HP-UX Directory Server 8.1 plug-in reference
Table Of Contents
- HP-UX Directory Server plug-in reference
- Table of Contents
- Part I Introduction to Directory Server plug-ins
- 1 An overview of Directory Server plug-ins
- 2 Writing and compiling plug-ins
- 3 Configuring plug-ins
- 4 An example plug-in
- Part II Writing functions and plug-ins
- 5 Front end API functions
- 5.1 Logging messages
- 5.2 Adding notes to access log entries
- 5.3 Sending data to the client
- 5.4 Determining if an operation was abandoned
- 5.5 Working with entries, attributes, and values
- 5.6 Working with DNs and RDNs
- 5.7 Working with search filters
- 5.8 Checking passwords
- 6 Writing pre- and postoperation plug-ins
- 7 Defining functions for LDAP operations
- 7.1 Specifying start and close functions
- 7.2 Processing an LDAP bind operation
- 7.3 Processing an LDAP unbind operation
- 7.4 Processing an LDAP search operation
- 7.5 Processing an LDAP compare operation
- 7.6 Processing an LDAP add operation
- 7.7 Processing an LDAP modify operation
- 7.8 Processing an LDAP modify RDN operation
- 7.9 Processing an LDAP delete operation
- 7.10 Processing an LDAP abandon operation
- 8 Defining functions for authentication
- 8.1 Understanding authentication methods
- 8.2 How the Directory Server identifies clients
- 8.3 How the authentication process works
- 8.4 Writing your own authentication plug-in
- 8.5 Writing a preoperation bind plug-in
- 8.6 Using SASL with an LDAP client
- 9 Writing entry store/fetch plug-ins
- 10 Writing extended operation plug-ins
- 11 Writing matching rule plug-ins
- 11.1 Understanding matching rules
- 11.2 Understanding matching rule plug-ins
- 11.3 Indexing based on matching rules
- 11.4 Handling extensible match filters
- 11.4.1 How the server handles the filter
- 11.4.2 Query operators in matching rules
- 11.4.3 Writing a filter factory function
- 11.4.4 Getting and setting parameters in filter factory functions
- 11.4.5 Writing a filter index function
- 11.4.6 Getting and setting parameters in filter index functions
- 11.4.7 Writing a filter matching function
- 11.5 Handling sorting by matching rules
- 11.6 Writing a destructor function
- 11.7 Writing an initialization function
- 11.8 Registering matching rule functions
- 11.9 Specifying start and close functions
- 12 Using the custom distribution logic
- 13 Using data interoperability plug-ins
- 5 Front end API functions
- Part III Data type and structure reference
- 14 Data type and structure reference
- 14.1 berval
- 14.2 computed_attr_context
- 14.3 LDAPControl
- 14.4 LDAPMod
- 14.5 mrFilterMatchFn
- 14.6 plugin_referral_entry_callback
- 14.7 plugin_result_callback
- 14.8 plugin_search_entry_callback
- 14.9 send_ldap_referral_fn_ptr_t
- 14.10 send_ldap_result_fn_ptr_t
- 14.11 send_ldap_search_entry_fn_ptr_t
- 14.12 Slapi_Attr
- 14.13 Slapi_Back end
- 14.14 slapi_back end_state_change_fnptr
- 14.15 Slapi_ComponentID
- 14.16 slapi_compute_callback_t
- 14.17 slapi_compute_output_t
- 14.18 Slapi_Connection
- 14.19 Slapi_CondVar
- 14.20 Slapi_Counter
- 14.21 Slapi_DN
- 14.22 Slapi_Entry
- 14.23 Slapi_Filter
- 14.24 Slapi_MatchingRuleEntry
- 14.25 Slapi_Mod
- 14.26 Slapi_Mods
- 14.27 Slapi_Mutex
- 14.28 Slapi_Operation
- 14.29 Slapi_PBlock
