HP-UX Directory Server 8.1 plug-in reference
Table Of Contents
- HP-UX Directory Server plug-in reference
- Table of Contents
- Part I Introduction to Directory Server plug-ins
- 1 An overview of Directory Server plug-ins
- 2 Writing and compiling plug-ins
- 3 Configuring plug-ins
- 4 An example plug-in
- Part II Writing functions and plug-ins
- 5 Front end API functions
- 5.1 Logging messages
- 5.2 Adding notes to access log entries
- 5.3 Sending data to the client
- 5.4 Determining if an operation was abandoned
- 5.5 Working with entries, attributes, and values
- 5.6 Working with DNs and RDNs
- 5.7 Working with search filters
- 5.8 Checking passwords
- 6 Writing pre- and postoperation plug-ins
- 7 Defining functions for LDAP operations
- 7.1 Specifying start and close functions
- 7.2 Processing an LDAP bind operation
- 7.3 Processing an LDAP unbind operation
- 7.4 Processing an LDAP search operation
- 7.5 Processing an LDAP compare operation
- 7.6 Processing an LDAP add operation
- 7.7 Processing an LDAP modify operation
- 7.8 Processing an LDAP modify RDN operation
- 7.9 Processing an LDAP delete operation
- 7.10 Processing an LDAP abandon operation
- 8 Defining functions for authentication
- 8.1 Understanding authentication methods
- 8.2 How the Directory Server identifies clients
- 8.3 How the authentication process works
- 8.4 Writing your own authentication plug-in
- 8.5 Writing a preoperation bind plug-in
- 8.6 Using SASL with an LDAP client
- 9 Writing entry store/fetch plug-ins
- 10 Writing extended operation plug-ins
- 11 Writing matching rule plug-ins
- 11.1 Understanding matching rules
- 11.2 Understanding matching rule plug-ins
- 11.3 Indexing based on matching rules
- 11.4 Handling extensible match filters
- 11.4.1 How the server handles the filter
- 11.4.2 Query operators in matching rules
- 11.4.3 Writing a filter factory function
- 11.4.4 Getting and setting parameters in filter factory functions
- 11.4.5 Writing a filter index function
- 11.4.6 Getting and setting parameters in filter index functions
- 11.4.7 Writing a filter matching function
- 11.5 Handling sorting by matching rules
- 11.6 Writing a destructor function
- 11.7 Writing an initialization function
- 11.8 Registering matching rule functions
- 11.9 Specifying start and close functions
- 12 Using the custom distribution logic
- 13 Using data interoperability plug-ins
- 5 Front end API functions
- Part III Data type and structure reference
- 14 Data type and structure reference
- 14.1 berval
- 14.2 computed_attr_context
- 14.3 LDAPControl
- 14.4 LDAPMod
- 14.5 mrFilterMatchFn
- 14.6 plugin_referral_entry_callback
- 14.7 plugin_result_callback
- 14.8 plugin_search_entry_callback
- 14.9 send_ldap_referral_fn_ptr_t
- 14.10 send_ldap_result_fn_ptr_t
- 14.11 send_ldap_search_entry_fn_ptr_t
- 14.12 Slapi_Attr
- 14.13 Slapi_Back end
- 14.14 slapi_back end_state_change_fnptr
- 14.15 Slapi_ComponentID
- 14.16 slapi_compute_callback_t
- 14.17 slapi_compute_output_t
- 14.18 Slapi_Connection
- 14.19 Slapi_CondVar
- 14.20 Slapi_Counter
- 14.21 Slapi_DN
- 14.22 Slapi_Entry
- 14.23 Slapi_Filter
