloc(). Otherwise, a new array is created using slapi_ch_malloc(). Syntax #include "slapi-plugin.
• • “slapi_build_control_from_berval()” ldap_control_free() 21.4 slapi_build_control_from_berval() Description This function creates an LDAPControl structure based on a struct berval, an OID, and a criticality flag. The LDAPControl that is created can be used in LDAP client requests or internal operations. Syntax #include "slapi-plugin.
val If the control is present in the list of controls, specifies the pointer to the berval structure containing the value of the control. iscritical If the control is present in the list of controls, specifies whether the control is critical to the operation of the server: • 0 means that the control is not critical to the operation. • 1 means that the control is critical to the operation.
#include "slapi-plugin.h" int slapi_get_supported_controls_copy( char ***ctrloidsp, unsigned long **ctrlopsp ); Parameters This function takes the following parameters: ctrloidsp Pointer to a character array that will receive the set of supported control OIDs. Pass NULL for this parameter if you do not wish to receive the OIDs. ctrlopsp Pointer to an unsigned long array that will receive the supported operation values for each control in the ctrloidsp array.
SLAPI_OPERATION_ANY The specified control applies to any LDAP operation. SLAPI_OPERATION_NONE The specified control applies to none of the LDAP operations. You can specify a combination of values by bitwise OR-ing the values together.
22 Functions for syntax plug-ins This chapter contains reference information on routines for syntax plug-ins. Table 22-1 Syntax plug-in routines Function Description slapi_call_syntax_assertion2keys_ava_sv() Calls a function, specified in the syntax plug-in, to compare against directory entries. slapi_call_syntax_assertion2keys_sub_sv() Calls a function, specified in the syntax plug-in, to compare against directory entries.
the entries in the directory. This function applies to searches that use the filter type LDAP_FILTER_SUBSTRINGS. The ldbm back end (the default back end database) calls this function when processing searches in which the filter type is LDAP_FILTER_SUBSTRINGS. The function invokes the syntax plug-in specified by the vpi argument. This is the plug-in associated with the type of attribute used in the search. You can get this handle by calling the “slapi_attr_type2plugin()” function.
Returns This function returns one of the following values: 0 If successful. -1 If an error occurs; for example, if the corresponding function for the specified plug-in is not found. 22.
23 Functions for managing memory This chapter contains reference information on routines for managing memory, such as allocating and freeing memory. Table 23-1 Memory management routines Function Description slapi_ch_array_add() Adds a new array. slapi_ch_array_free() Frees an existing array. “slapi_ch_bvdup()” Makes a copy of an existing berval structure. “slapi_ch_bvecdup()” Makes a copy of an array of existing berval structures.
#include "slapi-plugin.h" void slapi_ch_array_free( char **arrayp ); Parameters This function takes the following parameter: Pointer to the array to be freed. This parameter can be NULL. arrayp See also • slapi_ch_strdup() • slapi_ch_array_free() 23.3 slapi_ch_bvdup() Description Makes a copy of an existing berval structure. Syntax #include "slapi-plugin.
23.5 slapi_ch_calloc() Description Allocates space for an array of a number of elements of a specified size. Syntax #include "slapi-plugin.h" char * slapi_ch_calloc( unsigned long nelem, unsigned long size ); Parameters This function takes the following parameters: nelem Number of elements for which you want to allocate memory. size Size, in bytes, of the element for which you want to allocate memory. Returns This function returns a pointer to the newly allocated space of memory.
#include "slapi-plugin.h" void slapi_ch_free_string( char **s ); Parameters This function takes the following parameter: Address of the string that you want to free. If NULL, no action occurs. s See also “slapi_ch_free()” 23.8 slapi_ch_malloc() Allocates space in memory. Syntax #include "slapi-plugin.h" char * slapi_ch_malloc( unsigned long size ); Parameters This function takes the following parameter: Size of the space for which you want to allocate memory.
• • • “slapi_ch_free()” “slapi_ch_calloc()” slapi_ch_strdup() 23.10 slapi_ch_smprintf() Creates, writes to, and returns a given string. Syntax #include "slapi-plugin.h" char *string = slapi_ch_smprintf (format, *arg, ...); Parameters This function takes the following parameter: string String that is printed. format A printf-style format string. arg Arguments to pass for the string. Returns 0 If the string is successfully printed and returned. 1 If an error occurs.
• • 210 slapi_ch_malloc() slapi_ch_realloc() Functions for managing memory
24 Functions for managing entries This chapter contains reference information on routines for managing entries. Table 24-1 Entry routines Function Description “slapi_entry2str()” Generates an LDIF string description. “slapi_entry2str_with_options()” Generates an LDIF string descriptions with options. “slapi_entry_add_rdn_values()” Add components in an entry's RDN. “slapi_entry_add_string()” Adds a string value to an attribute in an entry.
Table 24-1 Entry routines (continued) Function Description “slapi_entry_get_ndn()” Returns the NDN of an entry. “slapi_entry_get_sdn()” Returns the Slapi_DN from an entry. “slapi_entry_get_sdn_const()” Returns a Slapi_DN from an entry as a constant. “slapi_entry_get_uniqueid()” Gets the unique ID from an entry. “slapi_entry_has_children()” Determines if the specified entry has child entries. “slapi_entry_init()” Initializes the values of an entry.
Memory concerns When you no longer need to use the string, you should free it from memory by calling the “slapi_ch_free()” function. See also • “slapi_entry2str_with_options()” • “slapi_str2entry()” 24.2 slapi_entry2str_with_options() Generates a description of an entry as an LDIF string. This function behaves much like slapi_entry2str(); however, you can specify output options with this function.
• • “slapi_entry2str()” “slapi_str2entry()” 24.3 slapi_entry_add_rdn_values() Adds the components in an entry's relative distinguished name (RDN) to the entry as attribute values. (For example, if the entry's RDN is uid=bjensen, the function adds uid=bjensen to the entry as an attribute value.) Syntax #include "slapi-plugin.h" int slapi_entry_add_rdn_values( Slapi_Entry *e ); Parameters This function takes the following parameter: Entry to which you want to add the RDN attributes.
#include "slapi-plugin.h" int slapi_entry_add_value (Slapi_Entry *e, const char *type, const Slapi_Value *value); Parameters This function takes the following parameters: e Entry to which you want to add a value. type Attribute to which you want to add a value. value The Slapi_value data value you want to add to the entry. Returns This function returns 0 when successful; any other value returned signals failure. Memory concerns This routine makes a copy of the parameter value. value can be NULL.
Parameters This function takes the following parameters: e Entry to which you want to add values. type Attribute type to which you want to add values. vs Slapi_ValueSet data value that you want to add to the entry. Returns This function returns 0 when successful; any other value returned signals failure. Memory concerns This routine makes a copy of the parameter vs. vs can be NULL. 24.8 slapi_entry_alloc() Allocates memory for a new entry of the “Slapi_Entry” data type.
#include "slapi-plugin.h" int slapi_entry_attr_delete( Slapi_Entry *e, const char *type ); Parameters This function takes the following parameters: e Entry from which you want to delete the attribute. type Attribute type that you want to delete. Returns This function returns one of the following values: 0 If successful. 1 If the specified attribute is not part of the entry. -1 If an error occurred. 24.11 slapi_entry_attr_find() Determines if an entry contains the specified attribute.
• • • true | false yes | no An integer Comparisons are case-insensitive (TRUE, true, and true are all the same), and unique substrings can be matched (t and tr will be interpreted as true). If the attribute value is a number, then nonzero numbers are interpreted as true, and 0 is interpreted as false. 24.13 slapi_entry_attr_get_charptr() Gets the first value of an attribute of an entry as a string. Syntax #include "slapi-plugin.
Memory concerns When you are done working with the values, free them from memory by calling the slapi_ch_array_free() function. See also “slapi_entry_attr_get_charptr()” 24.15 slapi_entry_attr_get_int() Gets the first value of an attribute in an entry as an integer. Syntax #include "slapi-plugin.h" int slapi_entry_attr_get_int(const Slapi_Entry* e, const char *type); Parameters This function takes the following parameters: e Entry from which you want to get the integer value.
24.18 slapi_entry_attr_get_ulong() Gets the first value of an attribute in an entry as a unsigned long data type. Syntax #include "slapi-plugin.h" unsigned long slapi_entry_attr_get_ulong( const Slapi_Entry* e, const char *type); Parameters This function takes the following parameters: e Entry from which you want to get the value. type Attribute type from which you want to get the value.
Parameters This function takes the following parameters: e Entry to which you want to add values. type Attribute to which you want to add values. vals Array of Slapi_Value data values you want to add. Returns This function returns 0 if successful; any other value returned signals failure. Memory concerns This function makes a copy of the parameter vals. vals can be NULL. 24.21 slapi_entry_attr_replace_sv() Replaces the values of an attribute with the Slapi_Value data value you specify.
24.23 slapi_entry_attr_set_int() Description This function will replace the value or values of an attribute with the integer value that you specify. If the attribute does not exist, it is created with the integer value that you specify. Syntax #include "slapi-plugin.h" void slapi_entry_attr_set_int(Slapi_Entry* e, const char *type, int l); Parameters This function takes the following parameters: e Entry in which you want to set the value. type Attribute type in which you want to set the value.
#include "slapi-plugin.h" void slapi_entry_attr_set_ulong(Slapi_Entry* e, const char *type, unsigned long l); Parameters This function takes the following parameters: e Entry in which you want to set the value. type Attribute type in which you want to set the value. l Unsigned long value that you want assigned to the attribute. 24.27 slapi_entry_delete_string() Deletes a string value from an attribute in an entry. Syntax #include "slapi-plugin.
If there is an operational error during the processing of this call such as a duplicate value found, the function will return LDAP_OPERATIONS_ERROR. If this occurs, please report the problem to HP technical support. Memory concerns See also The vals parameter can be NULL, in which case this function does nothing. slapi_entry_delete_values() 24.29 slapi_entry_dup() Makes a copy of an entry, its DN, and its attributes. Description This function returns a copy of an existing “Slapi_Entry” structure.
Parameters This function takes the following parameter: Entry that you want to free. If NULL, no action occurs. e Memory concerns or free(). To free entries, always use this function instead of using slapi_ch_free() See also • “slapi_entry_alloc()” • “slapi_entry_dup()” 24.32 slapi_entry_get_dn() Gets the distinguished name (DN) of the specified entry. Syntax #include "slapi-plugin.
#include "slapi-plugin.h" char *slapi_entry_get_ndn( Slapi_Entry *e ); Parameters This function takes the following parameter: Entry from which you want to obtain the normalized DN. e Returns This function returns the normalized DN from the entry that you specify. If the entry you specify does not contain a normalized DN, one is created through the processing of this function. Memory concerns Never free this value. 24.
Returns This function returns the unique ID value of the entry specified. Memory concerns See also Never free this value. If you need a copy, use slapi_ch_strdup(). slapi_ch_strdup() 24.38 slapi_entry_has_children() This function determines if the specified entry has child entries. Syntax #include "slapi-plugin.h" int slapi_entry_has_children(const Slapi_Entry *e); Parameters This function takes the following parameter: Entry that you want to test for child entries.