- 14.30 Slapi_PluginDesc
- 14.31 Slapi_RDN
- 14.32 Slapi_Task
- 14.33 Slapi_UniqueID
- 14.34 Slapi_Value
- 14.35 Slapi_ValueSet
- 14.36 Synchronization callbacks and data types
- 14 Data type and structure reference
- Part IV Function reference
- 15 Distribution routines
- 16 Functions for access control
- 17 Functions for internal operations and plug-in callback
- 18 Functions for setting internal operation flags
- 19 Functions for handling attributes
- 19.1 slapi_attr_add_value()
- 19.2 slapi_attr_basetype()
- 19.3 slapi_attr_dup()
- 19.4 slapi_attr_first_value()
- 19.5 slapi_attr_flag_is_set()
- 19.6 slapi_attr_free()
- 19.7 slapi_attr_get_bervals_copy()
- 19.8 slapi_attr_get_flags()
- 19.9 slapi_attr_get_numvalues()
- 19.10 slapi_attr_get_oid_copy()
- 19.11 slapi_attr_get_type()
- 19.12 slapi_attr_get_valueset()
- 19.13 slapi_attr_init()
- 19.14 slapi_attr_new()
- 19.15 slapi_attr_next_value()
- 19.16 slapi_attr_set_valueset()
- 19.17 slapi_attr_syntax_normalize()
- 19.18 slapi_attr_type2plugin()
- 19.19 slapi_attr_type_cmp()
- 19.20 slapi_attr_types_equivalent()
- 19.21 slapi_attr_value_cmp()
- 19.22 slapi_attr_value_find()
- 19.23 slapi_valueset_set_from_smod()
- 20 Functions for managing back end operations
- 20.1 slapi_be_addsuffix()
- 20.2 slapi_be_delete_onexit()
- 20.3 slapi_be_exist()
- 20.4 slapi_be_free()
- 20.5 slapi_be_get_instance_info()
- 20.6 slapi_be_get_name()
- 20.7 slapi_be_get_readonly()
- 20.8 slapi_be_getentrypoint()
- 20.9 slapi_be_getsuffix()
- 20.10 slapi_be_gettype()
- 20.11 slapi_be_is_flag_set()
- 20.12 slapi_be_issuffix()
- 20.13 slapi_be_logchanges()
- 20.14 slapi_be_new()
- 20.15 slapi_be_private()
- 20.16 slapi_be_select()
- 20.17 slapi_be_select_by_instance_name()
- 20.18 slapi_be_set_flag()
- 20.19 slapi_be_set_instance_info()
- 20.20 slapi_be_set_readonly()
- 20.21 slapi_be_setentrypoint()
- 20.22 slapi_get_first_back end()
- 20.23 slapi_get_first_suffix()
- 20.24 slapi_get_next_back end()
- 20.25 slapi_get_next_suffix()
- 20.26 slapi_is_root_suffix()
- 20.27 slapi_register_back end_state_change()
- 20.28 slapi_unregister_back end_state_change()
- 21 Functions for dealing with controls
- 22 Functions for syntax plug-ins
- 23 Functions for managing memory
- 24 Functions for managing entries
- 24.1 slapi_entry2str()
- 24.2 slapi_entry2str_with_options()
- 24.3 slapi_entry_add_rdn_values()
- 24.4 slapi_entry_add_string()
- 24.5 slapi_entry_add_value()
- 24.6 slapi_entry_add_values_sv()
- 24.7 slapi_entry_add_valueset()
- 24.8 slapi_entry_alloc()
- 24.9 slapi_entry_apply_mods()
- 24.10 slapi_entry_attr_delete()
- 24.11 slapi_entry_attr_find()
- 24.12 slapi_entry_attr_get_bool()
- 24.13 slapi_entry_attr_get_charptr()
- 24.14 slapi_entry_attr_get_charray()
- 24.15 slapi_entry_attr_get_int()
- 24.16 slapi_entry_attr_get_long()
- 24.17 slapi_entry_attr_get_uint()
- 24.18 slapi_entry_attr_get_ulong()
- 24.19 slapi_entry_attr_has_syntax_value()
- 24.20 slapi_entry_attr_merge_sv()
- 24.21 slapi_entry_attr_replace_sv()
- 24.22 slapi_entry_attr_set_charptr()
- 24.23 slapi_entry_attr_set_int()
- 24.24 slapi_entry_attr_set_long()
- 24.25 slapi_entry_attr_set_uint()
- 24.26 slapi_entry_attr_set_ulong()
- 24.27 slapi_entry_delete_string()