- 14.24 Slapi_MatchingRuleEntry
- 14.25 Slapi_Mod
- 14.26 Slapi_Mods
- 14.27 Slapi_Mutex
- 14.28 Slapi_Operation
- 14.29 Slapi_PBlock
- 14.30 Slapi_PluginDesc
- 14.31 Slapi_RDN
- 14.32 Slapi_Task
- 14.33 Slapi_UniqueID
- 14.34 Slapi_Value
- 14.35 Slapi_ValueSet
- 14.36 Synchronization callbacks and data types
- 14 Data type and structure reference
- Part IV Function reference
- 15 Distribution routines
- 16 Functions for access control
- 17 Functions for internal operations and plug-in callback
- 18 Functions for setting internal operation flags
- 19 Functions for handling attributes
- 19.1 slapi_attr_add_value()
- 19.2 slapi_attr_basetype()
- 19.3 slapi_attr_dup()
- 19.4 slapi_attr_first_value()
- 19.5 slapi_attr_flag_is_set()
- 19.6 slapi_attr_free()
- 19.7 slapi_attr_get_bervals_copy()
- 19.8 slapi_attr_get_flags()
- 19.9 slapi_attr_get_numvalues()
- 19.10 slapi_attr_get_oid_copy()
- 19.11 slapi_attr_get_type()
- 19.12 slapi_attr_get_valueset()
- 19.13 slapi_attr_init()
- 19.14 slapi_attr_new()
- 19.15 slapi_attr_next_value()
- 19.16 slapi_attr_set_valueset()
- 19.17 slapi_attr_syntax_normalize()
- 19.18 slapi_attr_type2plugin()
- 19.19 slapi_attr_type_cmp()
- 19.20 slapi_attr_types_equivalent()
- 19.21 slapi_attr_value_cmp()
- 19.22 slapi_attr_value_find()
- 19.23 slapi_valueset_set_from_smod()
- 20 Functions for managing back end operations
- 20.1 slapi_be_addsuffix()
- 20.2 slapi_be_delete_onexit()
- 20.3 slapi_be_exist()
- 20.4 slapi_be_free()
- 20.5 slapi_be_get_instance_info()
- 20.6 slapi_be_get_name()
- 20.7 slapi_be_get_readonly()
- 20.8 slapi_be_getentrypoint()
- 20.9 slapi_be_getsuffix()
- 20.10 slapi_be_gettype()
- 20.11 slapi_be_is_flag_set()
- 20.12 slapi_be_issuffix()
- 20.13 slapi_be_logchanges()
- 20.14 slapi_be_new()
- 20.15 slapi_be_private()
- 20.16 slapi_be_select()
- 20.17 slapi_be_select_by_instance_name()
- 20.18 slapi_be_set_flag()
- 20.19 slapi_be_set_instance_info()
- 20.20 slapi_be_set_readonly()
- 20.21 slapi_be_setentrypoint()
- 20.22 slapi_get_first_back end()
- 20.23 slapi_get_first_suffix()
- 20.24 slapi_get_next_back end()
- 20.25 slapi_get_next_suffix()
- 20.26 slapi_is_root_suffix()
- 20.27 slapi_register_back end_state_change()
- 20.28 slapi_unregister_back end_state_change()
- 21 Functions for dealing with controls
- 22 Functions for syntax plug-ins
- 23 Functions for managing memory
- 24 Functions for managing entries
- 24.1 slapi_entry2str()
- 24.2 slapi_entry2str_with_options()
- 24.3 slapi_entry_add_rdn_values()
- 24.4 slapi_entry_add_string()
- 24.5 slapi_entry_add_value()
- 24.6 slapi_entry_add_values_sv()
- 24.7 slapi_entry_add_valueset()
- 24.8 slapi_entry_alloc()
- 24.9 slapi_entry_apply_mods()
- 24.10 slapi_entry_attr_delete()
- 24.11 slapi_entry_attr_find()
- 24.12 slapi_entry_attr_get_bool()
- 24.13 slapi_entry_attr_get_charptr()
- 24.14 slapi_entry_attr_get_charray()
- 24.15 slapi_entry_attr_get_int()
- 24.16 slapi_entry_attr_get_long()
- 24.17 slapi_entry_attr_get_uint()
- 24.18 slapi_entry_attr_get_ulong()
- 24.19 slapi_entry_attr_has_syntax_value()
- 24.20 slapi_entry_attr_merge_sv()
- 24.21 slapi_entry_attr_replace_sv()