• • • “slapi_entry_free()” “slapi_entry_alloc()” slapi_ch_strdup() 24.40 slapi_entry_merge_values_sv() Merges (adds) and array of Slapi_Value data values to a specified attribute in an entry. If the entry does not contain the attribute specified, the attribute is created with the value supplied. Description This function adds additional Slapi_Value data values to the existing values contained in an attribute. If the attribute type does not exist, it is created.
Memory concerns copy is needed. See also Never free the returned attr. Use “slapi_attr_dup()” to make a copy if a “slapi_attr_dup()” 24.42 slapi_entry_rdn_values_present() Determines whether the values in an entry's relative distinguished name (RDN) are also present as attribute values. For example, if the entry's RDN is cn=Barbara Jensen, the function determines if the entry has the cn attribute with the value Barbara Jensen. Syntax #include "slapi-plugin.
Parameters This function takes the following parameters: e Entry to which you want to assign the DN. dn Distinguished name to assign to the entry. Memory concerns The dn will be freed eventually when “slapi_entry_free()” is called. A copy of dn should be passed. For example: char *dn = slapi_ch_strdup(some_dn): slapi_entry_set_dn(e, dn); The old dn will be freed as a result of this call. Do not pass in a NULL value. See also • “slapi_entry_free()” • “slapi_entry_get_dn()” 24.
24.47 slapi_entry_size() This function returns the approximate size of an entry, rounded to the nearest 1k. This can be useful for checking cache sizes, estimating storage needs, and so on. Description When determining the size of an entry, only the sizes of the attribute values are counted; the size of other entry values (such as the size of attribute names, variously-normalized DNs, or any metadata) are not included in the size returned. It is assumed that the size of the metadata, et al.
Note: This function modifies the string argument s. If you still need to use this string value, you should make a copy of this string before calling slapi_str2entry(). If an error occurred during the conversion process, the function returns NULL instead of the entry. When you are done working with the entry, you should call the “slapi_entry_free()” function. To convert an entry to a string description, call the “slapi_filter_free()” function. Syntax #include "slapi-plugin.
25 Functions related to entry flags This chapter contains reference information on functions that are specific to entry flags. Table 25-1 Entry flags Function Description “slapi_entry_clear_flag()” Clears a flag for a specified entry. “slapi_entry_flag_is_set()” Checks if certain flags are set in an entry. “slapi_entry_set_flag()” Sets a flag for an entry. 25.1 slapi_entry_clear_flag() Clears a flag for a specified entry.
• • “slapi_entry_clear_flag()” “slapi_entry_set_flag()” 25.3 slapi_entry_set_flag() Sets a flag for a specified entry. Description In current versions of Directory Server, the only external flag that can be set is SLAPI_ENTRY_FLAG_TOMBSTONE. This flag means that the entry is a tombstone entry. More flags may be exposed in future releases. Do not use your own flags. Syntax #include "slapi-plugin.
26 Functions for dealing with filters This chapter contains reference information on filter routines. Table 26-1 Filter routines Function Description “slapi_filter_apply()” Applies a function to each simple filter component within a complex filter. “slapi_filter_compare()” Determines if two filters are identical. “slapi_filter_dup()” Duplicates the specified filter. “slapi_filter_free()” Frees the specified filter.
arg Argument to the function (fn). error_code Pointer to error code of fn, which can be accessed by calling function. Possible values slapi_filter_apply() may set in error_code include SLAPI_FILTER_UNKNOWN_FILTER_TYPE. A FILTER_APPLY_FN should return _STOP or _CONTINUE only. Returns This function returns an integer. Possible return values for slapi_filter_apply() include: • • • • SLAPI_FILTER_SCAN_NOMORE indicates success in traversing the entire filter.
#include "slapi-plugin.h" void slapi_filter_free( Slapi_Filter *f, int recurse ); Parameters This function takes the following parameters: f Filter that you want to free. recurse If 1, recursively frees all filters that comprise this filter. If 0, only frees the filter specified by f. Memory concerns Filters created using slapi_str2filter() must be freed after using this function. Filters extracted from a pblock using slapi_pblock_get( pb,SLAPI_SEARCH_FILTER, &filter ) must not be freed.
26.6 slapi_filter_get_ava() Gets the attribute type and the value from the filter. Description Filters of the type LDAP_FILTER_EQUALITY, LDAP_FILTER_GE, LDAP_FILTER_LE, and LDAP_FILTER_APPROX generally compare a value against an attribute. For example: (cn=Barbara Jensen) This filter finds entries in which the value of the cn attribute is equal to Barbara Jensen. The attribute type is returned in the parameter type, and the value is returned in the parameter bval. Syntax #include "slapi-plugin.
Returns • This function returns one of the following values: LDAP_FILTER_AND (AND filter) For example: (&(ou=Accounting)(l=Sunnyvale)) • LDAP_FILTER_OR (OR filter) For example: (|(ou=Accounting)(l=Sunnyvale)) • LDAP_FILTER_NOT (NOT filter) For example: (!(l=Sunnyvale)) • LDAP_FILTER_EQUALITY (equals filter) For example: (ou=Accounting) • LDAP_FILTER_SUBSTRINGS (substring filter) For example: (ou=Account*Department) • LDAP_FILTER_GE ( "greater than or equal to" filter) For example: (supportedLDA
• • 0 if successful. -1 if the filter is not one of the types listed above. (cn=John*Q*Public) This filter finds entries in which the value of the cn attribute starts with John, contains Q, and ends with Public. Call this function to get these substring values as well as the attribute type from this filter. In the case of the example above, calling this function gets the initial substring John, the any substring Q, and the final substring Public in addition to the attribute type cn.
(&(ou=Accounting)(l=Sunnyvale)) (|(ou=Accounting)(l=Sunnyvale)) (!(l=Sunnyvale)) Each of these examples contain one or more LDAP_FILTER_EQUALITY filters. Call the slapi_filter_join() function to create a new filter of the type LDAP_FILTER_AND, LDAP_FILTER_OR, or LDAP_FILTER_NOT. Syntax #include "slapi-plugin.h" Slapi_Filter *slapi_filter_join( int ftype, Slapi_Filter *f1, Slapi_Filter *f2 ); Parameters This function takes the following parameters: ftype Type of composite filter you want to create.
Memory concerns The f1 and f2 filters are neither copied nor freed during the join process, but the resulting filter will have references pointing to these two filters. See also set to 1. “slapi_filter_join()” uses “slapi_filter_join_ex()” with recurse_always argument 26.12 slapi_filter_list_first() Applies only to filters of the types LDAP_FILTER_EQUALITY, LDAP_FILTER_GE, LDAP_FILTER_LE, and LDAP_FILTER_APPROX. Gets the first filter that makes up the specified filter.
the next filter after (ou=Accounting) in this list is: (l=Sunnyvale) Call the slapi_filter_list_next() function to get the filters from this list. Memory concerns No duplication of the filter is done, so this filter should not be freed independently of the original filter. See also “slapi_filter_list_first()” 26.14 slapi_filter_test() Determines if the specified entry matches a particular filter. Syntax #include "slapi-plugin.
• • • 0 if the entry matched the filter or if the specified filter is NULL. -1 if the filter type is unknown or if the entry does not match the filter. A positive value (an LDAP error code) if an error occurred or if the current user does not have access rights to search the specified entry. See also • “slapi_filter_test_simple()” • “slapi_filter_test()” 26.16 slapi_filter_test_simple() Description This function allows you to check if entry e matches filter f. Syntax #include "slapi-plugin.
Returns • • This function returns one of the following values: A pointer to the Slapi_Filter structure representing the search filter. NULL if the string cannot be converted; for example, if an empty string is specified or if the filter syntax is incorrect. When you are done working with this filter, you should free the Slapi_Filter structure by calling “slapi_filter_free()”. 26.19 slapi_vattr_filter_test() Tests a filter against a single entry.
27 Functions specific to extended operation This chapter contains reference information on routines for dealing with extended operations. Table 27-1 Extended operation routines Function Description slapi_get_supported_extended_ops_copy() Gets a copy of the object IDs (OIDs) of the extended operations. 27.1 slapi_get_supported_extended_ops_copy() Gets a copy of the object IDs (OIDs) of the extended operations.
28 Functions specific to bind methods This chapter contains reference information on bind routines, including SASL. Table 28-1 Bind routines Function Description “slapi_add_auth_response_control()” Supplies authentication information from an LDAP bind operation. slapi_get_supported_saslmechanisms_copy() Gets an array of the names of the supported Simple Authentication and Security Layer (SASL) methods.
Parameters mechanism See also 250 This function takes the following parameter: Name of the SASL mechanism. Chapter 39 “Functions for managing DNs”.
29 Functions for thread-safe LDAP connections This chapter contains reference information on functions for thread-safe LDAP connections. Table 29-1 Thread-safe LDAP connection routines Function Description “slapi_ldap_init()” Initializes an LDAP session with another LDAP server. “slapi_ldap_unbind()” Unbinds from another LDAP server and frees the resources contained in the LDAP structure. 29.1 slapi_ldap_init() Initializes an LDAP session with another LDAP server.
slapi_ldap_unbind( ld ); return 0; } Syntax #include "slapi-plugin.h" LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared ); Parameters This function takes the following parameters: ldaphost Space-delimited list of one or more host names (or IP address in dotted notation, such as 141.211.83.36) of the LDAP servers to which you want to connect. The names can be in hostname:portnumber format, in which case portnumber overrides the port number specified by the ldapport argument.
30 Functions for logging This chapter contains reference information on logging routines. Table 30-1 Logging routines Function Description “slapi_log_error()” Writes a message to the error log for the Directory Server. “slapi_is_loglevel_set()” Checks if loglevel is selected as a log level. 30.1 slapi_log_error() Writes a message to the error log for the Directory Server. By default, the error log file is /var/opt/dirsrv/slapd-instance_name/log/errors. Syntax #include "slapi-plugin.
SLAPI_LOG_SHELL Written to the error log if the Log Level setting "Log communications with shell back ends" is selected. SLAPI_LOG_PARSE Written to the error log if the Log Level setting "Log entry parsing" is selected. SLAPI_LOG_HOUSE Written to the error log if the Log Level setting "Housekeeping" is selected. SLAPI_LOG_REPL Written to the error log if the Log Level setting "Replication" is selected. SLAPI_LOG_CACHE Written to the error log if the Log Level setting "Entry cache" is selected.
31 Functions for counters This chapter contains reference information on routines for setting 64-bit values for Directory Server database and server statistics counters. Table 31-1 Counter routines Function Description slapi_counter_add() Adds a certain amount to the counter value. slapi_counter_decrement() Decrements the counter and returns the new value. slapi_counter_destroy() Destroys an existing counter. slapi_counter_get_value() Gets the current value of the counter.
Parameters This function takes the following parameter: The counter to decrement. counter Returns The function returns the value of the counter (the current count) after the counter has been decremented. See also • slapi_counter_subtract() • slapi_counter_increment() 31.3 slapi_counter_destroy() Frees a Slapi_Counter structure from memory. Use this with a dynamically allocated Slapi_Counter structure that was obtained by calling slapi_counter_new().
See also • slapi_counter_add() • slapi_counter_decrement() 31.6 slapi_counter_init() Initializes a new Slapi_Counter structure, sets the initial value for the new counter to 0. This function is useful when the Slapi_Counter structure is static, similar to: static Slapi_Counter operation_counter; ... slapi_counter_init(&operation_counter); Syntax #include "slapi-plugin.