- 24.28 slapi_entry_delete_values_sv()
- 24.29 slapi_entry_dup()
- 24.30 slapi_entry_first_attr()
- 24.31 slapi_entry_free()
- 24.32 slapi_entry_get_dn()
- 24.33 slapi_entry_get_dn_const()
- 24.34 slapi_entry_get_ndn()
- 24.35 slapi_entry_get_sdn()
- 24.36 slapi_entry_get_sdn_const()
- 24.37 slapi_entry_get_uniqueid()
- 24.38 slapi_entry_has_children()
- 24.39 slapi_entry_init()
- 24.40 slapi_entry_merge_values_sv()
- 24.41 slapi_entry_next_attr()
- 24.42 slapi_entry_rdn_values_present()
- 24.43 slapi_entry_schema_check()
- 24.44 slapi_entry_set_dn()
- 24.45 slapi_entry_set_sdn()
- 24.46 slapi_entry_set_uniqueid()
- 24.47 slapi_entry_size()
- 24.48 slapi_is_rootdse()
- 24.49 slapi_str2entry()
- 25 Functions related to entry flags
- 26 Functions for dealing with filters
- 26.1 slapi_filter_apply()
- 26.2 slapi_filter_compare()
- 26.3 slapi_filter_dup()
- 26.4 slapi_filter_free()
- 26.5 slapi_filter_get_attribute_type()
- 26.6 slapi_filter_get_ava()
- 26.7 slapi_filter_get_choice()
- 26.8 slapi_filter_get_subfilt()
- 26.9 slapi_filter_get_type()
- 26.10 slapi_filter_join()
- 26.11 slapi_filter_join_ex()
- 26.12 slapi_filter_list_first()
- 26.13 slapi_filter_list_next()
- 26.14 slapi_filter_test()
- 26.15 slapi_filter_test_ext()
- 26.16 slapi_filter_test_simple()
- 26.17 slapi_find_matching_paren()
- 26.18 slapi_str2filter()
- 26.19 slapi_vattr_filter_test()
- 27 Functions specific to extended operation
- 28 Functions specific to bind methods
- 29 Functions for thread-safe LDAP connections
- 30 Functions for logging
- 31 Functions for counters
- 32 Functions for handling matching rules
- 32.1 slapi_berval_cmp()
- 32.2 slapi_matchingrule_free()
- 32.3 slapi_matchingrule_get()
- 32.4 slapi_matchingrule_is_ordering()
- 32.5 slapi_matchingrule_new()
- 32.6 slapi_matchingrule_register()
- 32.7 slapi_matchingrule_set()
- 32.8 slapi_matchingrule_unregister()
- 32.9 slapi_mr_filter_index()
- 32.10 slapi_mr_indexer_create()
- 33 Functions for LDAPMod manipulation
- 33.1 slapi_entry2mods()
- 33.2 slapi_mod_add_value()
- 33.3 slapi_mod_done()
- 33.4 slapi_mod_dump()
- 33.5 slapi_mod_free()
- 33.6 slapi_mod_get_first_value()
- 33.7 slapi_mod_get_ldapmod_byref()
- 33.8 slapi_mod_get_ldapmod_passout()
- 33.9 slapi_mod_get_next_value()
- 33.10 slapi_mod_get_num_values()
- 33.11 slapi_mod_get_operation()
- 33.12 slapi_mod_get_type()
- 33.13 slapi_mod_init()
- 33.14 slapi_mod_init_byref()
- 33.15 slapi_mod_init_byval()
- 33.16 slapi_mod_init_passin()
- 33.17 slapi_mod_init_valueset_byval()
- 33.18 slapi_mod_isvalid()
- 33.19 slapi_mod_new()
- 33.20 slapi_mod_remove_value()
- 33.21 slapi_mod_set_operation()
- 33.22 slapi_mod_set_type()
- 33.23 slapi_mods2entry()
- 33.24 slapi_mods_add()
- 33.25 slapi_mods_add_ldapmod()
- 33.26 slapi_mods_add_mod_values()
- 33.27 slapi_mods_add_smod()
- 33.28 slapi_mods_add_modbvps()
- 33.29 slapi_mods_add_string()
- 33.30 slapi_mods_done()
- 33.31 slapi_mods_dump()
- 33.32 slapi_mods_free()
- 33.33 slapi_mods_get_first_mod()
- 33.34 slapi_mods_get_first_smod()
- 33.35 slapi_mods_get_ldapmods_byref()
- 33.36 slapi_mods_get_ldapmods_passout()
- 33.37 slapi_mods_get_next_mod()
- 33.38 slapi_mods_get_next_smod()
- 33.39 slapi_mods_get_num_mods()
- 33.40 slapi_mods_init()
- 33.41 slapi_mods_init_byref()