- 24.22 slapi_entry_attr_set_charptr()
- 24.23 slapi_entry_attr_set_int()
- 24.24 slapi_entry_attr_set_long()
- 24.25 slapi_entry_attr_set_uint()
- 24.26 slapi_entry_attr_set_ulong()
- 24.27 slapi_entry_delete_string()
- 24.28 slapi_entry_delete_values_sv()
- 24.29 slapi_entry_dup()
- 24.30 slapi_entry_first_attr()
- 24.31 slapi_entry_free()
- 24.32 slapi_entry_get_dn()
- 24.33 slapi_entry_get_dn_const()
- 24.34 slapi_entry_get_ndn()
- 24.35 slapi_entry_get_sdn()
- 24.36 slapi_entry_get_sdn_const()
- 24.37 slapi_entry_get_uniqueid()
- 24.38 slapi_entry_has_children()
- 24.39 slapi_entry_init()
- 24.40 slapi_entry_merge_values_sv()
- 24.41 slapi_entry_next_attr()
- 24.42 slapi_entry_rdn_values_present()
- 24.43 slapi_entry_schema_check()
- 24.44 slapi_entry_set_dn()
- 24.45 slapi_entry_set_sdn()
- 24.46 slapi_entry_set_uniqueid()
- 24.47 slapi_entry_size()
- 24.48 slapi_is_rootdse()
- 24.49 slapi_str2entry()
- 25 Functions related to entry flags
- 26 Functions for dealing with filters
- 26.1 slapi_filter_apply()
- 26.2 slapi_filter_compare()
- 26.3 slapi_filter_dup()
- 26.4 slapi_filter_free()
- 26.5 slapi_filter_get_attribute_type()
- 26.6 slapi_filter_get_ava()
- 26.7 slapi_filter_get_choice()
- 26.8 slapi_filter_get_subfilt()
- 26.9 slapi_filter_get_type()
- 26.10 slapi_filter_join()
- 26.11 slapi_filter_join_ex()
- 26.12 slapi_filter_list_first()
- 26.13 slapi_filter_list_next()
- 26.14 slapi_filter_test()
- 26.15 slapi_filter_test_ext()
- 26.16 slapi_filter_test_simple()
- 26.17 slapi_find_matching_paren()
- 26.18 slapi_str2filter()
- 26.19 slapi_vattr_filter_test()
- 27 Functions specific to extended operation
- 28 Functions specific to bind methods
- 29 Functions for thread-safe LDAP connections
- 30 Functions for logging
- 31 Functions for counters
- 32 Functions for handling matching rules
- 32.1 slapi_berval_cmp()
- 32.2 slapi_matchingrule_free()
- 32.3 slapi_matchingrule_get()
- 32.4 slapi_matchingrule_is_ordering()
- 32.5 slapi_matchingrule_new()
- 32.6 slapi_matchingrule_register()
- 32.7 slapi_matchingrule_set()
- 32.8 slapi_matchingrule_unregister()
- 32.9 slapi_mr_filter_index()
- 32.10 slapi_mr_indexer_create()
- 33 Functions for LDAPMod manipulation
- 33.1 slapi_entry2mods()
- 33.2 slapi_mod_add_value()
- 33.3 slapi_mod_done()
- 33.4 slapi_mod_dump()
- 33.5 slapi_mod_free()
- 33.6 slapi_mod_get_first_value()
- 33.7 slapi_mod_get_ldapmod_byref()
- 33.8 slapi_mod_get_ldapmod_passout()
- 33.9 slapi_mod_get_next_value()
- 33.10 slapi_mod_get_num_values()
- 33.11 slapi_mod_get_operation()
- 33.12 slapi_mod_get_type()
- 33.13 slapi_mod_init()
- 33.14 slapi_mod_init_byref()
- 33.15 slapi_mod_init_byval()
- 33.16 slapi_mod_init_passin()
- 33.17 slapi_mod_init_valueset_byval()
- 33.18 slapi_mod_isvalid()
- 33.19 slapi_mod_new()
- 33.20 slapi_mod_remove_value()
- 33.21 slapi_mod_set_operation()
- 33.22 slapi_mod_set_type()
- 33.23 slapi_mods2entry()
- 33.24 slapi_mods_add()
- 33.25 slapi_mods_add_ldapmod()
- 33.26 slapi_mods_add_mod_values()
- 33.27 slapi_mods_add_smod()
- 33.28 slapi_mods_add_modbvps()
- 33.29 slapi_mods_add_string()
- 33.30 slapi_mods_done()