• • • slapi_counter_add() slapi_counter_subtract() slapi_counter_get_value() 31.9 slapi_counter_subtract() Subtracts the specified amount from the counter value. Syntax #include "slapi-plugin.h" PRUint64 slapi_counter_subtract(Slapi_Counter *counter, PRUint64 subvalue); Parameters This function takes the following parameters: counter The counter for which to set the value. subvalue The amount which should be subtracted from the current counter value to give the new value.
32 Functions for handling matching rules This chapter contains reference information on matching rule routines. Table 32-1 Matching rule routines Function Description slapi_berval_cmp() Compares two berval structures to determine if they are equal. slapi_matchingrule_free() Frees the specified matching rule structure (and, optionally, its members) from memory. slapi_matchingrule_get() Gets information about a matching rule.
Parameters This function takes the following parameters: mrEntry The Slapi_MatchingRuleEntry structure that you want to free from memory. freeMembers If 1, the function also frees the members of the structure from memory. 32.3 slapi_matchingrule_get() Gets information about a matching rule. This function gets information about a matching rule from the Slapi_MatchingRuleEntry structure. To set information in this structure, call the slapi_matchingrule_set() function. Syntax #include "slapi-plugin.
Return Values • • This function returns either of two values: 1 means that the matching rule is a valid ordering matching rule for the given syntax. 0 means that the matching rule could not be found, does not apply to the given syntax, or is not an ordering matching rule. 32.5 slapi_matchingrule_new() Description This function allocates memory for a new Slapi_MatchingRuleEntry structure, which represents a matching rule.
The arg argument can have one of the following values: ID Data type of the value argument Description SLAPI_MATCHINGRULE_NAME char * Name of the matching rule. SLAPI_MATCHINGRULE_OID char * OID of the matching rule. SLAPI_MATCHINGRULE_DESC char * Description of the matching rule. SLAPI_MATCHINGRULE_SYNTAX char * Syntax supported by the matching rule. SLAPI_MATCHINGRULE_OBSOLETE int Returns If 1, the matching rule is obsolete.
32.10 slapi_mr_indexer_create() Calls the indexer factory function for the plug-in responsible for a specified matching rule. Description This function calls the indexer factory function for the plug-in responsible for handing a specified matching rule. The matching rule is identified by the OID in the SLAPI_PLUGIN_MR_OID parameter.
33 Functions for LDAPMod manipulation This chapter contains reference information on LDAPMod manipulation routines. Table 33-1 LDAPMod manipulation routines Function Description “slapi_entry2mods()” Creates an array of LDAPMod from a Slapi_Entry. “slapi_mod_add_value()” Adds a value to a Slapi_Mod structure. “slapi_mod_done()” Frees internals of Slapi_Mod structure. “slapi_mod_dump()” Dumps the contents of an LDAPMod to the server log. “slapi_mod_free()” Frees a Slapi_Mod structure.
Table 33-1 LDAPMod manipulation routines (continued) Function Description “slapi_mods_free()” Frees a Slapi_Mods structure. “slapi_mods_get_first_mod()” Initializes a Slapi_Mods iterator and returns the first LDAPMod. “slapi_mods_get_first_smod()” Initializes a Slapi_Mods iterator and returns the first mod wrapped in a Slapi_Mods structure. “slapi_mods_get_ldapmods_byref()” Gets a reference to the array of LDAPMod in a Slapi_Mods structure.
See also “slapi_mods2entry()” 33.2 slapi_mod_add_value() Description Adds a copy of a given attribute to the Slapi_Mod structure. Syntax #include "slapi-plugin.h" void slapi_mod_add_value(Slapi_Mod *smod, const struct berval *val); Parameters This function takes the following parameters: smod Pointer to an initialized Slapi_Mod. val Pointer to a berval representing the attribute value. 33.3 slapi_mod_done() Description state.
Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod. smod See also “slapi_mod_new()” 33.6 slapi_mod_get_first_value() Description Use this function with slapi_mod_get_next_value() to iterate through the attribute values in a Slapi_Mod structure. The function Initializes a Slapi_Mod iterator and returns the first attribute value. Syntax #include "slapi-plugin.
See also “slapi_mod_get_ldapmod_byref()” 33.9 slapi_mod_get_next_value() Description This function increments the Slapi_Mod iterator and return the next attribute value. Use this function with slapi_mods_get_first_mod() to iterate through the attribute values in a Slapi_Mod. Syntax #include "slapi-plugin.h" struct berval *slapi_mod_get_next_value(Slapi_Mod *smod); Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod.
Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod. smod Returns This function returns a read-only pointer to the attribute type in the Slapi_Mod. See also “slapi_mod_set_type()” 33.13 slapi_mod_init() Description This function initializes a Slapi_Mod so that it is empty but initially has room for the given number of attribute values. Syntax #include "slapi-plugin.
#include "slapi-plugin.h" void slapi_mod_init_byval(Slapi_Mod *smod, const LDAPMod *mod); Parameters This function takes the following parameters: smod Pointer to an uninitialized Slapi_Mod. mod Pointer to an LDAPMod. See also • “slapi_mod_done()” • “slapi_mod_init()” • “slapi_mod_init_byref()” • “slapi_mod_init_byval()” 33.16 slapi_mod_init_passin() Description This function initializes a Slapi_Mod by passing in an LDAPMod. Use this function to convert an LDAPMod to a Slapi_Mod.
type An attribute type. svs Pointer to the uninitialized Slapi_ValueSet structure of which to get the count. Memory concerns Use “slapi_mods_free()” or “slapi_mod_done()” to clean up the memory allocated by slapi_mod_init_valueset_byval See also • “slapi_mod_done()” • “slapi_mods_free()” • “Slapi_ValueSet” • Slapi_Mod 33.18 slapi_mod_isvalid() Determines whether a Slapi_Mod structure is valid. Description Use this function to verify that the contents of Slapi_Mod are valid.
See also • “slapi_mod_get_first_value()” • “slapi_mod_get_next_value()” 33.21 slapi_mod_set_operation() Sets the operation type of a Slapi_Mod structure. Syntax #include "slapi-plugin.h" void slapi_mod_set_operation(Slapi_Mod *smod, int op); Parameters This function takes the following parameters: smod Pointer to an initialized Slapi_Mod. op One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE, combined using the bitwise or operator with LDAP_MOD_BYVALUES.
33.24 slapi_mods_add() Description This function appends a new mod with a single attribute value to a Slapi_Mods. The mod is constructed from copies of the values of modtype, type, len, and val. Syntax #include "slapi-plugin.h" void slapi_mods_add( Slapi_Mods *smods, int modtype, const char *type, unsigned long len, const char *val); Parameters This function takes the following parameters: mods Pointer to an initialized Slapi_Mods. modtype One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE.
#include "slapi-plugin.h" void slapi_mods_add_mod_values( Slapi_Mods *smods, int modtype, const char *type, Slapi_Value **va );; Parameters This function takes the following parameters: mods Pointer to an initialized Slapi_Mods. modtype One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. type The LDAP attribute type. va A null-terminated array of Slapi_Value representing the attribute values.
#include "slapi-plugin.h" void slapi_mods_add_modbvps( Slapi_Mods *smods, int modtype, const char *type, struct berval **bvps ); Parameters This function takes the following parameters: mods Pointer to an initialized Slapi_Mods. modtype One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. type The LDAP attribute type. bvps A null-terminated array of berval representing the attribute values.
#include "slapi-plugin.h" void slapi_mods_done(Slapi_Mods *smods); Parameters This function takes the following parameter: Pointer to a Slapi_Mods. smod See also • “slapi_mods_init()” • “slapi_mods_init_byref()” • “slapi_mods_init_passin()” 33.31 slapi_mods_dump() Description This function uses the LDAP_DEBUG_ANY log level to dump the contents of a Slapi_Mods to the server log for debugging. Syntax #include "slapi-plugin.
33.34 slapi_mods_get_first_smod() Description This function initializes a Slapi_Mods iterator and returns the first mod wrapped in a Slapi_Mods structure. Use this function in conjunction with slapi_mods_get_next_smod() to iterate through the mods in a Slapi_Mods using a Slapi_Mods wrapper. Syntax #include "slapi-plugin.h" Slapi_Mod *slapi_mods_get_first_smod(Slapi_Mods *smods, Slapi_Mod *smod); Parameters This function takes the following parameters: mods A pointer to a an initialized Slapi_Mods.
33.37 slapi_mods_get_next_mod() Description This function increments the Slapi_Mods iterator and returns the next LDAPMod. Use this function in conjunction with “slapi_mods_get_first_mod()” to iterate through the mods in a Slapi_Mods. This will return an LDAPMod each time until the end. Syntax #include "slapi-plugin.h" LDAPMod *slapi_mods_get_next_mod(Slapi_Mods *smods); Parameters This function takes the following parameter: A pointer to an initialized Slapi_Mods. smod Returns more.
33.40 slapi_mods_init() Description Initializes a Slapi_Mods so that it is empty but initially has room for the given number of mods. Syntax #include "slapi-plugin.h" void slapi_mods_init(Slapi_Mods *smods, int initCount); Parameters This function takes the following parameters: mods Pointer to an initialized Slapi_Mods. initCount parameter Suggested number of mods for which to make room. The minimum value is 0.
33.43 slapi_mods_insert_after() Description This function inserts an LDAPMod in a Slapi_Mods immediately after the current position of the Slapi_Mods iterator. The iterator position is unchanged. Syntax #include "slapi-plugin.h" void slapi_mods_insert_after(Slapi_Mods *smods, LDAPMod *mod); Parameters This function takes the following parameters: mods Pointer to an initialized Slapi_Mods with a valid iterator position. mod Pointer to the LDAPMod to be inserted.
Parameters This function takes the following parameters: mods Pointer to an initialized Slapi_Mods with valid iterator position. mod Pointer to the LDAPMod to be inserted. Memory concerns The responsibility for the LDAPMod is transferred to the Slapi_Mods. This function must not be used on a Slapi_Mods initialized with slapi_mods_init_byref(). See also • “slapi_mods_get_first_mod()” • “slapi_mods_get_next_mod()” 33.
See also • “slapi_mods_insert_before()” • “slapi_mods_insert_smod_at()” 33.48 slapi_mods_iterator_backone() Description Decrements the Slapi_Mods current iterator position. This function moves the iterator back one position. Syntax #include "slapi-plugin.h" void slapi_mods_iterator_backone(Slapi_Mods *smods); Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mods.
34 Functions for monitoring operations This chapter contains reference information on operation routines. Table 34-1 Operation routines Function Description “slapi_op_abandoned()” Determines if the client has abandoned the current operation. “slapi_op_get_type()” Gets the type of a Slapi_Operation. 34.1 slapi_op_abandoned() Description This function allows you to verify if the operation associated to the pblock in the parameter has been abandoned.
• • SLAPI_OPERATION_ABANDON SLAPI_OPERATION_EXTENDED See also 286 “slapi_pblock_get()” Functions for monitoring operations
35 Functions for managing parameter block This chapter contains reference information on parameter block routines. Table 35-1 Parameter block routines Function Description “slapi_pblock_destroy()” Frees a pblock from memory. “slapi_pblock_get()” Gets the value from a pblock. “slapi_pblock_init()” Initializes an existing parameter block so that it can be reused. “slapi_pblock_new()” Creates a new pblock. “slapi_pblock_set()” Sets the value of a pblock. 35.
