HP-UX Directory Server 8.1 plug-in reference
Table Of Contents
- HP-UX Directory Server plug-in reference
- Table of Contents
- Part I Introduction to Directory Server plug-ins
- 1 An overview of Directory Server plug-ins
- 2 Writing and compiling plug-ins
- 3 Configuring plug-ins
- 4 An example plug-in
- Part II Writing functions and plug-ins
- 5 Front end API functions
- 5.1 Logging messages
- 5.2 Adding notes to access log entries
- 5.3 Sending data to the client
- 5.4 Determining if an operation was abandoned
- 5.5 Working with entries, attributes, and values
- 5.6 Working with DNs and RDNs
- 5.7 Working with search filters
- 5.8 Checking passwords
- 6 Writing pre- and postoperation plug-ins
- 7 Defining functions for LDAP operations
- 7.1 Specifying start and close functions
- 7.2 Processing an LDAP bind operation
- 7.3 Processing an LDAP unbind operation
- 7.4 Processing an LDAP search operation
- 7.5 Processing an LDAP compare operation
- 7.6 Processing an LDAP add operation
- 7.7 Processing an LDAP modify operation
- 7.8 Processing an LDAP modify RDN operation
- 7.9 Processing an LDAP delete operation
- 7.10 Processing an LDAP abandon operation
- 8 Defining functions for authentication
- 8.1 Understanding authentication methods
- 8.2 How the Directory Server identifies clients
- 8.3 How the authentication process works
- 8.4 Writing your own authentication plug-in
- 8.5 Writing a preoperation bind plug-in
- 8.6 Using SASL with an LDAP client
- 9 Writing entry store/fetch plug-ins
- 10 Writing extended operation plug-ins
- 11 Writing matching rule plug-ins
- 11.1 Understanding matching rules
- 11.2 Understanding matching rule plug-ins
- 11.3 Indexing based on matching rules
- 11.4 Handling extensible match filters
- 11.4.1 How the server handles the filter
- 11.4.2 Query operators in matching rules
- 11.4.3 Writing a filter factory function
- 11.4.4 Getting and setting parameters in filter factory functions
- 11.4.5 Writing a filter index function
- 11.4.6 Getting and setting parameters in filter index functions
- 11.4.7 Writing a filter matching function
- 11.5 Handling sorting by matching rules
- 11.6 Writing a destructor function
- 11.7 Writing an initialization function
- 11.8 Registering matching rule functions
- 11.9 Specifying start and close functions
- 12 Using the custom distribution logic
- 13 Using data interoperability plug-ins
- 5 Front end API functions
- Part III Data type and structure reference
- 14 Data type and structure reference
- 14.1 berval
- 14.2 computed_attr_context
- 14.3 LDAPControl
- 14.4 LDAPMod
- 14.5 mrFilterMatchFn
- 14.6 plugin_referral_entry_callback
- 14.7 plugin_result_callback
- 14.8 plugin_search_entry_callback
- 14.9 send_ldap_referral_fn_ptr_t
- 14.10 send_ldap_result_fn_ptr_t
- 14.11 send_ldap_search_entry_fn_ptr_t
- 14.12 Slapi_Attr
- 14.13 Slapi_Back end
- 14.14 slapi_back end_state_change_fnptr
- 14.15 Slapi_ComponentID
- 14.16 slapi_compute_callback_t
- 14.17 slapi_compute_output_t
- 14.18 Slapi_Connection
- 14.19 Slapi_CondVar
- 14.20 Slapi_Counter
- 14.21 Slapi_DN
- 14.22 Slapi_Entry
- 14.23 Slapi_Filter
- 14.24 Slapi_MatchingRuleEntry
- 14.25 Slapi_Mod
- 14.26 Slapi_Mods
- 14.27 Slapi_Mutex
- 14.28 Slapi_Operation
- 14.29 Slapi_PBlock