- 33.31 slapi_mods_dump()
- 33.32 slapi_mods_free()
- 33.33 slapi_mods_get_first_mod()
- 33.34 slapi_mods_get_first_smod()
- 33.35 slapi_mods_get_ldapmods_byref()
- 33.36 slapi_mods_get_ldapmods_passout()
- 33.37 slapi_mods_get_next_mod()
- 33.38 slapi_mods_get_next_smod()
- 33.39 slapi_mods_get_num_mods()
- 33.40 slapi_mods_init()
- 33.41 slapi_mods_init_byref()
- 33.42 slapi_mods_init_passin()
- 33.43 slapi_mods_insert_after()
- 33.44 slapi_mods_insert_at()
- 33.45 slapi_mods_insert_before()
- 33.46 slapi_mods_insert_smod_at()
- 33.47 slapi_mods_insert_smod_before()
- 33.48 slapi_mods_iterator_backone()
- 33.49 slapi_mods_new()
- 33.50 slapi_mods_remove()
- 34 Functions for monitoring operations
- 35 Functions for managing parameter block
- 36 Functions for handling passwords
- 37 Functions for managing RDNs
- 37.1 slapi_rdn_add()
- 37.2 slapi_rdn_compare()
- 37.3 slapi_rdn_contains()
- 37.4 slapi_rdn_contains_attr()
- 37.5 slapi_rdn_done()
- 37.6 slapi_rdn_free()
- 37.7 slapi_rdn_get_first()
- 37.8 slapi_rdn_get_index()
- 37.9 slapi_rdn_get_index_attr()
- 37.10 slapi_rdn_get_next()
- 37.11 slapi_rdn_get_num_components()
- 37.12 slapi_rdn_get_rdn()
- 37.13 slapi_rdn_get_nrdn()
- 37.14 slapi_rdn_init()
- 37.15 slapi_rdn_init_dn()
- 37.16 slapi_rdn_init_rdn()
- 37.17 slapi_rdn_init_sdn()
- 37.18 slapi_rdn_isempty()
- 37.19 slapi_rdn_new()
- 37.20 slapi_rdn_new_dn()
- 37.21 slapi_rdn_new_rdn()
- 37.22 slapi_rdn_new_sdn()
- 37.23 slapi_rdn_remove()
- 37.24 slapi_rdn_remove_attr()
- 37.25 slapi_rdn_remove_index()
- 37.26 slapi_rdn_set_dn()
- 37.27 slapi_rdn_set_rdn()
- 37.28 slapi_rdn_set_sdn()
- 37.29 slapi_rdn2typeval()
- 38 Functions for managing roles
- 39 Functions for managing DNs
- 39.1 slapi_dn_isroot()
- 39.2 slapi_dn_normalize_case()
- 39.3 slapi_dn_normalize_to_end()
- 39.4 slapi_moddn_get_newdn()
- 39.5 slapi_sdn_add_rdn()
- 39.6 slapi_sdn_compare()
- 39.7 slapi_sdn_copy()
- 39.8 slapi_sdn_done()
- 39.9 slapi_sdn_dup()
- 39.10 slapi_sdn_free()
- 39.11 slapi_sdn_get_back end_parent()
- 39.12 slapi_sdn_get_dn()
- 39.13 slapi_sdn_get_ndn()
- 39.14 slapi_sdn_get_ndn_len()
- 39.15 slapi_sdn_get_parent()
- 39.16 slapi_sdn_get_rdn()
- 39.17 slapi_sdn_is_rdn_component()
- 39.18 slapi_sdn_isempty()
- 39.19 slapi_sdn_isgrandparent()
- 39.20 slapi_sdn_isparent()
- 39.21 slapi_sdn_issuffix()
- 39.22 slapi_sdn_new()
- 39.23 slapi_sdn_new_dn_byref()
- 39.24 slapi_sdn_new_dn_byval()
- 39.25 slapi_sdn_new_dn_passin()
- 39.26 slapi_sdn_new_ndn_byref()
- 39.27 slapi_sdn_new_ndn_byval()
- 39.28 slapi_sdn_scope_test()
- 39.29 slapi_sdn_set_dn_byref()
- 39.30 slapi_sdn_set_dn_byval()
- 39.31 slapi_sdn_set_dn_passin()
- 39.32 slapi_sdn_set_ndn_byref()
- 39.33 slapi_sdn_set_ndn_byval()
- 39.34 slapi_sdn_set_parent()
- 39.35 slapi_sdn_set_rdn()
- 40 Functions for sending entries and results to the client
- 41 Functions related to UTF-8
- 41.1 slapi_has8thBit()
- 41.2 slapi_utf8casecmp()
- 41.3 slapi_UTF8CASECMP()
- 41.4 slapi_utf8ncasecmp()
- 41.5 slapi_UTF8NCASECMP()
- 41.6 slapi_utf8isLower()
- 41.7 slapi_UTF8ISLOWER()
- 41.8 slapi_utf8isUpper()
- 41.9 slapi_UTF8ISUPPER()