Parameters This function takes the following parameters: pb Parameter block. arg ID of the name-value pair to get. For a list of IDs that you can specify, see Part V “Parameter block reference”. value Pointer to the value retrieved from the parameter block. Returns • • This function returns one of the following values: 0 if successful. -1 if an error occurs (for example, if an invalid ID is specified).
#include "slapi-plugin.h" void slapi_pblock_init( Slapi_PBlock *pb ); Parameters This function takes the following parameter: Parameter block. pb Memory concerns The parameter block that is to be freed must have been created using “slapi_pblock_new()”. When you are finished with the parameter block, you must free it using the “slapi_pblock_destroy()”. NOTE: The search results will not be freed from the parameter block by slapi_pblock_init().
slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, 1); However, for values which are already pointers (char * strings, char **arrays, Slapi_Back end *, etc.), you can pass in the value directly. For example: char *target_dn = slapi_ch_strdup(some_dn); slapi_pblock_set(pb, SLAPI_TARGET_DN, target_dn); or slapi_pblock_set(pb, SLAPI_TARGET_DN, NULL); With some compilers, you will have to cast the value argument to (void *).
36 Functions for handling passwords This chapter contains reference information on routines for handling passwords. The routines are listed in Chapter 36 “Functions for handling passwords”. Table 36-1 Password handling routines Function Description slapi_pw_find_sv() Determines whether a specified password matches one of the encrypted values of an attribute. “slapi_is_encoded()” Checks whether a value is encoded with any known algorithm. “slapi_encode()” Encodes a value with the specified algorithm.
36.2 slapi_is_encoded() Checks whether the specified value is encoded with any known algorithm. Syntax #include "slapi-plugin.h" int slapi_is_encoded(char *value); Parameters This function takes the following parameter: The value, the encoding status of which needs to be determined. value Returns • • This function returns one of the following values: 1 if the value is encoded. 0 if the value is not encoded. See also • slapi_pw_find_sv() • “slapi_encode()” 36.
Parameters This function takes the following parameter: pb Parameter block. arg Argument to the function. Returns • • This function returns one of the following values: LDAP_CONTROL_PWEXPIRED (0) if the password has expired. LDAP_CONTROL_PWEXPIRING (1, with the time in seconds) if the password has not yet expired but is within the warning period. 36.5 slapi_pwpolicy_make_response_control() Description Sends back detailed information about password policies. Syntax #include "slapi-plugin.
37 Functions for managing RDNs This chapter contains reference information on RDN routines. Table 37-1 RDN routines Function Description “slapi_rdn_add()” Adds a new RDN to an existing RDN structure. “slapi_rdn_compare()” Compares two RDNs. “slapi_rdn_contains()” Checks if a Slapi_RDN structure holds any RDN matching a give type/value pair. “slapi_rdn_contains_attr()” Checks if a Slapi_RDN structure contains any RDN matching a given type. “slapi_rdn_done()” Clears a Slapi_RDN structure.
37.1 slapi_rdn_add() Description This function adds a new type/value pair to an existing RDN or sets the type/value pair as the new RDN if rdn is empty. This function resets the FLAG_RDNS flags, which means that the RDN array within the Slapi_RDN structure is no longer current with the new RDN. Syntax #include "slapi-plugin.h" int slapi_rdn_add(Slapi_RDN *rdn, const char *type, const char *value); Parameters This function takes the following parameters: rdn The target Slapi_RDN structure.
Returns • • This function returns one of the following values: 1 if rdn contains an RDN that matches the type, value, and length. 0 if no RDN matches the desired type/value. See also • “slapi_rdn_get_index()” • “slapi_rdn_contains_attr()” 37.4 slapi_rdn_contains_attr() Description This function checks whether a Slapi_RDN structure contains any RDN matching a given type and, if true, gets the corresponding attribute value.
37.6 slapi_rdn_free() Description This function frees both the contents of the Slapi_RDN structure and the structure itself pointed to by the content of rdn. Syntax #include "slapi-plugin.h" void slapi_rdn_free(Slapi_RDN **rdn); Parameters This function takes the following parameter: Pointer to the pointer of the Slapi_RDN structure to be freed. rdn See also • “slapi_rdn_new()” • “slapi_rdn_done()” 37.
Parameters This function takes the following parameters: rdn The Slapi_RDN structure containing the RDN value(s). type Type (cn, o, ou, etc.) of the RDN that is searched. value Value of the RDN searched. length Gives the length of value that should be taken into account for the string comparisons when searching for the RDN. Returns • • This function returns one of the following values: The index of the RDN that follows the RDN matching the contents of the parameters type and value.
type Repository that will hold the type (cn, o, ou, etc.) of the next (index+1) RDN. If this parameter is NULL at the return of the function, the RDN does not exist. value Repository that will hold the value of the next (index+1) RDN. If this parameter is NULL, the RDN does not exist. Returns • • This function returns one of the following values: The real position of the retrieved RDN if the operation was successful. -1 if there is no RDN in the index position.
37.14 slapi_rdn_init() Description This function initializes a given Slapi_RDN structure with NULL values; both the RDN value and the array of split RDNs are set to NULL. Syntax #include "slapi-plugin.h" void slapi_rdn_init(Slapi_RDN *rdn); Parameters This function takes the following parameters: The Slapi_RDN structure to be initialized. rdn See also • “slapi_rdn_new()” • “slapi_rdn_free()” • “slapi_rdn_done()” 37.
37.17 slapi_rdn_init_sdn() Description This function initializes a given Slapi_RDN structure with the RDN value taken from the DN passed within the Slapi_DN structure of the sdn parameter. Syntax #include "slapi-plugin.h" void slapi_rdn_init_sdn(Slapi_RDN *rdn,const Slapi_DN *sdn); Parameters This function takes the following parameters: rdn The Slapi_RDN structure to be initialized. sdn The Slapi_DN structure containing the DN value whose RDN will be used to initialize the new Slapi_RDN structure.
37.20 slapi_rdn_new_dn() Description This function creates a new Slapi_RDN structure and initializes its RDN with the value taken from the DN passed in the dn parameter. Syntax #include "slapi-plugin.h" Slapi_RDN *slapi_rdn_new_dn(const char *dn); Parameters This function takes the following parameter: The DN value whose RDN will be used to initialize the new Slapi_RDN structure.
• • “slapi_rdn_new_dn()” “slapi_rdn_new_rdn()” 37.23 slapi_rdn_remove() This function removes the RDN from rdn that matches the given criteria (type, value, and length). Syntax #include "slapi-plugin.h" int slapi_rdn_remove(Slapi_RDN *rdn, const char *type, const char *value, size_t length); Parameters This function takes the following parameters: rdn The target Slapi_RDN structure. type Type (cn, o, ou, etc.) of the RDN searched. value The value of the RDN searched.
#include "slapi-plugin.h" int slapi_rdn_remove_index(Slapi_RDN *rdn, int atindex); Parameters This function takes the following parameters: rdn The target Slapi_RDN structure. atindex The index of the RDN type/value pair to remove. Returns This function returns one of the following values: 0 If no RDN is removed because either rdn is empty or the index goes beyond the number of RDNs present. 1 If the RDN is removed from rdn. See also • “slapi_rdn_remove()” • “slapi_rdn_remove_attr()” 37.
37.28 slapi_rdn_set_sdn() Description This function sets an RDN value in a Slapi_RDN structure. The structure is freed from memory and freed of any previous content before setting the new RDN. The new RDN is taken from the DN value present inside of a Slapi_DN structure. Syntax #include "slapi-plugin.h" void slapi_rdn_set_sdn(Slapi_RDN *rdn,const Slapi_DN *sdn); Parameters This function takes the following parameters: rdn The target Slapi_RDN structure.
38 Functions for managing roles This chapter contains reference information on routines that help you deal with roles. Table 38-1 Routines for roles Function Description “slapi_role_check()” Checks if the entry pointed to by entry_to_check contains the role indicated by role_dn. “slapi_register_role_check()” Allows registering of another function, other than the default, to use in “slapi_role_check()” . 38.
39 Functions for managing DNs This chapter contains reference information on DN routines. Table 39-1 DN routines Function Description “slapi_dn_isroot()” Determines if the DN is the root DN for the local database. “slapi_dn_normalize_case()” Converts a DN to canonical format and all characters to lower case. “slapi_dn_normalize_to_end()” Normalizes part of a DN value. “slapi_moddn_get_newdn()” Builds the new DN of an entry.
Table 39-1 DN routines (continued) Function Description “slapi_sdn_set_ndn_byref()” Sets a normalized DN in a Slapi_DN structure. “slapi_sdn_set_ndn_byval()” Sets a normalized DN in a Slapi_DN structure. “slapi_sdn_set_parent()” Sets a new parent in an entry. “slapi_sdn_set_rdn()” Sets a new RDN for an entry. 39.1 slapi_dn_isroot() Determines whether the specified DN is the root DN for this local database.
If the argument end happens to be NULL, this routine does basically the same thing as slapi_sdn_get_ndn(), except for NULL terminating the normalized DN. CAUTION: This function does not null-terminate the string. Use this function only if you know what you are doing. Syntax #include "slapi-plugin.h" char *slapi_dn_normalize_to_end( char *dn, char *end); Parameters This function takes the following parameters: dn DN value to be normalized.
Parameters This function takes the following parameters: sdn Slapi_DN structure containing the value to which a new RDN is to be added. rdn Slapi_RDN structure containing the RDN value that is to be added to the DN value. Returns This function returns the Slapi_DN structure with the new DN formed by adding the RDN value in rdn to the DN value in dn. See also “slapi_sdn_set_rdn()” 39.6 slapi_sdn_compare() Description This function compares two DNs, sdn1 and sdn2. The comparison is case sensitive.
See also “slapi_sdn_free()” 39.9 slapi_sdn_dup() Duplicates a Slapi_DN structure. Syntax #include "slapi-plugin.h" Slapi_DN * slapi_sdn_dup(const Slapi_DN *sdn); Parameters This function takes the following parameter: Pointer to the Slapi_DN structure to duplicate. sdn Returns This function returns a pointer to a duplicate of sdn. See also • “slapi_sdn_copy()” • “slapi_sdn_new()” 39.
See also slapi_sdn_get_parent() 39.12 slapi_sdn_get_dn() Description This function retrieves the DN value of a Slapi_DN structure. The returned value can be the normalized DN (in a canonical format and in lower case) if no other value is present. Syntax #include "slapi-plugin.h" const char * slapi_sdn_get_dn(const Slapi_DN *sdn); Parameters This function takes the following parameter: The Slapi_DN structure containing the DN value. sdn Returns This function returns the DN value.
Syntax #include "slapi-plugin.h" void slapi_sdn_get_parent(const Slapi_DN *sdn, Slapi_DN *sdn_parent); Parameters This function takes the following parameters: sdn Pointer to the Slapi_DN structure containing the DN whose parent is searched. sdn_parent Pointer to the Slapi_DN structure where the parent DN is returned. See also slapi_sdn_get_backend_parent() 39.
