HP-UX Directory Server 8.1 plug-in reference
Table Of Contents
- HP-UX Directory Server plug-in reference
- Table of Contents
- Part I Introduction to Directory Server plug-ins
- 1 An overview of Directory Server plug-ins
- 2 Writing and compiling plug-ins
- 3 Configuring plug-ins
- 4 An example plug-in
- Part II Writing functions and plug-ins
- 5 Front end API functions
- 5.1 Logging messages
- 5.2 Adding notes to access log entries
- 5.3 Sending data to the client
- 5.4 Determining if an operation was abandoned
- 5.5 Working with entries, attributes, and values
- 5.6 Working with DNs and RDNs
- 5.7 Working with search filters
- 5.8 Checking passwords
- 6 Writing pre- and postoperation plug-ins
- 7 Defining functions for LDAP operations
- 7.1 Specifying start and close functions
- 7.2 Processing an LDAP bind operation
- 7.3 Processing an LDAP unbind operation
- 7.4 Processing an LDAP search operation
- 7.5 Processing an LDAP compare operation
- 7.6 Processing an LDAP add operation
- 7.7 Processing an LDAP modify operation
- 7.8 Processing an LDAP modify RDN operation
- 7.9 Processing an LDAP delete operation
- 7.10 Processing an LDAP abandon operation
- 8 Defining functions for authentication
- 8.1 Understanding authentication methods
- 8.2 How the Directory Server identifies clients
- 8.3 How the authentication process works
- 8.4 Writing your own authentication plug-in
- 8.5 Writing a preoperation bind plug-in
- 8.6 Using SASL with an LDAP client
- 9 Writing entry store/fetch plug-ins
- 10 Writing extended operation plug-ins
- 11 Writing matching rule plug-ins
- 11.1 Understanding matching rules
- 11.2 Understanding matching rule plug-ins
- 11.3 Indexing based on matching rules
- 11.4 Handling extensible match filters
- 11.4.1 How the server handles the filter
- 11.4.2 Query operators in matching rules
- 11.4.3 Writing a filter factory function
- 11.4.4 Getting and setting parameters in filter factory functions
- 11.4.5 Writing a filter index function
- 11.4.6 Getting and setting parameters in filter index functions
- 11.4.7 Writing a filter matching function
- 11.5 Handling sorting by matching rules
- 11.6 Writing a destructor function
- 11.7 Writing an initialization function
- 11.8 Registering matching rule functions
- 11.9 Specifying start and close functions
- 12 Using the custom distribution logic
- 13 Using data interoperability plug-ins
- 5 Front end API functions
- Part III Data type and structure reference
- 14 Data type and structure reference
- 14.1 berval
- 14.2 computed_attr_context
- 14.3 LDAPControl
- 14.4 LDAPMod
- 14.5 mrFilterMatchFn
- 14.6 plugin_referral_entry_callback
- 14.7 plugin_result_callback
- 14.8 plugin_search_entry_callback
- 14.9 send_ldap_referral_fn_ptr_t
- 14.10 send_ldap_result_fn_ptr_t
- 14.11 send_ldap_search_entry_fn_ptr_t
- 14.12 Slapi_Attr
- 14.13 Slapi_Back end
- 14.14 slapi_back end_state_change_fnptr
- 14.15 Slapi_ComponentID
- 14.16 slapi_compute_callback_t
- 14.17 slapi_compute_output_t
- 14.18 Slapi_Connection
- 14.19 Slapi_CondVar
- 14.20 Slapi_Counter
- 14.21 Slapi_DN
- 14.22 Slapi_Entry
- 14.23 Slapi_Filter
- 14.24 Slapi_MatchingRuleEntry