- 14.30 Slapi_PluginDesc
- 14.31 Slapi_RDN
- 14.32 Slapi_Task
- 14.33 Slapi_UniqueID
- 14.34 Slapi_Value
- 14.35 Slapi_ValueSet
- 14.36 Synchronization callbacks and data types
- 14 Data type and structure reference
- Part IV Function reference
- 15 Distribution routines
- 16 Functions for access control
- 17 Functions for internal operations and plug-in callback
- 18 Functions for setting internal operation flags
- 19 Functions for handling attributes
- 19.1 slapi_attr_add_value()
- 19.2 slapi_attr_basetype()
- 19.3 slapi_attr_dup()
- 19.4 slapi_attr_first_value()
- 19.5 slapi_attr_flag_is_set()
- 19.6 slapi_attr_free()
- 19.7 slapi_attr_get_bervals_copy()
- 19.8 slapi_attr_get_flags()
- 19.9 slapi_attr_get_numvalues()
- 19.10 slapi_attr_get_oid_copy()
- 19.11 slapi_attr_get_type()
- 19.12 slapi_attr_get_valueset()
- 19.13 slapi_attr_init()
- 19.14 slapi_attr_new()
- 19.15 slapi_attr_next_value()
- 19.16 slapi_attr_set_valueset()
- 19.17 slapi_attr_syntax_normalize()
- 19.18 slapi_attr_type2plugin()
- 19.19 slapi_attr_type_cmp()
- 19.20 slapi_attr_types_equivalent()
- 19.21 slapi_attr_value_cmp()
- 19.22 slapi_attr_value_find()
- 19.23 slapi_valueset_set_from_smod()
- 20 Functions for managing back end operations
- 20.1 slapi_be_addsuffix()
- 20.2 slapi_be_delete_onexit()
- 20.3 slapi_be_exist()
- 20.4 slapi_be_free()
- 20.5 slapi_be_get_instance_info()
- 20.6 slapi_be_get_name()
- 20.7 slapi_be_get_readonly()
- 20.8 slapi_be_getentrypoint()
- 20.9 slapi_be_getsuffix()
- 20.10 slapi_be_gettype()
- 20.11 slapi_be_is_flag_set()
- 20.12 slapi_be_issuffix()
- 20.13 slapi_be_logchanges()
- 20.14 slapi_be_new()
- 20.15 slapi_be_private()
- 20.16 slapi_be_select()
- 20.17 slapi_be_select_by_instance_name()
- 20.18 slapi_be_set_flag()
- 20.19 slapi_be_set_instance_info()
- 20.20 slapi_be_set_readonly()
- 20.21 slapi_be_setentrypoint()
- 20.22 slapi_get_first_back end()
- 20.23 slapi_get_first_suffix()
- 20.24 slapi_get_next_back end()
- 20.25 slapi_get_next_suffix()
- 20.26 slapi_is_root_suffix()
- 20.27 slapi_register_back end_state_change()
- 20.28 slapi_unregister_back end_state_change()
- 21 Functions for dealing with controls
- 22 Functions for syntax plug-ins
- 23 Functions for managing memory
- 24 Functions for managing entries
- 24.1 slapi_entry2str()
- 24.2 slapi_entry2str_with_options()
- 24.3 slapi_entry_add_rdn_values()
- 24.4 slapi_entry_add_string()
- 24.5 slapi_entry_add_value()
- 24.6 slapi_entry_add_values_sv()
- 24.7 slapi_entry_add_valueset()
- 24.8 slapi_entry_alloc()
- 24.9 slapi_entry_apply_mods()
- 24.10 slapi_entry_attr_delete()
- 24.11 slapi_entry_attr_find()
- 24.12 slapi_entry_attr_get_bool()
- 24.13 slapi_entry_attr_get_charptr()
- 24.14 slapi_entry_attr_get_charray()
- 24.15 slapi_entry_attr_get_int()
- 24.16 slapi_entry_attr_get_long()
- 24.17 slapi_entry_attr_get_uint()
- 24.18 slapi_entry_attr_get_ulong()
- 24.19 slapi_entry_attr_has_syntax_value()
- 24.20 slapi_entry_attr_merge_sv()
- 24.21 slapi_entry_attr_replace_sv()
- 24.22 slapi_entry_attr_set_charptr()
- 24.23 slapi_entry_attr_set_int()
- 24.24 slapi_entry_attr_set_long()
- 24.25 slapi_entry_attr_set_uint()
- 24.26 slapi_entry_attr_set_ulong()
- 24.27 slapi_entry_delete_string()
- 24.28 slapi_entry_delete_values_sv()