39.18 slapi_sdn_isempty() Description This function checks whether a Slapi_DN structure contains a normalized or non-normalized value. Syntax #include "slapi-plugin.h" int slapi_sdn_isempty( const Slapi_DN *sdn); Parameters This function takes the following parameter: Pointer to the Slapi_DN structure that is going to be checked. sdn Returns • • This function returns one of the following values: 1 if there is no DN value (normalized or not) present in the Slapi_DN structure. 0 if sdn is not empty.
Parameters This function takes the following parameters: parent Pointer to the Slapi_DN structure containing the DN which claims to be the parent of the DN in child. child Pointer to the Slapi_DN structure containing the DN of the supposed child of the DN in the structure pointed to by parent. Returns • • This function returns one of the following values: 1 if the DN in parent is the parent of the DN in child. 0 if the DN in parent does not match the DN of the parent of the DN in child.
value is passed in to the parameter by reference. However, the FLAG_DN flag is not set, and no counter is incremented. Syntax #include "slapi-plugin.h" Slapi_DN *slapi_sdn_new_dn_byref(const char *dn); Parameters This function takes the following parameter: The DN value to be set in the new Slapi_DN structure. dn Returns This function returns a pointer to the new Slapi_DN structure with a DN valueset to the content of dn. Memory concerns The memory is allocated by the function itself.
Memory concerns The memory is allocated by the function itself. See also • “slapi_sdn_new_dn_byval()” • “slapi_sdn_new_ndn_byref()” 39.26 slapi_sdn_new_ndn_byref() Description This function creates a new Slapi_DN structure and initializes its normalized DN with the value of ndn. The normalized DN of the new structure will point to the same string pointed to by ndn; the normalized DN value is passed into the parameter by reference. However, the FLAG_NDN flag is not set, and no counter is incremented.
Parameters This function takes the following parameters: dn The DN of the entry subject of scope test. base The base DN against which dn is going to be tested. scope The scope tested. This parameter can take one of the following levels: • LDAP_SCOPE_BASE- where the entry DN should be the same as the base DN. • LDAP_SCOPE_ONELEVEL- where the base DN should be the parent of the entry. • DNLDAP_SCOPE_SUBTREE- where the base DN should at least be the suffix of the entry DN. Returns scope.
Returns value. This function returns a pointer to the Slapi_DN structure containing the new DN See also • “slapi_sdn_set_ndn_byref()” • “slapi_sdn_set_dn_passin()” 39.31 slapi_sdn_set_dn_passin() Description This function sets a DN value in a Slapi_DN structure. The DN of the new structure will point to the same string pointed to by dn. The FLAG_DN flag is set, and the internal counters are incremented. Syntax #include "slapi-plugin.
Syntax #include "slapi-plugin.h" Slapi_DN *slapi_sdn_set_ndn_byval(Slapi_DN *sdn, const char *ndn); Parameters This function takes the following parameters: sdn The target Slapi_DN structure. ndn The normalized DN value to be set in sdn. Returns This function returns a pointer to the Slapi_DN structure containing the new normalized DN value. See also • “slapi_sdn_set_ndn_byref()” • “slapi_sdn_set_dn_passin()” 39.34 slapi_sdn_set_parent() Description This function sets a new parent for a given entry.
40 Functions for sending entries and results to the client This chapter contains reference information on routines for sending entries and results to the client. Table 40-1 Routines for sending entries and results to clients Function Description “slapi_send_ldap_referral()” Processes an entry's LDAP v3 referrals. “slapi_send_ldap_result()” Sends an LDAP result code back to the client. “slapi_send_ldap_search_entry()” Sends an entry found by a search back to the client. 40.
refs Pointer to the NULL-terminated array of berval structures containing the LDAPv3 referrals (search result references) found in the entry. urls Pointer to the array of berval structures used to collect LDAP referrals for LDAPv2 clients. Returns • • This function returns one of the following values: 0 if successful. -1 if an error occurs. See also • “slapi_send_ldap_result()” • “slapi_send_ldap_search_entry()” 40.
text Error message that you want sent back to the client. Pass NULL if you do not want an error message sent back. nentries When sending back the result code for an LDAP search operation, use this argument to specify the number of matching entries found. urls When sending back an LDAP_PARTIAL_RESULTS result code to an LDAPv2 client or an LDAP_REFERRAL result code to an LDAPv3 client, use this argument to specify the array of berval structures containing the referral URLs. Pass NULL in other situations.
• • 326 “slapi_str2filter()” “slapi_send_ldap_search_entry()” Functions for sending entries and results to the client
41 Functions related to UTF-8 This chapter contains reference information on routines that are related to UTF-8. Table 41-1 UTF-8 related routines Function Description “slapi_has8thBit()” Checks if a string has an 8-bit character. “slapi_utf8casecmp()” Makes case-insensitive string comparison of two UTF-8 strings. “slapi_UTF8CASECMP()” Compares two UTF-8 strings. “slapi_utf8ncasecmp()” Makes case-insensitive string comparison of first n characters of two UTF-8 strings.
• • • • • • If both UTF-8 strings are NULL or zero-length, 0 is returned. If one of the strings is NULL or zero-length, the NULL/zero-length string is smaller. If one or both of the strings are not UTF-8, system provided strcasecmp is used. If one of the two strings contains no 8-bit characters, strcasecmp is used. The strings are compared after converted to lowercase UTF-8. Each character is compared from the beginning.
Parameters This function takes the following parameters: s0 A null-terminated UTF-8 string. s1 A null-terminated UTF-8 string. Returns • • • This function returns one of the following values: A positive number if s0 is after s1. 0 if the two string are identical, ignoring case. A negative number if s1 is after s0. 41.4 slapi_utf8ncasecmp() Description This function takes two UTF-8 strings (s0, s1) of unsigned char to be compared for a specified number of characters.
Syntax #include "slapi-plugin.h" int slapi_UTF8NCASECMP(char *s0, char *s1, int n); Parameters This function takes the following parameters: s0 A null-terminated UTF-8 string. s1 A null-terminated UTF-8 string. n The number of UTF-8 characters (not bytes) from s0 and s1 to compare. Returns • • • This function returns one of the following values: A positive number if s0 is after s1. 0 if the two string are identical, ignoring case. A negative number if s1 is after s0. 41.
Parameters This function takes the following parameter: A single UTF-8 character (could be multiple bytes) s Returns • • This function returns one of the following values: 1 if the character is an uppercase letter. 0 if the character is not an uppercase letter. 41.9 slapi_UTF8ISUPPER() Verifies if a UTF-8 character is an uppercase letter. Syntax #include "slapi-plugin.
Parameters This function takes the following parameter: A null-terminated UTF-8 string to be converted to lower case. s Returns • • This function returns one of the following values: A pointer to a null-terminated UTF-8 string whose characters are converted to lower case. Character which are not upper case are copied as-is. NULL if the string is not found to be a UTF-8 string. Memory concerns needed.
Syntax #include "slapi-plugin.h" void slapi_utf8ToLower(unsigned char *s, unsigned char *d, int *ssz, int *dsz); Parameters This function takes the following parameters: s A single UTF-8 character (could be multiple bytes). d Pointer to the lower case form of s. The memory for this must be allocated by the caller before calling the function. ssz Length in bytes of the input character. dsz Length in bytes of the output character.
Syntax #include "slapi-plugin.h" void slapi_UTF8TOUPPER(char *s, char *d, int *ssz, int *dsz); Parameters 334 This function takes the following parameters: s Pointer to a single UTF-8 character (could be multiple bytes). d Pointer to the uppercase version of s. The memory for this must be allocated by the caller before calling the function. ssz Returns the length in bytes of the input character. dsz Returns the length in bytes of the output character.
42 Functions for handling values This chapter contains reference information on value routines. Table 42-1 Value routines Function Description “slapi_value_compare()” Compares two values. “slapi_value_dup()” Duplicates a value. “slapi_value_free()” Frees a Slapi_Value structure from memory. “slapi_value_get_berval()” Gets the berval structure of the value. “slapi_value_get_int()” Converts the value of an integer. “slapi_value_get_length()” Gets the length of a value.
#include "slapi-plugin.h" slapi_value_compare(const Slapi_Attr *a, const Slapi_Value *v1, const Slapi_Value *v2); Parameters This function takes the following parameters: a A pointer to an attribute used to determine how the two values will be compared. v1 Pointer to the Slapi_Value structure containing the first value to compare. v2 Pointer to the Slapi_Value structure containing the second value to compare.
Parameters This function takes the following parameter: Pointer to the Slapi_Value of which you wish to get the berval. value Returns This function returns a pointer to the berval structure contained in the Slapi_Value. This function returns a pointer to the actual berval structure, not a copy of it. Memory concerns You should not free the berval structure unless you plan to replace it by calling “slapi_value_set_berval()”. See also “slapi_value_set_berval()” 42.
Parameters This function takes the following parameter: Pointer to the Slapi_Value that you wish to get as a long integer. value Returns • • This function returns one of the following values: A long integer which corresponds to the value stored in the Slapi_Value structure. 0 if there is no value. See also • “slapi_value_get_int()” • “slapi_value_get_ulong()” • “slapi_value_get_uint()” 42.8 slapi_value_get_string() Returns the value as a string. Syntax #include "slapi-plugin.
42.10 slapi_value_get_ulong() Description integer. Converts the value contained in the Slapi_Value structure into an unsigned long Syntax #include "slapi-plugin.h" unsigned long slapi_value_get_ulong(const Slapi_Value *value); Parameters This function takes the following parameter: Pointer to the value that you wish to get as an unsigned integer.
Syntax #include "slapi-plugin.h" slapi_value_init_string(Slapi_Value *v,const char *s); Parameters This function takes the following parameters: v Pointer to the value to be initialized. The pointer must not be NULL. s A null-terminated string used to initialize the value. Returns This function returns a pointer to the initialized Slapi_Value structure (itself). 42.
42.16 slapi_value_new_berval() Description This function returns a Slapi_Value structure containing a value duplicated from the berval structure passed as the parameter. Syntax #include "slapi-plugin.h" slapi_value_new_berval(const struct berval *bval); Parameters bval This function takes the following parameter: Pointer to the berval structure used to initialize the newly allocated Slapi_Value. Returns This function returns a pointer to the newly allocated Slapi_Value.
Parameters This function takes the following parameter: A null-terminated string used to initialize the newly-allocated Slapi_Value structure. s Returns This function returns a pointer to a newly allocated Slapi_Value structure. If space cannot be allocated (for example, if no virtual memory exists), the slapd program terminates. Memory concerns The value should be freed by the caller, using “slapi_value_free()”. See also • “slapi_value_free()” • “slapi_value_new()” • “slapi_value_dup()” 42.
When you are no longer using the Slapi_Value structure, you should free it from memory by calling “slapi_value_free()”. See also “slapi_value_free()” 42.21 slapi_value_set_berval() Description This function sets the value of Slapi_Value structure. The value is duplicated from the berval structure bval. Syntax #include "slapi-plugin.
42.23 slapi_value_set_string() Description strVal. This function sets the value of the Slapi_Value structure by duplicating the string Syntax #include "slapi-plugin.h" slapi_value_set_string(Slapi_Value *value, const char *strVal); Parameters This function takes the following parameters: value Pointer to the Slapi_Value structure in which to set the value. strVal The string containing the value to set. Returns • • This function returns one of the following: 0 if value is set.