- 14.25 Slapi_Mod
- 14.26 Slapi_Mods
- 14.27 Slapi_Mutex
- 14.28 Slapi_Operation
- 14.29 Slapi_PBlock
- 14.30 Slapi_PluginDesc
- 14.31 Slapi_RDN
- 14.32 Slapi_Task
- 14.33 Slapi_UniqueID
- 14.34 Slapi_Value
- 14.35 Slapi_ValueSet
- 14.36 Synchronization callbacks and data types
- 14 Data type and structure reference
- Part IV Function reference
- 15 Distribution routines
- 16 Functions for access control
- 17 Functions for internal operations and plug-in callback
- 18 Functions for setting internal operation flags
- 19 Functions for handling attributes
- 19.1 slapi_attr_add_value()
- 19.2 slapi_attr_basetype()
- 19.3 slapi_attr_dup()
- 19.4 slapi_attr_first_value()
- 19.5 slapi_attr_flag_is_set()
- 19.6 slapi_attr_free()
- 19.7 slapi_attr_get_bervals_copy()
- 19.8 slapi_attr_get_flags()
- 19.9 slapi_attr_get_numvalues()
- 19.10 slapi_attr_get_oid_copy()
- 19.11 slapi_attr_get_type()
- 19.12 slapi_attr_get_valueset()
- 19.13 slapi_attr_init()
- 19.14 slapi_attr_new()
- 19.15 slapi_attr_next_value()
- 19.16 slapi_attr_set_valueset()
- 19.17 slapi_attr_syntax_normalize()
- 19.18 slapi_attr_type2plugin()
- 19.19 slapi_attr_type_cmp()
- 19.20 slapi_attr_types_equivalent()
- 19.21 slapi_attr_value_cmp()
- 19.22 slapi_attr_value_find()
- 19.23 slapi_valueset_set_from_smod()
- 20 Functions for managing back end operations
- 20.1 slapi_be_addsuffix()
- 20.2 slapi_be_delete_onexit()
- 20.3 slapi_be_exist()
- 20.4 slapi_be_free()
- 20.5 slapi_be_get_instance_info()
- 20.6 slapi_be_get_name()
- 20.7 slapi_be_get_readonly()
- 20.8 slapi_be_getentrypoint()
- 20.9 slapi_be_getsuffix()
- 20.10 slapi_be_gettype()
- 20.11 slapi_be_is_flag_set()
- 20.12 slapi_be_issuffix()
- 20.13 slapi_be_logchanges()
- 20.14 slapi_be_new()
- 20.15 slapi_be_private()
- 20.16 slapi_be_select()
- 20.17 slapi_be_select_by_instance_name()
- 20.18 slapi_be_set_flag()
- 20.19 slapi_be_set_instance_info()
- 20.20 slapi_be_set_readonly()
- 20.21 slapi_be_setentrypoint()
- 20.22 slapi_get_first_back end()
- 20.23 slapi_get_first_suffix()
- 20.24 slapi_get_next_back end()
- 20.25 slapi_get_next_suffix()
- 20.26 slapi_is_root_suffix()
- 20.27 slapi_register_back end_state_change()
- 20.28 slapi_unregister_back end_state_change()
- 21 Functions for dealing with controls
- 22 Functions for syntax plug-ins
- 23 Functions for managing memory
- 24 Functions for managing entries
- 24.1 slapi_entry2str()
- 24.2 slapi_entry2str_with_options()
- 24.3 slapi_entry_add_rdn_values()
- 24.4 slapi_entry_add_string()
- 24.5 slapi_entry_add_value()
- 24.6 slapi_entry_add_values_sv()
- 24.7 slapi_entry_add_valueset()
- 24.8 slapi_entry_alloc()
- 24.9 slapi_entry_apply_mods()
- 24.10 slapi_entry_attr_delete()
- 24.11 slapi_entry_attr_find()
- 24.12 slapi_entry_attr_get_bool()
- 24.13 slapi_entry_attr_get_charptr()
- 24.14 slapi_entry_attr_get_charray()
- 24.15 slapi_entry_attr_get_int()
- 24.16 slapi_entry_attr_get_long()
- 24.17 slapi_entry_attr_get_uint()
- 24.18 slapi_entry_attr_get_ulong()
- 24.19 slapi_entry_attr_has_syntax_value()
- 24.20 slapi_entry_attr_merge_sv()
- 24.21 slapi_entry_attr_replace_sv()
- 24.22 slapi_entry_attr_set_charptr()