- 41.10 slapi_utf8StrToLower()
- 41.11 slapi_UTF8STRTOLOWER()
- 41.12 slapi_utf8StrToUpper()
- 41.13 slapi_UTF8STRTOUPPER()
- 41.14 slapi_utf8ToLower()
- 41.15 slapi_UTF8TOLOWER()
- 41.16 slapi_utf8ToUpper()
- 41.17 slapi_UTF8TOUPPER()
- 42 Functions for handling values
- 42.1 slapi_value_compare()
- 42.2 slapi_value_dup()
- 42.3 slapi_value_free()
- 42.4 slapi_value_get_berval()
- 42.5 slapi_value_get_int()
- 42.6 slapi_value_get_length()
- 42.7 slapi_value_get_long()
- 42.8 slapi_value_get_string()
- 42.9 slapi_value_get_uint()
- 42.10 slapi_value_get_ulong()
- 42.11 slapi_value_init()
- 42.12 slapi_value_init_berval()
- 42.13 slapi_value_init_string()
- 42.14 slapi_value_init_string_passin()
- 42.15 slapi_value_new()
- 42.16 slapi_value_new_berval()
- 42.17 slapi_value_new_string()
- 42.18 slapi_value_new_string_passin()
- 42.19 slapi_value_new_value()
- 42.20 slapi_value_set()
- 42.21 slapi_value_set_berval()
- 42.22 slapi_value_set_int()
- 42.23 slapi_value_set_string()
- 42.24 slapi_value_set_string_passin()
- 42.25 slapi_value_set_value()
- 43 Functions for handling valuesets
- 43.1 slapi_valueset_add_value()
- 43.2 slapi_valueset_add_value_ext()
- 43.3 slapi_valueset_count()
- 43.4 slapi_valueset_done()
- 43.5 slapi_valueset_find()
- 43.6 slapi_valueset_first_value()
- 43.7 slapi_valueset_free()
- 43.8 slapi_valueset_init()
- 43.9 slapi_valueset_new()
- 43.10 slapi_valueset_next_value()
- 43.11 slapi_valueset_set_from_smod()
- 43.12 slapi_valueset_set_valueset()
- 44 Functions specific to virtual attribute service
- 45 Functions for managing locks and synchronization
- 46 Functions for managing computed attributes
- 47 Functions for manipulating bits
- 48 Functions for registering object extensions
- 49 Functions related to data interoperability
- 50 Functions for registering additional plug-ins
- 51 Functions for server tasks
- 51.1 slapi_destroy_task()
- 51.2 slapi_new_task()
- 51.3 slapi_task_begin()
- 51.4 slapi_task_cancel()
- 51.5 slapi_task_dec_refcount()
- 51.6 slapi_task_finish()
- 51.7 slapi_task_get_data()
- 51.8 slapi_task_get_refcount()
- 51.9 slapi_task_get_state()
- 51.10 slapi_task_inc_progress()
- 51.11 slapi_task_inc_refcount()
- 51.12 slapi_task_log_notice()
- 51.13 slapi_task_log_status()
- 51.14 slapi_task_register_handler()
- 51.15 slapi_task_set_data()
- 51.16 slapi_task_set_cancel_fn()
- 51.17 slapi_task_set_destructor_fn()
- 51.18 slapi_task_status_changed()
- Part V Parameter block reference
- 52 Parameters for registering plug-in functions
- 53 Parameters accessible to all plug-ins
- 53.1 Information about the database
- 53.2 Information about the connection
- 53.3 Information about the operation
- 53.4 Information about extended operations
- 53.5 Information about the transaction
- 53.6 Information about access control lists
- 53.7 Notes in the access log
- 53.8 Information about the plug-in
- 53.9 Information about command-line arguments
- 53.10 Information about attributes
- 53.11 Information about targets
- 54 Parameters for the bind function
- 55 Parameters for the search function
- 56 Parameters that convert strings to entries