Parameters This function takes the following parameters: value Pointer to the Slapi_Value in which to set the value. vfrom Pointer to the Slapi_Value from which to get the value. Returns • • This function returns one of the following values: The pointer to the Slapi_Value structure passed as the parameter. NULL if it was NULL. Memory concerns If the pointer to the Slapi_Value is NULL, nothing is done, and the function returns NULL.
43 Functions for handling valuesets This chapter contains reference information on valueset routines. Table 43-1 Valueset routines Function Description “slapi_valueset_add_value()” Adds a Slapi_Value in the Slapi_ValueSet structure. “slapi_valueset_add_value_ext()” Enables adding of a Slapi_Value in the Slapi_ValueSet structure without having to duplicate and free the target value. “slapi_valueset_count()” Returns the number of values contained in a Slapi_ValueSet structure.
43.2 slapi_valueset_add_value_ext() Description This function enables adding of a Slapi_Value in the Slapi_ValueSet structure without having to duplicate and free the target value. Sometimes, it is desirable to have a pass-in interface to add a Slapi_Value to a list without having to duplicate and free the target value. This function is similar to an existing function “slapi_valueset_add_value()” but has one more parameter, unsigned long flags, for setting flags.
43.5 slapi_valueset_find() Description This function finds the value in a valueset using the syntax of an attribute. Use this to check for duplicate values in an attribute. Syntax #include "slapi-plugin.h" Slapi_Value *slapi_valueset_find(const Slapi_Attr *a, const Slapi_ValueSet *vs, const Slapi_Value *v); Parameters This function takes the following parameters: a Pointer to the attribute. This is used to determine the syntax of the values and how to match them.
Parameters This function takes the following parameter: Pointer to the Slapi_ValueSet to free. vs See also “slapi_valueset_done()” 43.8 slapi_valueset_init() Description This function returns the values contained in the Slapi_ValueSet structure (sets them to 0). This does not free the values contained in the structure. To free the values, use “slapi_valueset_done()”. Syntax #include "slapi-plugin.
Parameters This function takes the following parameters: vs Pointer to the Slapi_ValueSet structure from which you wish to get the value. index Value returned by the previous call to slapi_valueset_next_value or slapi_value_first_value(). v Address to the pointer to the Slapi_Value structure for the returned value. Returns • • This function returns one of the following values: The index of the value in the Slapi_ValueSet. -1 if there was no more value or the input index is incorrect.
If you do not verify this, the allocated memory space will leak. You can free existing values by calling “slapi_valueset_done()”.
44 Functions specific to virtual attribute service This chapter contains reference information on routines that are specific to virtual attribute services. Table 44-1 Virtual attribute service routines Function Description “slapi_vattr_list_attrs()” Returns all the attribute types, both real and virtual, from an entry. “slapi_vattr_attrs_free()” Frees the attribute list returned by “slapi_vattr_list_attrs()” .
44.2 slapi_vattr_attrs_free() This function should be used to free the list of attributes returned from slapi_vattrspi_add_type(). Syntax #include "slapi-plugin.h" void slapi_vattr_attrs_free(vattr_type_thang **types, int flags); Parameters This function takes the following parameters: types Pointer to the list of attributes to be freed. flags Bit mask of options. Valid value is as follows: SLAPI_VIRTUALATTRS_RETURNED_POINTERS Memory concerns See also Free the pointer block using “slapi_ch_free()”.
• • • SLAPI_VIRTUALATTRS_LOOP_DETECTED (failed to evaluate a vattr). SLAPI_VIRTUAL_NOT_FOUND (type not recognized by any vattr and not a real attr in entry). ENOMEM (memory error). 44.5 slapi_vattr_values_free() Description This function should be used to free the valueset and type names returned from “slapi_vattr_values_get_ex()”. Syntax #include "slapi-plugin.
44.7 slapi_vattr_values_get_ex() Description This function returns the values for an attribute type from an entry, including the values for any subtypes of the specified attribute type. The routine will return the values of virtual attributes in that entry if requested to do so. Syntax #include "slapi-plugin.
computation becomes similar to slapi_vattr_values_get(). In functionality, slapi_vattr_values_type_thang_get() mimics slapi_vattr_values_get(). Syntax #include "slapi-plugin.h" int slapi_vattr_values_type_thang_get ( Slapi_Entry *e, vattr_type_thang *type_thang, Slapi_ValueSet** results, int *type_name_disposition, char **actual_type_name, int flags, int *buffer_flags); Parameters This function takes the following parameters: e Entry to be compared. type Attribute type name.
45 Functions for managing locks and synchronization This chapter contains reference information on locks and synchronization routines. Table 45-1 Locks and synchronization routines Function Description “slapi_destroy_condvar()” Frees a Slapi_CondVar structure from memory. “slapi_destroy_mutex()” Frees a Slapi_Mutex structure from memory. “slapi_lock_mutex()” Locks the specified mutex.
#include "slapi-plugin.h" void slapi_lock_mutex( Slapi_Mutex *mutex ); Parameters This function takes the following parameters: Pointer to a Slapi_Mutex structure representing the mutex that you want to lock. mutex 45.4 slapi_new_condvar() Description This function creates a new condition variable and returns a pointer to the Slapi_CondVar structure. You can create the Slapi_Mutex structure by calling the “slapi_new_mutex()” function.
Parameters This function takes the following parameters: cvar Pointer to an Slapi_CondVar structure representing the condition variable. notify_all If 1, notifies all threads that are waiting on the condition variable. Returns • • This function returns one of the following values: A nonzero value if the thread (or threads) are successfully notified. 0 if an error occurs; for example, if the condition variable is NULL or if the mutex associated with the condition variable is not locked. 45.
46 Functions for managing computed attributes This chapter contains reference information on computed-attribute routines. Table 46-1 Routines for computed attributes Function Description “slapi_compute_add_evaluator()” Registers a function as an evaluator that the server will call to generate a computed attribute. “slapi_compute_add_search_rewriter()” Registers callbacks for filter and search rewriting.
46.3 compute_rewrite_search_filter() Description This function calls evaluator functions to see if there is a match with a search filter. Before the server sends an entry as a search result back to the client, the server determines if any of the requested attributes are computed attributes and generates the values for those attributes. Syntax #include "slapi-plugin.h" int compute_rewrite_search_filter (Slapi_PBlock *pb); Parameters Parameter block that matches the rewrite search filter.
47 Functions for manipulating bits This chapter contains reference information on routines for manipulating bits. Table 47-1 Bit manipulator routines Function Description “slapi_isbitset_int()” Checks whether a particular bit is set in an integer. “slapi_isbitset_uchar()” Checks whether a particular bit is set in a character. “slapi_setbit_int()” Sets the specified bit in an integer. “slapi_setbit_uchar()” Sets the specified bit in a character.
• • “slapi_setbit_uchar()” “slapi_unsetbit_uchar()” 47.3 slapi_setbit_int() Sets the specified bit in an integer. Syntax #include "slapi-plugin.h" unsigned int slapi_setbit_int(unsigned int f,unsigned int bitnum); Parameters This function takes the following parameters: f The integer in which a bit is to be set. bitnum The bit number that needs to be set in the integer. Returns This function returns the integer with the specified bit set.
• • “slapi_isbitset_int()” “slapi_setbit_int()” 47.6 slapi_unsetbit_uchar() Unsets the specified bit in a character. Syntax #include "slapi-plugin.h" unsigned char slapi_unsetbit_uchar(unsigned char f, unsigned char bitnum); Parameters This function takes the following parameters: f The character in which a bit is to be unset. bitnum The bit number that needs to be unset in the character. Returns This function returns the character with the specified bit unset.
48 Functions for registering object extensions This chapter contains reference information on routines for registering object extensions. This set of functions provides a means for extending core server objects; this functionality is provided so that you can efficiently pass state information between plug-in calls. Typically, a plug-in might register both a preoperation and postoperation call.
const char *objectname, slapi_extension_constructor_fnptr constructor, slapi_extension_destructor_fnptr destructor, int *objecttype, int *extensionhandle); Parameters This function takes the following parameters: pluginname Plug-in name. objectname The name of the core server object to be extended.
49 Functions related to data interoperability This chapter contains reference information on routines that support the data interoperability feature of Directory Server, which is explained in Chapter 13 “Using data interoperability plug-ins”. This set of functions allows a custom plug-in to preserve the default behavior of the Directory Server and bypass access control checking.
slapi_operation_set_flag( op, SLAPI_OP_FLAG_NO_ACCESS_CHECK ); } Syntax #include "slapi-plugin.h" void slapi_operation_set_flag( Slapi_Operation *op, unsigned long flag) Parameter This function takes the following parameters: op Operation data structure. flag Flag to be set. By default, only one flag is supported, the SLAPI_OP_FLAG_NO_ACCESS_CHECK flag, which specifies that access control should not be checked. See also • “slapi_operation_clear_flag()” • “slapi_operation_is_flag_set()” 49.
Parameter This function takes the following parameters: op Operation data structure. flag Flag to check. There are three possible flags: • SLAPI_OP_FLAG_NO_ACCESS_CHECK flag, which specifies that access control should not be checked. • SLAPI_OPERATION_FLAG_INTERNAL flag, which is set for any internal operation. • SLAPI_OP_FLAG_NEVER_CHAIN flag, which specifies that disables chaining. Returns This function returns 0 if the flag is not set and a nonzero value if the flag is set.
50 Functions for registering additional plug-ins This chapter contains reference information on interfaces that allow a plug-in to register additional plug-ins. Table 50-1 Routines for registering additional plug-ins Function Description “slapi_register_plugin()” Allows a plug-in to register a plug-in. 50.1 slapi_register_plugin() Description This function allows a plug-in to register a plug-in.
51 Functions for server tasks Directory Server tasks are usually maintenance operations for the server, such as indexing entries or importing an LDIF file. Certain server tasks can be performed through a special task plug-in. When a task entry is added to the cn=tasks subtree in the directory, the task's handler is called and performs the task. This chapter describes functions available for task structures.
Parameters This function takes the following parameter: Contains arguments to passed to the task. arg 51.2 slapi_new_task() Creates a new server task and returns a pointer to the Slapi_Task structure. Syntax Slapi_Task *slapi_new_task(const char *dn) Parameters This function takes the following parameter: The DN of the task entry that was defined for this instance of the task.
Parameters This function takes the following parameter: Points to the task operation which is being performed by the server. task See also • slapi_task_inc_refcount() • slapi_task_get_refcount() 51.6 slapi_task_finish() Called when the task is completed. As with other functions which terminate a task, this updates the task entry to record that the task is complete and returns a result code to the user.
Parameters This function takes the following parameter: Points to the task operation which is being performed by the server. task See also • slapi_task_dec_refcount() • slapi_task_inc_refcount() 51.9 slapi_task_get_state() Checks the current state of a task. Syntax int slapi_task_get_state(Slapi_Task *task) Parameters This function takes the following parameter: Points to the task operation which is being performed by the server.
Parameters task This function takes the following parameter: Points to the task operation which is being performed by the server. See also • slapi_task_dec_refcount() • slapi_task_get_refcount() 51.12 slapi_task_log_notice() Writes changes to a log attribute for the task entry. Directory task entries log all their messages to a log attribute in the configuration entry, nsTaskLog. This function adds a line to the nsTaskLog value.