- 24.23 slapi_entry_attr_set_int()
- 24.24 slapi_entry_attr_set_long()
- 24.25 slapi_entry_attr_set_uint()
- 24.26 slapi_entry_attr_set_ulong()
- 24.27 slapi_entry_delete_string()
- 24.28 slapi_entry_delete_values_sv()
- 24.29 slapi_entry_dup()
- 24.30 slapi_entry_first_attr()
- 24.31 slapi_entry_free()
- 24.32 slapi_entry_get_dn()
- 24.33 slapi_entry_get_dn_const()
- 24.34 slapi_entry_get_ndn()
- 24.35 slapi_entry_get_sdn()
- 24.36 slapi_entry_get_sdn_const()
- 24.37 slapi_entry_get_uniqueid()
- 24.38 slapi_entry_has_children()
- 24.39 slapi_entry_init()
- 24.40 slapi_entry_merge_values_sv()
- 24.41 slapi_entry_next_attr()
- 24.42 slapi_entry_rdn_values_present()
- 24.43 slapi_entry_schema_check()
- 24.44 slapi_entry_set_dn()
- 24.45 slapi_entry_set_sdn()
- 24.46 slapi_entry_set_uniqueid()
- 24.47 slapi_entry_size()
- 24.48 slapi_is_rootdse()
- 24.49 slapi_str2entry()
- 25 Functions related to entry flags
- 26 Functions for dealing with filters
- 26.1 slapi_filter_apply()
- 26.2 slapi_filter_compare()
- 26.3 slapi_filter_dup()
- 26.4 slapi_filter_free()
- 26.5 slapi_filter_get_attribute_type()
- 26.6 slapi_filter_get_ava()
- 26.7 slapi_filter_get_choice()
- 26.8 slapi_filter_get_subfilt()
- 26.9 slapi_filter_get_type()
- 26.10 slapi_filter_join()
- 26.11 slapi_filter_join_ex()
- 26.12 slapi_filter_list_first()
- 26.13 slapi_filter_list_next()
- 26.14 slapi_filter_test()
- 26.15 slapi_filter_test_ext()
- 26.16 slapi_filter_test_simple()
- 26.17 slapi_find_matching_paren()
- 26.18 slapi_str2filter()
- 26.19 slapi_vattr_filter_test()
- 27 Functions specific to extended operation
- 28 Functions specific to bind methods
- 29 Functions for thread-safe LDAP connections
- 30 Functions for logging
- 31 Functions for counters
- 32 Functions for handling matching rules
- 32.1 slapi_berval_cmp()
- 32.2 slapi_matchingrule_free()
- 32.3 slapi_matchingrule_get()
- 32.4 slapi_matchingrule_is_ordering()
- 32.5 slapi_matchingrule_new()
- 32.6 slapi_matchingrule_register()
- 32.7 slapi_matchingrule_set()
- 32.8 slapi_matchingrule_unregister()
- 32.9 slapi_mr_filter_index()
- 32.10 slapi_mr_indexer_create()
- 33 Functions for LDAPMod manipulation
- 33.1 slapi_entry2mods()
- 33.2 slapi_mod_add_value()
- 33.3 slapi_mod_done()
- 33.4 slapi_mod_dump()
- 33.5 slapi_mod_free()
- 33.6 slapi_mod_get_first_value()
- 33.7 slapi_mod_get_ldapmod_byref()
- 33.8 slapi_mod_get_ldapmod_passout()
- 33.9 slapi_mod_get_next_value()
- 33.10 slapi_mod_get_num_values()
- 33.11 slapi_mod_get_operation()
- 33.12 slapi_mod_get_type()
- 33.13 slapi_mod_init()
- 33.14 slapi_mod_init_byref()
- 33.15 slapi_mod_init_byval()
- 33.16 slapi_mod_init_passin()
- 33.17 slapi_mod_init_valueset_byval()
- 33.18 slapi_mod_isvalid()
- 33.19 slapi_mod_new()
- 33.20 slapi_mod_remove_value()
- 33.21 slapi_mod_set_operation()
- 33.22 slapi_mod_set_type()
- 33.23 slapi_mods2entry()
- 33.24 slapi_mods_add()
- 33.25 slapi_mods_add_ldapmod()
- 33.26 slapi_mods_add_mod_values()
- 33.27 slapi_mods_add_smod()
- 33.28 slapi_mods_add_modbvps()
- 33.29 slapi_mods_add_string()
- 33.30 slapi_mods_done()
- 33.31 slapi_mods_dump()
- 33.32 slapi_mods_free()
