Summary of Contents for Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN
Page 1
Plug-in Programmer’s Guide Netscape Directory Server Version 7.0 October 2004...
Page 2
Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law.
Preface This book describes how to write server plug-ins in order to customize and extend the capabilities of the Netscape Directory Server (Directory Server). • What You Should Already Know • Using Directory Server Plug-in APIs • Document Conventions • Where to Find Directory Server Information What You Should Already Know This book assumes you have this basic background:...
Page 22
Using Directory Server Plug-in APIs • The main header file is located here: <server_root>/plugins/slapd/slapi/include/slapi-plugin.h • The location and syntax for the plug-in directives have changed. In the Directory Server 4.x release, the directives were in the database plugin section of the file.
Document Conventions Table 0-1 Deprecated Functions and Their Suggested Replacements (Continued) Deprecated Function Suggested Replacement Function slapi_entry_delete_values() slapi_entry_delete_values_sv() slapi_entry_attr_replace() slapi_entry_attr_replace_sv() slapi_attr_get_values() slapi_attr_value_find() slapi_attr_get_oid() slapi_attr_get_oid_copy() slapi_pw_find() slapi_pw_find_sv() slapi_call_syntax_values2keys() slapi_call_syntax_values2keys_sv() slapi_call_syntax_assertion2keys_ava() slapi_call_syntax_assertion2keys_ava_sv() slapi_call_syntax_assertion2keys_sub() slapi_call_syntax_assertion2keys_sub_sv() slapi_entry_attr_hasvalue() slapi_entry_attr_has_syntax_value() The following internal-operation calls are deprecated. The new internal operation functions that are defined in slapi-plugin.h take a Slapi_PBlock for extensibility and support the new plug-in configuration capabilities.
Where to Find Directory Server Information This book uses Uniform Resource Locators (URLs) of the form http://<server>.<domain>/<path>/<file>.html In these URLs, represents the name of the server on which you run your <server> application (such as represents your Internet research1 <domain> domain name (such as represents the directory structure example.com...
Page 25
Where to Find Directory Server Information • Netscape Directory Server Configuration, Command, and File Reference. Contains information about using the command-line scripts shipped with Directory Server. • Netscape Directory Server Schema Reference. Contains information about the Directory Server schema. • Netscape Directory Server Gateway Customization Guide.
Page 26
Where to Find Directory Server Information Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Part 1 Introduction to Directory Server Plug-ins Chapter 1, “An Overview of Directory Server Plug-ins” Chapter 2, “Writing and Compiling Plug-ins” Chapter 3, “Configuring Plug-ins” Chapter 4, “A Quick Example”...
Page 28
Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 1 An Overview of Directory Server Plug-ins This chapter introduces you to Netscape Directory Server (Directory Server) plug-ins and discusses the different types of plug-ins that you can write. The chapter covers the following topics: • What Are Directory Server Plug-ins? (page 29 ) •...
How Directory Server Plug-ins Work • You can design an action that the Directory Server performs after the server successfully completes an LDAP operation. For example, you can send mail to a client after an LDAP operation is successfully completed. •...
How Directory Server Plug-ins Work Calling Directory Server Plug-in Functions At specific LDAP events, the Directory Server calls all plug-in functions that are registered for that event. For example, before performing an LDAP operation (an add event), the server calls all plug-in functions registered as pre-operation add functions.
Page 32
How Directory Server Plug-ins Work The front-end receives LDAP requests from clients and processes those requests. When processing requests, the front-end calls functions in the backend to read and write data. The front-end then sends the results back to the client. The backend reads and writes data to the database containing the directory entries.
Page 33
How Directory Server Plug-ins Work Figure 1-1 Directory Server Architecture Chapter 1 An Overview of Directory Server Plug-ins...
Types of Directory Server Plug-ins Types of Directory Server Plug-ins You can write the following types of plug-ins for the Directory Server: • Pre-operation/data validation. The server calls a pre-operation/data validation plug-in function before performing an LDAP operation. The main purpose of this type of plug-in is to validate data before the data is added to the directory or before it is used in an operation.
Page 35
Types of Directory Server Plug-ins Figure 1-2 Architecture of the Directory Server and Server Plug-ins Chapter 1 An Overview of Directory Server Plug-ins...
Page 36
Types of Directory Server Plug-ins Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 2 Writing and Compiling Plug-ins This chapter provides an introduction on how to write and compile Netscape Directory Server (Directory Server) plug-ins. chapter 3, “Configuring Plug-ins,” describes how to load your plug-in into the Directory Server configuration once it is successfully compiled.
Writing a Plug-in Function • chapter 10, “Writing Extended Operation Plug-ins” Including the API Header File The interface to the Directory Server plug-in API is located in the header file. You must include this header file in the plug-ins you slapi-plugin.h write.
Writing a Plug-in Function Working with Parameter Blocks In the functions you write, you set values in the parameter block that pertain to the operation you are performing. You can also get data from the parameter block which you can use within your functions. This process is described in the next section, “Getting Data from the Parameter Block,”...