- 33.42 slapi_mods_init_passin()
- 33.43 slapi_mods_insert_after()
- 33.44 slapi_mods_insert_at()
- 33.45 slapi_mods_insert_before()
- 33.46 slapi_mods_insert_smod_at()
- 33.47 slapi_mods_insert_smod_before()
- 33.48 slapi_mods_iterator_backone()
- 33.49 slapi_mods_new()
- 33.50 slapi_mods_remove()
- 34 Functions for monitoring operations
- 35 Functions for managing parameter block
- 36 Functions for handling passwords
- 37 Functions for managing RDNs
- 37.1 slapi_rdn_add()
- 37.2 slapi_rdn_compare()
- 37.3 slapi_rdn_contains()
- 37.4 slapi_rdn_contains_attr()
- 37.5 slapi_rdn_done()
- 37.6 slapi_rdn_free()
- 37.7 slapi_rdn_get_first()
- 37.8 slapi_rdn_get_index()
- 37.9 slapi_rdn_get_index_attr()
- 37.10 slapi_rdn_get_next()
- 37.11 slapi_rdn_get_num_components()
- 37.12 slapi_rdn_get_rdn()
- 37.13 slapi_rdn_get_nrdn()
- 37.14 slapi_rdn_init()
- 37.15 slapi_rdn_init_dn()
- 37.16 slapi_rdn_init_rdn()
- 37.17 slapi_rdn_init_sdn()
- 37.18 slapi_rdn_isempty()
- 37.19 slapi_rdn_new()
- 37.20 slapi_rdn_new_dn()
- 37.21 slapi_rdn_new_rdn()
- 37.22 slapi_rdn_new_sdn()
- 37.23 slapi_rdn_remove()
- 37.24 slapi_rdn_remove_attr()
- 37.25 slapi_rdn_remove_index()
- 37.26 slapi_rdn_set_dn()
- 37.27 slapi_rdn_set_rdn()
- 37.28 slapi_rdn_set_sdn()
- 37.29 slapi_rdn2typeval()
- 38 Functions for managing roles
- 39 Functions for managing DNs
- 39.1 slapi_dn_isroot()
- 39.2 slapi_dn_normalize_case()
- 39.3 slapi_dn_normalize_to_end()
- 39.4 slapi_moddn_get_newdn()
- 39.5 slapi_sdn_add_rdn()
- 39.6 slapi_sdn_compare()
- 39.7 slapi_sdn_copy()
- 39.8 slapi_sdn_done()
- 39.9 slapi_sdn_dup()
- 39.10 slapi_sdn_free()
- 39.11 slapi_sdn_get_back end_parent()
- 39.12 slapi_sdn_get_dn()
- 39.13 slapi_sdn_get_ndn()
- 39.14 slapi_sdn_get_ndn_len()
- 39.15 slapi_sdn_get_parent()
- 39.16 slapi_sdn_get_rdn()
- 39.17 slapi_sdn_is_rdn_component()
- 39.18 slapi_sdn_isempty()
- 39.19 slapi_sdn_isgrandparent()
- 39.20 slapi_sdn_isparent()
- 39.21 slapi_sdn_issuffix()
- 39.22 slapi_sdn_new()
- 39.23 slapi_sdn_new_dn_byref()
- 39.24 slapi_sdn_new_dn_byval()
- 39.25 slapi_sdn_new_dn_passin()
- 39.26 slapi_sdn_new_ndn_byref()
- 39.27 slapi_sdn_new_ndn_byval()
- 39.28 slapi_sdn_scope_test()
- 39.29 slapi_sdn_set_dn_byref()
- 39.30 slapi_sdn_set_dn_byval()
- 39.31 slapi_sdn_set_dn_passin()
- 39.32 slapi_sdn_set_ndn_byref()
- 39.33 slapi_sdn_set_ndn_byval()
- 39.34 slapi_sdn_set_parent()
- 39.35 slapi_sdn_set_rdn()
- 40 Functions for sending entries and results to the client
- 41 Functions related to UTF-8
- 41.1 slapi_has8thBit()
- 41.2 slapi_utf8casecmp()
- 41.3 slapi_UTF8CASECMP()
- 41.4 slapi_utf8ncasecmp()
- 41.5 slapi_UTF8NCASECMP()
- 41.6 slapi_utf8isLower()
- 41.7 slapi_UTF8ISLOWER()
- 41.8 slapi_utf8isUpper()
- 41.9 slapi_UTF8ISUPPER()
- 41.10 slapi_utf8StrToLower()
- 41.11 slapi_UTF8STRTOLOWER()
- 41.12 slapi_utf8StrToUpper()
- 41.13 slapi_UTF8STRTOUPPER()
- 41.14 slapi_utf8ToLower()
- 41.15 slapi_UTF8TOLOWER()
- 41.16 slapi_utf8ToUpper()
- 41.17 slapi_UTF8TOUPPER()
- 42 Functions for handling values
- 42.1 slapi_value_compare()
- 42.2 slapi_value_dup()
- 42.3 slapi_value_free()
- 42.4 slapi_value_get_berval()
- 42.5 slapi_value_get_int()
- 42.6 slapi_value_get_length()
- 42.7 slapi_value_get_long()