- 33.33 slapi_mods_get_first_mod()
- 33.34 slapi_mods_get_first_smod()
- 33.35 slapi_mods_get_ldapmods_byref()
- 33.36 slapi_mods_get_ldapmods_passout()
- 33.37 slapi_mods_get_next_mod()
- 33.38 slapi_mods_get_next_smod()
- 33.39 slapi_mods_get_num_mods()
- 33.40 slapi_mods_init()
- 33.41 slapi_mods_init_byref()
- 33.42 slapi_mods_init_passin()
- 33.43 slapi_mods_insert_after()
- 33.44 slapi_mods_insert_at()
- 33.45 slapi_mods_insert_before()
- 33.46 slapi_mods_insert_smod_at()
- 33.47 slapi_mods_insert_smod_before()
- 33.48 slapi_mods_iterator_backone()
- 33.49 slapi_mods_new()
- 33.50 slapi_mods_remove()
- 34 Functions for monitoring operations
- 35 Functions for managing parameter block
- 36 Functions for handling passwords
- 37 Functions for managing RDNs
- 37.1 slapi_rdn_add()
- 37.2 slapi_rdn_compare()
- 37.3 slapi_rdn_contains()
- 37.4 slapi_rdn_contains_attr()
- 37.5 slapi_rdn_done()
- 37.6 slapi_rdn_free()
- 37.7 slapi_rdn_get_first()
- 37.8 slapi_rdn_get_index()
- 37.9 slapi_rdn_get_index_attr()
- 37.10 slapi_rdn_get_next()
- 37.11 slapi_rdn_get_num_components()
- 37.12 slapi_rdn_get_rdn()
- 37.13 slapi_rdn_get_nrdn()
- 37.14 slapi_rdn_init()
- 37.15 slapi_rdn_init_dn()
- 37.16 slapi_rdn_init_rdn()
- 37.17 slapi_rdn_init_sdn()
- 37.18 slapi_rdn_isempty()
- 37.19 slapi_rdn_new()
- 37.20 slapi_rdn_new_dn()
- 37.21 slapi_rdn_new_rdn()
- 37.22 slapi_rdn_new_sdn()
- 37.23 slapi_rdn_remove()
- 37.24 slapi_rdn_remove_attr()
- 37.25 slapi_rdn_remove_index()
- 37.26 slapi_rdn_set_dn()
- 37.27 slapi_rdn_set_rdn()
- 37.28 slapi_rdn_set_sdn()
- 37.29 slapi_rdn2typeval()
- 38 Functions for managing roles
- 39 Functions for managing DNs
- 39.1 slapi_dn_isroot()
- 39.2 slapi_dn_normalize_case()
- 39.3 slapi_dn_normalize_to_end()
- 39.4 slapi_moddn_get_newdn()
- 39.5 slapi_sdn_add_rdn()
- 39.6 slapi_sdn_compare()
- 39.7 slapi_sdn_copy()
- 39.8 slapi_sdn_done()
- 39.9 slapi_sdn_dup()
- 39.10 slapi_sdn_free()
- 39.11 slapi_sdn_get_back end_parent()
- 39.12 slapi_sdn_get_dn()
- 39.13 slapi_sdn_get_ndn()
- 39.14 slapi_sdn_get_ndn_len()
- 39.15 slapi_sdn_get_parent()
- 39.16 slapi_sdn_get_rdn()
- 39.17 slapi_sdn_is_rdn_component()
- 39.18 slapi_sdn_isempty()
- 39.19 slapi_sdn_isgrandparent()
- 39.20 slapi_sdn_isparent()
- 39.21 slapi_sdn_issuffix()
- 39.22 slapi_sdn_new()
- 39.23 slapi_sdn_new_dn_byref()
- 39.24 slapi_sdn_new_dn_byval()
- 39.25 slapi_sdn_new_dn_passin()
- 39.26 slapi_sdn_new_ndn_byref()
- 39.27 slapi_sdn_new_ndn_byval()
- 39.28 slapi_sdn_scope_test()
- 39.29 slapi_sdn_set_dn_byref()
- 39.30 slapi_sdn_set_dn_byval()
- 39.31 slapi_sdn_set_dn_passin()
- 39.32 slapi_sdn_set_ndn_byref()
- 39.33 slapi_sdn_set_ndn_byval()
- 39.34 slapi_sdn_set_parent()
- 39.35 slapi_sdn_set_rdn()
- 40 Functions for sending entries and results to the client
- 41 Functions related to UTF-8
- 41.1 slapi_has8thBit()
- 41.2 slapi_utf8casecmp()
- 41.3 slapi_UTF8CASECMP()
- 41.4 slapi_utf8ncasecmp()
- 41.5 slapi_UTF8NCASECMP()
- 41.6 slapi_utf8isLower()
- 41.7 slapi_UTF8ISLOWER()
- 41.8 slapi_utf8isUpper()
- 41.9 slapi_UTF8ISUPPER()
- 41.10 slapi_utf8StrToLower()
- 41.11 slapi_UTF8STRTOLOWER()
- 41.12 slapi_utf8StrToUpper()