- 24.29 slapi_entry_dup()
- 24.30 slapi_entry_first_attr()
- 24.31 slapi_entry_free()
- 24.32 slapi_entry_get_dn()
- 24.33 slapi_entry_get_dn_const()
- 24.34 slapi_entry_get_ndn()
- 24.35 slapi_entry_get_sdn()
- 24.36 slapi_entry_get_sdn_const()
- 24.37 slapi_entry_get_uniqueid()
- 24.38 slapi_entry_has_children()
- 24.39 slapi_entry_init()
- 24.40 slapi_entry_merge_values_sv()
- 24.41 slapi_entry_next_attr()
- 24.42 slapi_entry_rdn_values_present()
- 24.43 slapi_entry_schema_check()
- 24.44 slapi_entry_set_dn()
- 24.45 slapi_entry_set_sdn()
- 24.46 slapi_entry_set_uniqueid()
- 24.47 slapi_entry_size()
- 24.48 slapi_is_rootdse()
- 24.49 slapi_str2entry()
- 25 Functions related to entry flags
- 26 Functions for dealing with filters
- 26.1 slapi_filter_apply()
- 26.2 slapi_filter_compare()
- 26.3 slapi_filter_dup()
- 26.4 slapi_filter_free()
- 26.5 slapi_filter_get_attribute_type()
- 26.6 slapi_filter_get_ava()
- 26.7 slapi_filter_get_choice()
- 26.8 slapi_filter_get_subfilt()
- 26.9 slapi_filter_get_type()
- 26.10 slapi_filter_join()
- 26.11 slapi_filter_join_ex()
- 26.12 slapi_filter_list_first()
- 26.13 slapi_filter_list_next()
- 26.14 slapi_filter_test()
- 26.15 slapi_filter_test_ext()
- 26.16 slapi_filter_test_simple()
- 26.17 slapi_find_matching_paren()
- 26.18 slapi_str2filter()
- 26.19 slapi_vattr_filter_test()
- 27 Functions specific to extended operation
- 28 Functions specific to bind methods
- 29 Functions for thread-safe LDAP connections
- 30 Functions for logging
- 31 Functions for counters
- 32 Functions for handling matching rules
- 32.1 slapi_berval_cmp()
- 32.2 slapi_matchingrule_free()
- 32.3 slapi_matchingrule_get()
- 32.4 slapi_matchingrule_is_ordering()
- 32.5 slapi_matchingrule_new()
- 32.6 slapi_matchingrule_register()
- 32.7 slapi_matchingrule_set()
- 32.8 slapi_matchingrule_unregister()
- 32.9 slapi_mr_filter_index()
- 32.10 slapi_mr_indexer_create()
- 33 Functions for LDAPMod manipulation
- 33.1 slapi_entry2mods()
- 33.2 slapi_mod_add_value()
- 33.3 slapi_mod_done()
- 33.4 slapi_mod_dump()
- 33.5 slapi_mod_free()
- 33.6 slapi_mod_get_first_value()
- 33.7 slapi_mod_get_ldapmod_byref()
- 33.8 slapi_mod_get_ldapmod_passout()
- 33.9 slapi_mod_get_next_value()
- 33.10 slapi_mod_get_num_values()
- 33.11 slapi_mod_get_operation()
- 33.12 slapi_mod_get_type()
- 33.13 slapi_mod_init()
- 33.14 slapi_mod_init_byref()
- 33.15 slapi_mod_init_byval()
- 33.16 slapi_mod_init_passin()
- 33.17 slapi_mod_init_valueset_byval()
- 33.18 slapi_mod_isvalid()
- 33.19 slapi_mod_new()
- 33.20 slapi_mod_remove_value()
- 33.21 slapi_mod_set_operation()
- 33.22 slapi_mod_set_type()
- 33.23 slapi_mods2entry()
- 33.24 slapi_mods_add()
- 33.25 slapi_mods_add_ldapmod()
- 33.26 slapi_mods_add_mod_values()
- 33.27 slapi_mods_add_smod()
- 33.28 slapi_mods_add_modbvps()
- 33.29 slapi_mods_add_string()
- 33.30 slapi_mods_done()
- 33.31 slapi_mods_dump()
- 33.32 slapi_mods_free()
- 33.33 slapi_mods_get_first_mod()
- 33.34 slapi_mods_get_first_smod()
- 33.35 slapi_mods_get_ldapmods_byref()
- 33.36 slapi_mods_get_ldapmods_passout()
- 33.37 slapi_mods_get_next_mod()
- 33.38 slapi_mods_get_next_smod()
- 33.39 slapi_mods_get_num_mods()
- 33.40 slapi_mods_init()
- 33.41 slapi_mods_init_byref()
- 33.42 slapi_mods_init_passin()