Parameters This function takes the following parameter: Gives the name of the new function. name See also • dseCallbackFn 51.15 slapi_task_set_data() Adds an opaque data object pointer to your task. This is function is useful for including data-specific information that the handler function can assign to the thread that actually performs the task.
Parameters task This function takes the following parameter: Points to the task operation which is being performed by the server. See also • slapi_task_set_data() • TaskCallbackFn 51.18 slapi_task_status_changed() Updates the task configuration entry with the current status information. This function must be called if the progress or status of the task is updated manually in the Slapi_Task structure.
Part V Parameter block reference This part describes the parameters available in the Slapi_PBlock parameter block, the type of data associated with each parameter, and the plug-in functions in which those parameters are accessible. To get the values of these parameters, call the “slapi_pblock_get()” function. To set the values of these parameters, call the “slapi_pblock_set()” function.
52 Parameters for registering plug-in functions The parameters listed in this section identify plug-in functions recognized by the server. To register your plug-in function, set the value of the appropriate parameter to the name of your function. Note: With the exception of the parameters for matching rule plug-in functions, you do not need to get the value of any of these parameters. Note: Database plug-ins are not supported in current releases of Directory Server.
Parameter ID Description SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN This function is called before an internal LDAP add operation is completed. SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN This function is called before an internal LDAP delete operation is completed. SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN This function is called before an internal LDAP modify operation is completed. SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN This function is called before an internal LDAP modify RDN operation is completed. 52.
52.3 Matching rule plug-ins The parameters listed below are used with matching rule plug-in functions that can be registered. Parameter ID Description SLAPI_PLUGIN_MR_FILTER_CREATE_FN This is a factory function for creating filter functions. This function must be thread-safe because the server may call it concurrently with other functions. SLAPI_PLUGIN_MR_INDEXER_CREATE_FN This is a factory function for creating indexer functions.
53 Parameters accessible to all plug-ins The parameters listed in this section are accessible to all types of plug-ins. 53.1 Information about the database The parameters listed below specify information about the back end database. These parameters are available for all types of plug-ins. These specific parameters cannot be set by calling “slapi_pblock_set()”. You can, however, get these parameters by calling “slapi_pblock_get()”.
Table 53-1 Information about the connection Parameter ID Data type Description SLAPI_CONN_SASL_SSF int * The security strength factor provided by the SASL layer used by the connection. SLAPI_CONN_CERT CERTCertificate * The client certificate associated with the connection; may be absent. This is an NSS database. See http:// mozilla.org/projects/ security/pki/nss/ SLAPI_CONN_IS_REPLICATION_SESSION char * Indicates the current connection is a replication session.
53.3 Information about the operation The parameters listed below specify informationabout the current operation. These parameters are available for all types of plug-ins. Parameter ID Data type Description SLAPI_OPERATION Slapi_Operation * Information about the operation currently in progress. SLAPI_OPINITIATED_TIME time_t Time when the server began processing the operation. SLAPI_REQUESTOR_ISROOT int Specifies whether the user requesting the operation is the root DN.
53.6 Information about access control lists The parameters listed below are used with the access control list (ACL) plug-in functions to determine access control levels. Parameter ID Data type Description SLAPI_PLUGIN_ACL_ALLOW_ACCESS int Flag sent to the ACL plug-in when it is called that indicates that ACL access is allowed. SLAPI_PLUGIN_ACL_INIT Flag that is set when ACL plug-ins are initialized that allows the use of ACL plug-in access functions.
Parameter ID Data type Description SLAPI_PLUGIN_OPRETURN int Specifies the return value of the LDAP operation that has just been processed. SLAPI_PLUGIN_OBJECT void * Reserved for internal use only; used with filter processing. SLAPI_PLUGIN_DESTROY_FN void * Reserved for internal use only; used with filter processing. SLAPI_PLUGIN_DESCRIPTION char * Provides a description of this plug-in function. SLAPI_PLUGIN_IDENTITY char * Identifies this plug-in function. 53.8.
Defined Constant Description SLAPI_PLUGIN_VERSION_02 Version 2 of the plug-in interface, which is supported by the Directory Server 4.x release but not by previous releases. SLAPI_PLUGIN_VERSION_03 Version 3 of the plug-in interface, which is supported by current releases of Directory Server but not by previous releases. 53.9 Information about command-line arguments The parameters listed below are used to determine the command-line arguments with which a plug-in was invoked.
Parameter ID Description SLAPI_ATTR_FLAG_OPATTR Flag that determines if the attribute is an operational attribute. SLAPI_ATTR_FLAG_READONLY Flag that determines if the attribute is read-only. SLAPI_ATTR_FLAG_SINGLE Flag that determines if the attribute is single-valued. SLAPI_ATTR_FLAG_STD_ATTR Flag that indicates that this is a standard, non-user-defined attribute that is not listed in the user defined schema file, which is typically the schema file named 99user.ldif.
54 Parameters for the bind function The following table lists the parameters in the parameter block passed to the database bind function. If you are writing a preoperation, database, or postoperation bind function, you can get these values by calling the function. Parameter ID Data type Description SLAPI_BIND_TARGET char * DN of the entry to which to bind. SLAPI_BIND_METHOD int Authentication method used; for example, LDAP_AUTH_SIMPLE or LDAP_AUTH_SASL.
55 Parameters for the search function The following parameters are used with the search function: • • • “Parameters passed to the search function” “Parameters for executing the search” “Parameters for the search results” 55.1 Parameters passed to the search function The following table lists the parameters in the parameter block passed to the database search function. If you are writing a preoperation, database, or postoperation search function, you can get these values by calling the function.
55.2 Parameters for executing the search The following parameters are set by the front end and back end database as part of the process of executing the search. Parameter ID Data type Description SLAPI_SEARCH_RESULT_SET void * Set of search results. SLAPI_SEARCH_RESULT_ENTRY void * Entry returned from iterating through the results set. SLAPI_SEARCH_RESULT_ENTRY_EXT void * Reserved for future use. SLAPI_NENTRIES int Number of search results found.
56 Parameters that convert strings to entries The parameters listed below are pblock parameters; they are flags that can be passed to the slapi_str2entry() function. Parameter ID Description SLAPI_STR2ENTRY_ADDRDNVALS In the conversion from strings to entries, adds the RDN value as an attribute if it is not present. SLAPI_STR2ENTRY_BIGENTRY Provides a hint that the entry is large; this enables some optimizations related to large entries.
57 Parameters for the add function The following table lists the parameters in the parameter block passed to the database add function. If you are writing a preoperation, database, or postoperation add function, you can get these values by calling the function. Parameter ID Data type Description SLAPI_ADD_TARGET char * DN of the entry to be added. SLAPI_ADD_ENTRY Slapi_Entry * The entry to be added (specified as the opaque datatype).
58 Parameters for the compare function The following table lists the parameters in the parameter block passed to the database compare function. If you are writing a preoperation, database, or postoperation compare function, you can get these values by calling the “slapi_pblock_get()” function. Parameter ID Data type Description SLAPI_COMPARE_TARGET char * DN of the entry to be compared. SLAPI_COMPARE_TYPE char * Attribute type to use in the comparison.
59 Parameters for the delete function The following table lists the parameters in the parameter block passed to the database delete function. If you are writing a preoperation, database, or postoperation delete function, you can get these values by calling the function. Parameter ID Data type Description SLAPI_DELETE_TARGET char * DN of the entry to delete. SLAPI_DELETE_EXISTING_ENTRY Slapi_Entry * Internal only; used by the multi-master replication resolution procedure code.
60 Parameters for the modify function The following table lists the parameters in the parameter block passed to the database modify function. If you are writing a preoperation, database, or postoperation modify function, you can get these values by calling the function. Parameter ID Data type Description SLAPI_MODIFY_TARGET char * DN of the entry to be modified. SLAPI_MODIFY_MODS LDAPMod ** A NULL-terminated array of LDAPMod structures, which represent the modifications to be performed on the entry.
61 Parameters for the modify RDN function The following table lists the parameters in the parameter block passed to the database modify RDN function. If you are writing a preoperation, database, or postoperation modify RDN function, you can get these values by calling the “slapi_pblock_get()” function. Parameter ID Data type Description SLAPI_MODRDN_TARGET char * DN of the entry that you want to rename. SLAPI_MODRDN_NEWRDN char * New RDN to assign to the entry.
62 Parameters for the abandon function The following table lists the parameters in the parameter block passed to the database abandon function. If you are writing a preoperation, database, or postoperation abandon function, you can get these values by calling the function. Parameter ID Data type Description SLAPI_ABANDON_MSGID unsigned long Message ID of the operation to abandon. See “Processing an LDAP abandon operation”, for more information on these parameters.
63 Parameters for the matching rule function The following table lists the parameters in the parameter block passed to the database matching rule function. Parameter ID Data type Description SLAPI_PLUGIN_MR_OID char * Matching rule OID (if any) specified in the extensible match filter. SLAPI_PLUGIN_MR_TYPE char * Attribute type (if any) specified in the extensible match filter. SLAPI_PLUGIN_MR_VALUE struct berval * Value specified in the extensible match filter.
The following function sets all three parameters: • SLAPI_SEARCH_INTERNAL_PB() 63.1 Query operators in extensible match filters The server checks the value of the SLAPI_PLUGIN_MR_QUERY_OPERATOR parameter to determine which operator is specified. The following parameters are defined values for the SLAPI_PLUGIN_MR_QUERY_OPERATOR: 418 Parameter ID Description SLAPI_OP_LESS Less than (<) operator. SLAPI_OP_LESS_OR_EQUAL Less than or equal to (<=) operator. SLAPI_OP_EQUAL Equal to (=) operator.
64 Parameters for LDBM back end pre- and postoperation functions The section describes the parameters that are used with the LDBM Back end plug-in functions: • • “Preoperation plug-ins” “Postoperation plug-ins” These functions are called by the LDBM Back end, for example, the SLAPI_PLUGIN_BE_PRE_DELETE_FN is called by the LDBM Back end before a delete operation is carried out, but after all of the more general SLAPI_PLUGIN_PRE_DELETE_FN functions have been called. 64.
65 Parameters for the database The parameters listed in this section can be used to get and set information about the database itself, database connections, and database operations. • • • “Information about the database” “Information about operations” “Information about back end state change” 65.1 Information about the database The following parameters can be used as the second argument to the “slapi_pblock_get()” and “slapi_pblock_set()” functions to get and set information about the database.
65.3 Information about back end state change The following parameters can be used in the “slapi_register_back end_state_change()” and “slapi_unregister_back end_state_change()” functions to register and unregister callbacks when a back end state changes. 422 Parameter ID Data type Description MTN_BE_ON int The back end is on. MTN_BE_OFFLINE int The back end is offline (import process). MTN_BE_DELETE int The back end has been deleted.
66 Parameters for LDAP functions The parameters listed in this section can be used with functions that you can call to perform LDAP operations from a plug-in. These internal operations do not return any data to a client. • • • “Parameters for LDAP operations” “Parameters for LDAP control” “Parameters for generating LDIF strings” 66.1 Parameters for LDAP operations Parameter ID Data type Description SLAPI_PLUGIN_INTOP_RESULT int Result code of the internal LDAP operation.