- 41.13 slapi_UTF8STRTOUPPER()
- 41.14 slapi_utf8ToLower()
- 41.15 slapi_UTF8TOLOWER()
- 41.16 slapi_utf8ToUpper()
- 41.17 slapi_UTF8TOUPPER()
- 42 Functions for handling values
- 42.1 slapi_value_compare()
- 42.2 slapi_value_dup()
- 42.3 slapi_value_free()
- 42.4 slapi_value_get_berval()
- 42.5 slapi_value_get_int()
- 42.6 slapi_value_get_length()
- 42.7 slapi_value_get_long()
- 42.8 slapi_value_get_string()
- 42.9 slapi_value_get_uint()
- 42.10 slapi_value_get_ulong()
- 42.11 slapi_value_init()
- 42.12 slapi_value_init_berval()
- 42.13 slapi_value_init_string()
- 42.14 slapi_value_init_string_passin()
- 42.15 slapi_value_new()
- 42.16 slapi_value_new_berval()
- 42.17 slapi_value_new_string()
- 42.18 slapi_value_new_string_passin()
- 42.19 slapi_value_new_value()
- 42.20 slapi_value_set()
- 42.21 slapi_value_set_berval()
- 42.22 slapi_value_set_int()
- 42.23 slapi_value_set_string()
- 42.24 slapi_value_set_string_passin()
- 42.25 slapi_value_set_value()
- 43 Functions for handling valuesets
- 43.1 slapi_valueset_add_value()
- 43.2 slapi_valueset_add_value_ext()
- 43.3 slapi_valueset_count()
- 43.4 slapi_valueset_done()
- 43.5 slapi_valueset_find()
- 43.6 slapi_valueset_first_value()
- 43.7 slapi_valueset_free()
- 43.8 slapi_valueset_init()
- 43.9 slapi_valueset_new()
- 43.10 slapi_valueset_next_value()
- 43.11 slapi_valueset_set_from_smod()
- 43.12 slapi_valueset_set_valueset()
- 44 Functions specific to virtual attribute service
- 45 Functions for managing locks and synchronization
- 46 Functions for managing computed attributes
- 47 Functions for manipulating bits
- 48 Functions for registering object extensions
- 49 Functions related to data interoperability
- 50 Functions for registering additional plug-ins
- 51 Functions for server tasks
- 51.1 slapi_destroy_task()
- 51.2 slapi_new_task()
- 51.3 slapi_task_begin()
- 51.4 slapi_task_cancel()
- 51.5 slapi_task_dec_refcount()
- 51.6 slapi_task_finish()
- 51.7 slapi_task_get_data()
- 51.8 slapi_task_get_refcount()
- 51.9 slapi_task_get_state()
- 51.10 slapi_task_inc_progress()
- 51.11 slapi_task_inc_refcount()
- 51.12 slapi_task_log_notice()
- 51.13 slapi_task_log_status()
- 51.14 slapi_task_register_handler()
- 51.15 slapi_task_set_data()
- 51.16 slapi_task_set_cancel_fn()
- 51.17 slapi_task_set_destructor_fn()
- 51.18 slapi_task_status_changed()
- Part V Parameter block reference
- 52 Parameters for registering plug-in functions
- 53 Parameters accessible to all plug-ins
- 53.1 Information about the database
- 53.2 Information about the connection
- 53.3 Information about the operation
- 53.4 Information about extended operations
- 53.5 Information about the transaction
- 53.6 Information about access control lists
- 53.7 Notes in the access log
- 53.8 Information about the plug-in
- 53.9 Information about command-line arguments
- 53.10 Information about attributes
- 53.11 Information about targets
- 54 Parameters for the bind function
- 55 Parameters for the search function
- 56 Parameters that convert strings to entries
- 57 Parameters for the add function
- 58 Parameters for the compare function
- 59 Parameters for the delete function