- 33.43 slapi_mods_insert_after()
- 33.44 slapi_mods_insert_at()
- 33.45 slapi_mods_insert_before()
- 33.46 slapi_mods_insert_smod_at()
- 33.47 slapi_mods_insert_smod_before()
- 33.48 slapi_mods_iterator_backone()
- 33.49 slapi_mods_new()
- 33.50 slapi_mods_remove()
- 34 Functions for monitoring operations
- 35 Functions for managing parameter block
- 36 Functions for handling passwords
- 37 Functions for managing RDNs
- 37.1 slapi_rdn_add()
- 37.2 slapi_rdn_compare()
- 37.3 slapi_rdn_contains()
- 37.4 slapi_rdn_contains_attr()
- 37.5 slapi_rdn_done()
- 37.6 slapi_rdn_free()
- 37.7 slapi_rdn_get_first()
- 37.8 slapi_rdn_get_index()
- 37.9 slapi_rdn_get_index_attr()
- 37.10 slapi_rdn_get_next()
- 37.11 slapi_rdn_get_num_components()
- 37.12 slapi_rdn_get_rdn()
- 37.13 slapi_rdn_get_nrdn()
- 37.14 slapi_rdn_init()
- 37.15 slapi_rdn_init_dn()
- 37.16 slapi_rdn_init_rdn()
- 37.17 slapi_rdn_init_sdn()
- 37.18 slapi_rdn_isempty()
- 37.19 slapi_rdn_new()
- 37.20 slapi_rdn_new_dn()
- 37.21 slapi_rdn_new_rdn()
- 37.22 slapi_rdn_new_sdn()
- 37.23 slapi_rdn_remove()
- 37.24 slapi_rdn_remove_attr()
- 37.25 slapi_rdn_remove_index()
- 37.26 slapi_rdn_set_dn()
- 37.27 slapi_rdn_set_rdn()
- 37.28 slapi_rdn_set_sdn()
- 37.29 slapi_rdn2typeval()
- 38 Functions for managing roles
- 39 Functions for managing DNs
- 39.1 slapi_dn_isroot()
- 39.2 slapi_dn_normalize_case()
- 39.3 slapi_dn_normalize_to_end()
- 39.4 slapi_moddn_get_newdn()
- 39.5 slapi_sdn_add_rdn()
- 39.6 slapi_sdn_compare()
- 39.7 slapi_sdn_copy()
- 39.8 slapi_sdn_done()
- 39.9 slapi_sdn_dup()
- 39.10 slapi_sdn_free()
- 39.11 slapi_sdn_get_back end_parent()
- 39.12 slapi_sdn_get_dn()
- 39.13 slapi_sdn_get_ndn()
- 39.14 slapi_sdn_get_ndn_len()
- 39.15 slapi_sdn_get_parent()
- 39.16 slapi_sdn_get_rdn()
- 39.17 slapi_sdn_is_rdn_component()
- 39.18 slapi_sdn_isempty()
- 39.19 slapi_sdn_isgrandparent()
- 39.20 slapi_sdn_isparent()
- 39.21 slapi_sdn_issuffix()
- 39.22 slapi_sdn_new()
- 39.23 slapi_sdn_new_dn_byref()
- 39.24 slapi_sdn_new_dn_byval()
- 39.25 slapi_sdn_new_dn_passin()
- 39.26 slapi_sdn_new_ndn_byref()
- 39.27 slapi_sdn_new_ndn_byval()
- 39.28 slapi_sdn_scope_test()
- 39.29 slapi_sdn_set_dn_byref()
- 39.30 slapi_sdn_set_dn_byval()
- 39.31 slapi_sdn_set_dn_passin()
- 39.32 slapi_sdn_set_ndn_byref()
- 39.33 slapi_sdn_set_ndn_byval()
- 39.34 slapi_sdn_set_parent()
- 39.35 slapi_sdn_set_rdn()
- 40 Functions for sending entries and results to the client
- 41 Functions related to UTF-8
- 41.1 slapi_has8thBit()
- 41.2 slapi_utf8casecmp()
- 41.3 slapi_UTF8CASECMP()
- 41.4 slapi_utf8ncasecmp()
- 41.5 slapi_UTF8NCASECMP()
- 41.6 slapi_utf8isLower()
- 41.7 slapi_UTF8ISLOWER()
- 41.8 slapi_utf8isUpper()
- 41.9 slapi_UTF8ISUPPER()
- 41.10 slapi_utf8StrToLower()
- 41.11 slapi_UTF8STRTOLOWER()
- 41.12 slapi_utf8StrToUpper()
- 41.13 slapi_UTF8STRTOUPPER()
- 41.14 slapi_utf8ToLower()
- 41.15 slapi_UTF8TOLOWER()
- 41.16 slapi_utf8ToUpper()
- 41.17 slapi_UTF8TOUPPER()
- 42 Functions for handling values
- 42.1 slapi_value_compare()
- 42.2 slapi_value_dup()
- 42.3 slapi_value_free()
- 42.4 slapi_value_get_berval()
- 42.5 slapi_value_get_int()
- 42.6 slapi_value_get_length()
- 42.7 slapi_value_get_long()
- 42.8 slapi_value_get_string()
- 42.9 slapi_value_get_uint()