- 42.8 slapi_value_get_string()
- 42.9 slapi_value_get_uint()
- 42.10 slapi_value_get_ulong()
- 42.11 slapi_value_init()
- 42.12 slapi_value_init_berval()
- 42.13 slapi_value_init_string()
- 42.14 slapi_value_init_string_passin()
- 42.15 slapi_value_new()
- 42.16 slapi_value_new_berval()
- 42.17 slapi_value_new_string()
- 42.18 slapi_value_new_string_passin()
- 42.19 slapi_value_new_value()
- 42.20 slapi_value_set()
- 42.21 slapi_value_set_berval()
- 42.22 slapi_value_set_int()
- 42.23 slapi_value_set_string()
- 42.24 slapi_value_set_string_passin()
- 42.25 slapi_value_set_value()
- 43 Functions for handling valuesets
- 43.1 slapi_valueset_add_value()
- 43.2 slapi_valueset_add_value_ext()
- 43.3 slapi_valueset_count()
- 43.4 slapi_valueset_done()
- 43.5 slapi_valueset_find()
- 43.6 slapi_valueset_first_value()
- 43.7 slapi_valueset_free()
- 43.8 slapi_valueset_init()
- 43.9 slapi_valueset_new()
- 43.10 slapi_valueset_next_value()
- 43.11 slapi_valueset_set_from_smod()
- 43.12 slapi_valueset_set_valueset()
- 44 Functions specific to virtual attribute service
- 45 Functions for managing locks and synchronization
- 46 Functions for managing computed attributes
- 47 Functions for manipulating bits
- 48 Functions for registering object extensions
- 49 Functions related to data interoperability
- 50 Functions for registering additional plug-ins
- 51 Functions for server tasks
- 51.1 slapi_destroy_task()
- 51.2 slapi_new_task()
- 51.3 slapi_task_begin()
- 51.4 slapi_task_cancel()
- 51.5 slapi_task_dec_refcount()
- 51.6 slapi_task_finish()
- 51.7 slapi_task_get_data()
- 51.8 slapi_task_get_refcount()
- 51.9 slapi_task_get_state()
- 51.10 slapi_task_inc_progress()
- 51.11 slapi_task_inc_refcount()
- 51.12 slapi_task_log_notice()
- 51.13 slapi_task_log_status()
- 51.14 slapi_task_register_handler()
- 51.15 slapi_task_set_data()
- 51.16 slapi_task_set_cancel_fn()
- 51.17 slapi_task_set_destructor_fn()
- 51.18 slapi_task_status_changed()
- Part V Parameter block reference
- 52 Parameters for registering plug-in functions
- 53 Parameters accessible to all plug-ins
- 53.1 Information about the database
- 53.2 Information about the connection
- 53.3 Information about the operation
- 53.4 Information about extended operations
- 53.5 Information about the transaction
- 53.6 Information about access control lists
- 53.7 Notes in the access log
- 53.8 Information about the plug-in
- 53.9 Information about command-line arguments
- 53.10 Information about attributes
- 53.11 Information about targets
- 54 Parameters for the bind function
- 55 Parameters for the search function
- 56 Parameters that convert strings to entries
- 57 Parameters for the add function
- 58 Parameters for the compare function
- 59 Parameters for the delete function
- 60 Parameters for the modify function
- 61 Parameters for the modify RDN function
- 62 Parameters for the abandon function
- 63 Parameters for the matching rule function
- 64 Parameters for LDBM back end pre- and postoperation functions
- 65 Parameters for the database
- 66 Parameters for LDAP functions
- 67 Parameters for error logging
- 68 Parameters for filters
- 69 Parameters for password storage
- 70 Parameters for resource limits
- 71 Parameters for the virtual attribute service