- 57 Parameters for the add function
- 58 Parameters for the compare function
- 59 Parameters for the delete function
- 60 Parameters for the modify function
- 61 Parameters for the modify RDN function
- 62 Parameters for the abandon function
- 63 Parameters for the matching rule function
- 64 Parameters for LDBM back end pre- and postoperation functions
- 65 Parameters for the database
- 66 Parameters for LDAP functions
- 67 Parameters for error logging
- 68 Parameters for filters
- 69 Parameters for password storage
- 70 Parameters for resource limits
- 71 Parameters for the virtual attribute service
- Part VI Support and other resources
- Glossary
- Index
values of the SLAPI_BIND_METHOD parameter (such as LDAP_AUTH_SIMPLE and
LDAP_AUTH_SASL) are integer values defined in the ldap.h header file.
• If required, specify the credentials that you want sent back to the client.
If the value of the SLAPI_BIND_METHOD parameter is LDAP_AUTH_SASL and you want to
return a set of credentials to the client, call “slapi_pblock_set()” to set the
SLAPI_BIND_RET_SASLCREDS parameter to the credentials.
• Send the result of the authentication process back to the client.
Call “slapi_send_ldap_result()” to send an [LDAP_SUCCESS] return code to the client.
Make sure that your function returns a nonzero value to bypass the default back end bind
function and any postoperation plug-in functions.
8.5.2 Registering the SASL mechanism
If you are using SASL as the authentication method, you need to register the SASL mechanisms
that you plan to use.
In your initialization function (see “Writing plug-in initialization functions”), call the
Chapter 22 “Functions for syntax plug-ins” function and specify the name of the SASL mechanism.
For example:
slapi_register_supported_saslmechanism( "babsmechanism" );
If you do not register your SASL mechanism, the Directory Server will send an
[LDAP_AUTH_METHOD_NOT_SUPPORTED] result code back to the client and will not call
your preoperation bind function.
Note:
Refer to the following source file for an example of a preoperation plug-in function for SASL
authentication with LDAP bind operations:
/opt/dirsrv/devel/example/testsaslbind.c
8.5.3 Example of a preoperation bind plug-in
The following sections document an example of a preoperation bind plug-in that handles
authentication.
Note:
Refer to the following source file for an updated example of a preoperation plug-in function that
handles authentication:
/opt/dirsrv/devel/example/testbind.c
8.5.3.1 Example of a preoperation bind function
The following is an example of a preoperation bind function that authenticates clients and
bypasses the default back end bind function. In this example, the function compares the client's
credentials against the value of the userpassword attribute for the entry.
#include <stdio.h>
#include <string.h>
#include "slapi-plugin.h" /* Preoperation plug-in function */
int test_bind(Slapi_PBlock *pb )
{
char *dn;
int method, rc = LDAP_SUCCESS;
struct berval *credentials;
struct berval **pwvals;
Slapi_PBlock *searchpb = NULL;
Slapi_Entry *e = NULL;
8.5 Writing a preoperation bind plug-in 75