- 42.10 slapi_value_get_ulong()
- 42.11 slapi_value_init()
- 42.12 slapi_value_init_berval()
- 42.13 slapi_value_init_string()
- 42.14 slapi_value_init_string_passin()
- 42.15 slapi_value_new()
- 42.16 slapi_value_new_berval()
- 42.17 slapi_value_new_string()
- 42.18 slapi_value_new_string_passin()
- 42.19 slapi_value_new_value()
- 42.20 slapi_value_set()
- 42.21 slapi_value_set_berval()
- 42.22 slapi_value_set_int()
- 42.23 slapi_value_set_string()
- 42.24 slapi_value_set_string_passin()
- 42.25 slapi_value_set_value()
- 43 Functions for handling valuesets
- 43.1 slapi_valueset_add_value()
- 43.2 slapi_valueset_add_value_ext()
- 43.3 slapi_valueset_count()
- 43.4 slapi_valueset_done()
- 43.5 slapi_valueset_find()
- 43.6 slapi_valueset_first_value()
- 43.7 slapi_valueset_free()
- 43.8 slapi_valueset_init()
- 43.9 slapi_valueset_new()
- 43.10 slapi_valueset_next_value()
- 43.11 slapi_valueset_set_from_smod()
- 43.12 slapi_valueset_set_valueset()
- 44 Functions specific to virtual attribute service
- 45 Functions for managing locks and synchronization
- 46 Functions for managing computed attributes
- 47 Functions for manipulating bits
- 48 Functions for registering object extensions
- 49 Functions related to data interoperability
- 50 Functions for registering additional plug-ins
- 51 Functions for server tasks
- 51.1 slapi_destroy_task()
- 51.2 slapi_new_task()
- 51.3 slapi_task_begin()
- 51.4 slapi_task_cancel()
- 51.5 slapi_task_dec_refcount()
- 51.6 slapi_task_finish()
- 51.7 slapi_task_get_data()
- 51.8 slapi_task_get_refcount()
- 51.9 slapi_task_get_state()
- 51.10 slapi_task_inc_progress()
- 51.11 slapi_task_inc_refcount()
- 51.12 slapi_task_log_notice()
- 51.13 slapi_task_log_status()
- 51.14 slapi_task_register_handler()
- 51.15 slapi_task_set_data()
- 51.16 slapi_task_set_cancel_fn()
- 51.17 slapi_task_set_destructor_fn()
- 51.18 slapi_task_status_changed()
- Part V Parameter block reference
- 52 Parameters for registering plug-in functions
- 53 Parameters accessible to all plug-ins
- 53.1 Information about the database
- 53.2 Information about the connection
- 53.3 Information about the operation
- 53.4 Information about extended operations
- 53.5 Information about the transaction
- 53.6 Information about access control lists
- 53.7 Notes in the access log
- 53.8 Information about the plug-in
- 53.9 Information about command-line arguments
- 53.10 Information about attributes
- 53.11 Information about targets
- 54 Parameters for the bind function
- 55 Parameters for the search function
- 56 Parameters that convert strings to entries
- 57 Parameters for the add function
- 58 Parameters for the compare function
- 59 Parameters for the delete function
- 60 Parameters for the modify function
- 61 Parameters for the modify RDN function
- 62 Parameters for the abandon function
- 63 Parameters for the matching rule function
- 64 Parameters for LDBM back end pre- and postoperation functions
- 65 Parameters for the database
- 66 Parameters for LDAP functions
- 67 Parameters for error logging
- 68 Parameters for filters
- 69 Parameters for password storage
- 70 Parameters for resource limits
- 71 Parameters for the virtual attribute service
- Part VI Support and other resources