Writing a Plug-in Function Code Example 2-1 Getting Data from the Parameter Block (Continued) /* Indicate the point when the plug-in starts executing */ slapi_log_error( SLAPI_LOG_PLUGIN, "searchdn_preop_search", "*** PREOPERATION SEARCH PLUGIN ***\n"); /* Get the base DN of the search from the parameter block. */ slapi_pblock_get( pb, SLAPI_SEARCH_TARGET, &dn );...
Writing a Plug-in Function Code Example 2-2 Setting Values in the Parameter Block (Continued) "Unable to store database information\n" ); Notice that this example uses the function to notify the user slapi_new_condvar() if an error occurred. In this code example, identifies the parameter in the parameter SLAPI_PRIVATE block that contains private data for use in the database functions.
Writing Plug-in Initialization Functions In some cases, you may need to send an LDAP result back to the client. For example, if you are writing a pre-operation bind function and an error occurs during the processing of the function, the function should return a non-zero value, log an error message, and send the appropriate LDAP result code back to the client.
Writing Plug-in Initialization Functions NOTE You do not need to export all plug-in functions. Specifically, you do not need to export any plug-in function that is specified in the parameter block. Specifying Directory Server Compatibility You need to specify the compatibility version of your plug-in so that the Directory Server can determine whether or not it supports the plug-in.
Writing Plug-in Initialization Functions Code Example 2-3 Specifying Plug-in Information (Continued) /* Set this information in the parameter block */ slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&mypdesc ); This example code specifies the following plug-in information: • The unique identifier for the server plug-in is test-plugin •...
Writing Plug-in Initialization Functions For example, if you want to register as a pre-operation searchdn_preop_search() search function, include the following code in your initialization function: slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_SEARCH_FN, \ (void *) searchdn_preop_search ) is the parameter that specifies the pre-operation SLAPI_PLUGIN_PRE_SEARCH_FN plug-in function for the LDAP operation.
Compiling a Directory Server Plug-in Code Example 2-4 An Example Initialization Function (Continued) if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ) != 0 || /* Set up the server to call searchdn_preop_search() before each LDAP search operation. */ slapi_pblock_set( pb, SLAPI_PLUGIN_PRE_SEARCH_FN, (void *) searchdn_preop_search ) !=0 ) { /* If a problem occurs, log an error message, return -1.*/ slapi_log_error(SLAPI_LOG_PLUGIN,"searchdn_preop_init",...
Page 47
Compiling a Directory Server Plug-in • If you want, you can compile all plug-in functions in a single library. Although you can include different types of plug-in functions in the same library, you need to write separate initialization functions for each type of plug-in function. Refer to chapter 3, “Configuring Plug-ins,”...
Page 48
Compiling a Directory Server Plug-in Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 3 Configuring Plug-ins After you compile your server plug-in, you need to configure the Netscape Directory Server (Directory Server) so that it properly loads your plug-in. The following sections in this chapter show how this is done: • Creating a Plug-in Configuration File (page 49) •...
Page 50
Creating a Plug-in Configuration File Code Example 3-1 An Example Plug-in Configuration File (Continued) 5. cn: Example Plug-in 6. nsslapd-pluginpath: C:/ds60/lib/test-plugin.dll 7. nsslapd-plugininitfunc: searchdn_preop_init 8. nsslapd-plugintype: preoperation 9. nsslapd-pluginenabled: on 10. nsslapd-pluginid: Example Pre-operation Plug-in 11. nsslapd-pluginversion: 1.0 12. nsslapd-pluginvendor: Example Corporation 13.
Creating a Plug-in Configuration File You can also use the Directory Server Console to activate or deactivate the plug-in once the plug-in is loaded. • Line 10 uses the attribute to set the name of the plug-in. nsslapd-pluginid The name that you specify here will show up in the Directory Server Console. In this example, the plug-in identification is set to Example Pre-operation Plug-in...
Creating a Plug-in Configuration File In this example, the plug-in depends on two specifically named plug-ins: . This configuration line indicates that before my_pluginA vendor_plugin your plug-in can be loaded, the two specifically named plug-ins must be loaded. If either of these two plug-ins fail to load, the Directory Server will exit with a error code.
Creating a Plug-in Configuration File Summary of Plug-in Directives The following table summarizes the different types of plug-ins that you can specify in the plug-in configuration file. Table 3-1 Directives for Specifying Different Plug-in Types Directive Description Declares an entry fetch plug-in, which is called by the server after retrieving an entryfetch entry from the default backend database.
Loading the Plug-in Configuration File Table 3-1 Directives for Specifying Different Plug-in Types (Continued) Directive Description Declares an object plug-in. Object plug-ins can install object SLAPI_PLUGIN_START_FN, SLAPI_PLUGIN_CLOSE_FN, and SLAPI_PLUGIN_POSTSTART_FN functions. They can also use the slapi_register_plugin() call to register any kind of plug-in they like. Object plug-ins are typically used to simplify configuration of a group of related plug-ins (one entry under cn=config instead of many).