Parameter ID Data type Description SLAPI_OPERATION_NONE LDAPControl * This control applies to none of the LDAP operations. SLAPI_OPERATION_SEARCH LDAPControl * This controlapplies to the LDAP search operation. SLAPI_OPERATION_UNBIND LDAPControl * This control applies to the LDAP unbind operation. SLAPI_RESCONTROLS LDAPControl * The complete set of LDAPv3 controls that will be sent with the LDAP result.
67 Parameters for error logging The parameters listed below are used with the function to write error messages to the error log, which is by located by default in /var/opt/dirsrv/slapd-instance_name/log/errors. The severity level of the message is determined by the administrator and determines whether the message is written to the error log. The severity level can have one of the following values: Parameter ID Description SLAPI_LOG_FATAL This message is always written to the error log.
68 Parameters for filters This section lists the parameters used for manipulating LDAP filters, including with functions such as slapi_filter_join(). These are not pblock parameters. • • “Parameters for comparison filters” “Parameters for filter operations” 68.1 Parameters for comparison filters The parameters listed below are filters that are used to compare a value against an attribute. Parameter ID Description LDAP_FILTER_AND AND filter.
Parameter ID Description SLAPI_FILTER_SCAN_ERROR Indicates an error occurred during the traverse and the scan aborted. SLAPI_FILTER_UNKNOWN_FILTER_TYPE Error code that SLAPI_FILTER_SCAN_ERROR can set.
69 Parameters for password storage The following plug-in functions and parameters access password storage schemes to encode, decode, and compare passwords: • • “Password storage plug-ins” “Parameters for password storage” 69.1 Password storage plug-ins The parameters listed below are used with functions that you can call to store passwords. Parameter ID Description SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN This function accesses a password storage scheme to compare passwords.
70 Parameters for resource limits The following parameters are used to provide information about resource limits: • • “Parameter for binder-based resource limits” “Status codes for resource limits” 70.1 Parameter for binder-based resource limits The following parameter is a valid value for the slapi_reslimit_register() function. Parameter ID Data type Description SLAPI_RESLIMIT_TYPE_INT int Valid values for the type parameter for slapi_reslimit_register(). 70.
71 Parameters for the virtual attribute service The parameters listed in the tables below are used with the virtual attribute service to return information about virtual and real attributes. These identifiers are flags that can be passed to various slapi_vattr_values_XXX() functions in the flags parameter: Parameter Data type Description SLAPI_REALATTRS_ONLY int Flag that indicates only real attributes are used. SLAPI_VIRTUALATTRS_ONLY int Flag that indicates only virtual attributes are used.
Part VI Support and other resources 435
72 Support and other resources 72.1 Contacting HP 72.1.1 Information to collect before contacting HP Be sure to have the following information available before you call contact HP: • • • • • • Software product name Hardware product model number Operating system type and version Applicable error message Third-party hardware or software Technical support registration number (if applicable) 72.1.
• HP-UX Directory Server administration server guide The Administration Server is a support server that drives access to the Directory Server Console , provides a web server for Directory Server web applications, and stores some Directory Server configuration. This guide covers how to manage the Administration Server through the Console, through the command line, and through the web services. It also covers basic Administration Server concepts.
72.2.3 Troubleshooting resources • You can search a technical knowledge database available on the HP IT Resource Center (ITRC) website at: http://itrc.hp.com/ • To seek solutions to problems, you can post messages on the ITRC Forums page at the following website (select the HP-UX area in the Areas of peer problem solving section): http://forums.itrc.hp.com/ 72.3 Typographic conventions This document uses the following typographical conventions: Book title The title of a book.
Glossary A access control instruction See ACI. access control list See ACL. access rights In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
bind distinguished name See bind DN. bind DN Distinguished name used to authenticate to Directory Server when performing an operation. bind rule In the context of access control, the bind rule specifies the credentials and conditions that a particular user or client must satisfy in order to get access to directory information. branch entry An entry that represents the top of a subtree in the directory.
CoS definition entry Identifies the type of CoS you are using. It is stored as an LDAP subentry below the branch it affects. CoS template entry Contains a list of the shared attribute values. See also template entry. D daemon A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning. DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory.
file type The format of a given file. For example, graphics files are often saved in GIF format, while a text file is usually saved as ASCII text format. File types are usually identified by the file extension (for example, .GIF or .HTML). filter A constraint applied to a directory query that restricts the information returned. filtered role Allows you to assign entries to the role depending upon the attribute contained by each entry. You do this by specifying an LDAP filter.
L LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server. See also browser. LDAP Data Interchange Format See LDAP Data Interchange Format. LDAP URL Provides the means of locating Directory Servers using DNS, then completing the query through LDAP. A sample LDAP URL is ldap://ldap.example.com.
are automatically replicated to the other server. In case of conflict, a time stamp is used to determine which server holds the most recent version. multiplexor The server containing the database link that communicates with the remote server. N n + 1 directory problem The problem of managing multiple instances of the same information in different directories, resulting in increased hardware and personnel costs. name collisions Multiple entries with the same distinguished name.
presence index Allows searches for entries that contain a specific indexed attribute. protocol A set of rules that describes how devices on a network exchange information. protocol data unit See PDU. proxy authentication A special form of authentication where the user requesting access to the directory does not bind with its own DN but with a proxy DN. proxy DN Used with proxied authorization.
S SASL An authentication framework for clients as they attempt to bind to a directory. Also Simple Authentication and Security Layer . schema Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results. schema checking Ensures that entries added or modified in the directory conform to the defined schema.
superuser The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called root. supplier Server containing the master copy of directory trees or subtrees that are replicated to replica servers. supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica.
Index A attribute routines, 171 B back end routines, 183 berval, 117 bind routines, 249 bit-manipulator routines, 365 C compute_rewrite_search_filter(), 364 computed-attribute routines, 363 computed_attr_context, 117 control routines, 195 counter routines, 255 D data interoperability plug-ins,, 107 API support,, 114 deployment requirements,, 107 limitations,, 107 sample plug-in,, 112 data interoperability routines, 371 slapi_op_reserved(),, 371 slapi_operation_clear_flag(),, 372 slapi_operation_is_flag_s
slapi_wait_condvar(),, 361 H header file location,, 31 HP authorized resellers, 437 HP technical support, 437 I internal operation flag routines, 165 L lapi_matchingrule_free(), 259 LDAP slapi_get_supported_controls_copy(), 117 LDAPControl, 117 slapi_add_control_ext(), 117 slapi_add_controls(), 117 slapi_build_control(), 117 slapi_build_control_from_berval(), 117 slapi_control_present(), 117 slapi_get_supported_controls_copy(), 117 slapi_mod_get_ldapmod_passout(), 117 slapi_register_supported_control(),
slapi_attr_get_valueset(), 176 slapi_attr_init(), 176 slapi_attr_new(), 177 slapi_attr_next_value(), 177 slapi_attr_set_valueset(), 177 slapi_attr_syntax_normalize(), 178 slapi_attr_type2plugin(), 178 slapi_attr_type_cmp(), 179 slapi_attr_types_equivalent(), 179 slapi_attr_value_cmp(), 180 slapi_attr_value_find(), 180 Slapi_Back end, 125 slapi_be_addsuffix(), 126 slapi_be_delete_onexit(), 126 slapi_be_exist(), 126 slapi_be_free(), 126 slapi_be_get_instance_info(), 126 slapi_be_get_name(), 126 slapi_be_get_r
slapi_dup_control(), 198 slapi_encode(), 292 Slapi_Entry, 131 slapi_be_getentrypoint(), 126 slapi_entry2str_with_options(), 131 slapi_entry_add_rdn_values(), 131 slapi_entry_add_string(), 131 slapi_entry_add_value(), 131 slapi_entry_add_values_sv(), 131 slapi_entry_alloc(), 131 slapi_entry_apply_mods(), 131 slapi_entry_attr_delete(), 131 slapi_entry_attr_find(), 131 slapi_entry_attr_get_charptr(), 131 slapi_entry_attr_get_charray(), 131 slapi_entry_attr_get_int(), 131 slapi_entry_attr_get_long(), 131 slapi_
slapi_filter_get_subfilt(), 239 slapi_filter_get_type(), 240 slapi_filter_join(), 240 slapi_filter_join_ex(), 241 slapi_filter_list_first(), 242 slapi_filter_list_next(), 242 slapi_filter_test(), 243 slapi_filter_test_ext(), 243 slapi_filter_test_simple(), 244 slapi_find_matching_paren(), 244 slapi_free_search_results_internal(), 160 slapi_get_first_back end(), 190 slapi_get_first_suffix(), 190 slapi_get_next_back end(), 191 slapi_get_next_suffix(), 191 slapi_get_object_extension(), 369 slapi_get_supported_
slapi_mods_new(), 135 slapi_mods_remove(), 135 slapi_mods2entry(), 273 slapi_mods_add_ldapmod(), 274 slapi_mods_add_mod_values(), 274 slapi_mods_add_modbvps(), 275 slapi_mods_add_smod(), 275 slapi_mods_add_string(), 276 slapi_mods_done(), 276 slapi_mods_dump(), 277 slapi_mods_free(), 277 slapi_mods_get_first_mod(), 277 slapi_mods_get_first_smod(), 278 slapi_mods_get_ldapmods_byref(), 278 slapi_mods_get_ldapmods_passout(), 278 slapi_mods_get_next_mod(), 279 slapi_mods_get_next_smod(), 279 slapi_mods_get_num_
slapi_rdn_get_rdn(), 300 slapi_rdn_init(), 301 slapi_rdn_init_dn(), 301 slapi_rdn_init_rdn(), 301 slapi_rdn_init_sdn(), 302 slapi_rdn_isempty(), 302 slapi_rdn_new(), 302 slapi_rdn_new_dn(), 303 slapi_rdn_new_rdn(), 303 slapi_rdn_new_sdn(), 303 slapi_rdn_remove(), 304 slapi_rdn_remove_attr(), 304 slapi_rdn_remove_index(), 304 slapi_rdn_set_dn(), 305 slapi_rdn_set_rdn(), 305 slapi_rdn_set_sdn(), 306 slapi_register_back end_state_change, 192 slapi_register_back end_state_change(),, 422 slapi_register_object_ex
slapi_utf8isUpper(), 330 slapi_UTF8NCASECMP(), 329 slapi_utf8ncasecmp(), 329 slapi_UTF8STRTOLOWER(), 331 slapi_utf8StrToLower(), 331 slapi_UTF8STRTOUPPER(), 332 slapi_utf8StrToUpper(), 332 slapi_UTF8TOLOWER(), 333 slapi_utf8ToLower(), 332 slapi_UTF8TOUPPER(), 333 slapi_utf8ToUpper(), 333 Slapi_Value, 142 slapi_value_compare(), 142 slapi_value_free(), 142 slapi_value_get_berval(), 142 slapi_value_get_int(), 142 slapi_value_get_length(), 142 slapi_value_get_long(), 142 slapi_value_get_string(), 142 slapi_valu
winsync_plugin_init_cb, 146 winsync_pre_ad_mod_mods_cb, 147 winsync_pre_add_cb, 146 winsync_pre_mod_cb, 147 winsync_search_params_cb, 148 459