- Glossary
- Index
4. If the method of authentication is LDAP_AUTH_SASL (SASL authentication), the server
determines whether the SASL mechanism (specified in the request) is supported.
If the SASL mechanism is not supported by the server, the server sends an
[LDAP_AUTH_METHOD_NOT_SUPPORTED] result code back to the client and ends the
processing of the bind request.
5. If the method of authentication is LDAP_AUTH_SIMPLE (simple authentication), the server
checks if the DN is an empty string or if there are no credentials.
If the DN is an empty string, if the DN is not specified, or if no credentials are specified, the
server assumes that the client is binding anonymously and sends an [LDAP_SUCCESS]
result code back to the client.
The DN and authentication method for the connection, which are used to determine access
rights for all operations performed through the connection, are left as NULL and
SLAPD_AUTH_NONE, respectively.
6. If the DN specified in the request is not served by this Directory Server (for example, if the
DN is uid=moxcross,dc=example,dc=com, and the directory root of the server is
dc=example,dc=com), the server sends one of the following two results back to the client
and ends the processing of the bind request:
• If the server is configured with a default referral (that is, an LDAP URL which identifies
an LDAP server that handles referrals), the server sends an [LDAP_REFERRAL] result
code back to the client, or [LDAP_PARTIAL_RESULTS] if the client only supports the
LDAPv2 protocol.
• If the server is not configured with a default referral, the server sends an
[LDAP_NO_SUCH_OBJECT] result code back to the client.
7. The server puts the information from the bind request into the parameter block:
• SLAPI_BIND_TARGET is set to the DN as which the client is authenticating.
• SLAPI_BIND_METHOD is set to the authentication method (for example,
LDAP_AUTH_SIMPLE or LDAP_AUTH_SASL).
• SLAPI_BIND_CREDENTIALS is set to the credentials (for example, the password)
included in the request.
• SLAPI_BIND_SASLMECHANISM (if the authentication method is LDAP_AUTH_SASL)
is set to the name of the SASL mechanism that the client is using for authentication.
8. If the DN is the root DN or the update DN (the DN of the master entity responsible for
replicating the directory), the server authenticates the client.
• If the credentials are correct, the server sets the SLAPI_CONN_DN parameter to the DN
and the SLAPI_CONN_AUTHTYPE parameter to LDAP_AUTH_SIMPLE. The server sends
an [LDAP_SUCCESS] result code back to the client and ends the processing of the bind
request.
• If the credentials are incorrect, the server sends an [LDAP_INVALID_CREDENTIALS]
result code back to the client and ends the processing of the bind request.
9. At this point, the server calls any preoperation bind plug-in functions. If the function returns
a nonzero value, the server ends the processing of the bind request.
If you are writing your own plug-in function to handle authentication, you should return a
nonzero value so that the server does not attempt to continue processing the bind request.
10. The server calls the back end bind function. The bind function returns one of the following
values:
70 Defining functions for authentication