- Part VI Support and other resources
- Glossary
- Index
13 Using data interoperability plug-ins
This chapter explains how to use the Data Interoperability (DIOP) feature of the HP-UX Directory
Server (Directory Server). The DIOP feature refers to Directory Server's ability to work with a
proprietary database, instead of the default database created during installation.
You can now use the enhanced preoperation interfaces to implement plug-ins that are designed
to provide access to alternative directory data stores, instead of the database back end plug-in
interface, which is not supported in current releases. You do this by developing a custom
preoperation plug-in to provide an alternate functionality for the LDAP operations, such as
search, modify, add, and so on. These operations are generally targeted at the root suffix or the
null DN (meaning dn:), and your plug-in will have to be designed to intercept these operations
and divert them to be serviced by an alternate data source or alternate access methods.
This chapter covers deployment considerations, configuration changes required to use the DIOP
feature, a list of supported and unsupported features, and other useful information.
13.1 Installing Directory Server
This section explains how to install Directory Server in order to test and use the DIOP feature.
13.1.1 Understanding deployment configuration
To verify whether the DIOP feature works in Directory Server, your deployment must comprise
two instances of Directory Server:
• An instance of Directory Server that will be used for storing configuration data. This instance
is identified as the configurationDirectory Server.
• An instance of Directory Server that will be used for enabling the DIOP plug-in. This instance
is identified as the DIOP-enabledDirectory Server.
For detailed information on directory deployments, check the HP-UX Directory Server deployment
guide. To understand the role of a configuration Directory Server in a directory deployment,
check Managing Servers with the Console.
Because the DIOP plug-in is a preoperation plug-in, enabling the plug-in will impose certain
limitations on the default behavior of Directory Server.
• The Directory Server Console will not be fully functional in the DIOP-enabled Directory
Server, and you will not be able to administer the server via the Console. However, you will
be able to use the configuration Directory Server Console to manage the DIOP-enabled
Directory Server.
• Some of the default plug-ins that are provided with the server will not work in the
DIOP-enabled Directory Server. The DIOP plug-in is a preoperation plug-in, and intercepting
all LDAP operations will result in the other plug-ins being unusable. Table 13-1 “Plug-in
status in DIOP-enabled Directory Server” identifies plug-ins that are unsupported in the
DIOP-enabled Directory Server. All unsupported plug-ins must be disabled before using
the DIOP plug-in.
Table 13-1 Plug-in status in DIOP-enabled Directory Server
Unsupported
plug-ins
2
Plug-in name
1
Unsupported
plug-ins
2
Plug-in name
1
-Octet String SyntaxX7-bit check
-OID Syntax-ACL
XPass-through Authentication-ACL preoperation
-Postal Address Syntax-Binary Syntax
13.1 Installing Directory Server 107