- 60 Parameters for the modify function
- 61 Parameters for the modify RDN function
- 62 Parameters for the abandon function
- 63 Parameters for the matching rule function
- 64 Parameters for LDBM back end pre- and postoperation functions
- 65 Parameters for the database
- 66 Parameters for LDAP functions
- 67 Parameters for error logging
- 68 Parameters for filters
- 69 Parameters for password storage
- 70 Parameters for resource limits
- 71 Parameters for the virtual attribute service
- Part VI Support and other resources
- Glossary
- Index
As part of the process of determining if the user has access rights, the “slapi_acl_check_mods()”
function does the following:
• Checks if access control for the directory is disabled (for example, if the dse.ldif file
contains the directive access control off).
If access control is disabled, the function returns LDAP_SUCCESS.
• For each value in each attribute specified in the LDAPMod array, the function determines if
the user has permissions to write to that value. Essentially, the function calls
“slapi_acl_check_mods()” with SLAPI_ACL_WRITE as the access right to check.
— If for some reason the function cannot determine which operation is being requested,
the function returns LDAP_OPERATIONS_ERROR.
— If no connection to a client exists (in other words, if the request for the operation was
made by the server orits back end), the function returns LDAP_SUCCESS. (The server
and its back end are not restricted by access control lists.)
— If the back end database is read-only and the request is checking for write access
(SLAPI_ACL_WRITE), the function returns LDAP_UNWILLING_TO_PERFORM.
Syntax
#include "slapi-plugin.h"
int slapi_acl_check_mods( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod
**mods, char **errbuf );
Parameters This function takes the following parameters:
Parameter block passed into this function.
pb
Entry for which you want to check the access rights.
e
Array of LDAPMod structures that represent the modifications to be made to
the entry.
mods
Pointer to a string containing an error message if an error occurs during the
processing of this function.
errbuf
Returns This function returns one of the following values:
• LDAP_SUCCESS if the user has write permission to the values in the specified attributes.
• LDAP_INSUFFICIENT_ACCESS if the user does not have write permission to the values of
the specified attribute.
• If a problem occurs during processing, the function will return one of the following error
codes:
An error occurred while executing the operation.
LDAP_OPERATIONS_ERROR
Invalid syntax was specified. This error can occur if the ACL associated with
an entry, attribute, or value uses the wrong syntax.
LDAP_INVALID_SYNTAX
The Directory Server is unable to perform the specified operation. This error
can occur if, for example, you are requesting write access to a read-only
database.
LDAP_UNWILLING_TO_PERFORM
Memory concerns You must free the errbuf buffer by calling “slapi_ch_free()” when you are
finished using the error message.
See also
• “slapi_access_allowed()”
• “slapi_ch_free()”
16.2 slapi_acl_check_mods() 157