Passing Extra Arguments to Plug-ins Passing Extra Arguments to Plug-ins In the Directory Server 4.x version, you could specify additional arguments at the end of the directive. For example: plugin plugin preoperation /usr/lib/myplugin.so my_init_fn \ arg1 arg2 From the initialization function and the plug-in functions, you can get these arguments by getting the following parameters from the parameter block.
Setting the Log Level of the Server nsslapd-pluginarg0: d:/netscape/servers/slapd-host/config/slapd-collations.conf nsslapd-pluginId: orderingrule nsslapd-pluginVersion: 6.0 nsslapd-pluginVendor: Netscape Communications Corporation nsslapd-pluginDescription: internationalized ordering rule plugin This method allows for more descriptive configuration, which is easier to maintain. To find the plug-in entry DN, retrieve from the SLAPI_TARGET_DN passed to your start function.
Chapter 4 A Quick Example This chapter provides an example of a pre-operation Netscape Directory Server (Directory Server) server plug-in that you can compile and run. Along with the source code to the example, the chapter provides a Solaris Makefile that you can use to build the plug-in.
An Example Pre-Operation Plug-in Writing the Plug-in Example The following example code includes the sample pre-operation search function and the sample initialization function. Code Example 4-1 Sample Pre-Operation Search and Initialization Functions #include <stdio.h> #include <string.h> #include "slapi-plugin.h" /* function prototypes */ int test_preop_init( Slapi_PBlock *pb );...
Page 59
An Example Pre-Operation Plug-in Code Example 4-1 Sample Pre-Operation Search and Initialization Functions (Continued) from the parameter block and prints the data to the error log. */ test_preop_search( Slapi_PBlock *pb ) char *base, *filter_str, *attr_type, *substr_init, *substr_final; char **substr_any; int scope, deref, filter_type, i; Slapi_Filter *filter;...
Page 60
An Example Pre-Operation Plug-in Code Example 4-1 Sample Pre-Operation Search and Initialization Functions (Continued) break; default: slapi_log_error( SLAPI_LOG_PLUGIN, "SLAPI_SEARCH_DEREF", "unknown value specified: %d\n", deref ); break; /* Get and log the search filter information */ if ( slapi_pblock_get(pb,SLAPI_SEARCH_FILTER, &filter)==0 ) { /* Get and log the filter type */ filter_type = slapi_filter_get_choice( filter );...
An Example Pre-Operation Plug-in Code Example 4-1 Sample Pre-Operation Search and Initialization Functions (Continued) slapi_log_error( SLAPI_LOG_PLUGIN, "\tFinal substring", "%s\n", substr_final ); break; case LDAP_FILTER_PRESENT: slapi_log_error( SLAPI_LOG_PLUGIN, "SLAPI_SEARCH_FILTER", "LDAP_FILTER_PRESENT\n" ); /* For presence filters, get and log the attribute type */ slapi_filter_get_type( filter, &attr_type );...
An Example Pre-Operation Plug-in Code Example 4-2 Example Solaris Makefile # SOLARIS Makefile for Directory Server plug-in examples CC = cc LD = ld INCLUDE_FLAGS = -I../include CFLAGS = $(INCLUDE_FLAGS) -D_REENTRANT -KPIC LDFLAGS = -G OBJS = srchxmpl.o all: srchxmpl.so srchxmpl.so: $(OBJS) $(LD) $(LDFLAGS) -o $@ $(OBJS) .c.o:...
An Example Pre-Operation Plug-in Running the Plug-in Example After compiling the plug-in and registering it with the Directory Server, you’re ready to make calls that are processed by the plug-in functions. The first step is to restart the Directory Server and check the error log to see that the plug-in is properly registered.
Page 64
An Example Pre-Operation Plug-in Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 5 Front-End API Functions The Netscape Directory Server (Directory Server) provides some general-purpose, front-end API functions that allow you to work with the entries in the Directory Server. This chapter explains how to use the front-end API functions to accomplish various tasks;...
Adding Notes to Access Log Entries slapi_log_error( SLAPI_LOG_PLUGIN, "searchdn_preop_search", "*** PREOPERATION SEARCH PLUGIN ***\n"); This call will create the following message in the error log: [01/Oct/1997:02:24:18 -0700] searchdn_preop_search \ - *** PREOPERATION SEARCH PLUGIN *** Make sure that the Directory Server is configured to log messages that have the severity that you specify (for example, ).
Determining If an Operation Was Abandoned • If you are fulfilling a search request and need to send matching entries back to the client, call the function for each entry. slapi_send_ldap_search_entry() • If you need to refer the LDAP request to a different LDAP server, call the function.
Working with Entries, Attributes, and Values When working with entries, you use the datatype to get attribute Slapi_Entry value pairs. The front-end routines listed in Table 5-1 are designed to help you manipulate entries passed in parameter blocks. These functions are described in more detail in the sections that follow the table.
Working with Entries, Attributes, and Values • By copying an existing entry To make a copy of an existing entry, call the routine. This slapi_entry_dup() function returns a pointer to a new entry of the datatype that Slapi_Entry contains the copied data. When you are finished using the entry, you should free it from memory by calling function.
Working with Entries, Attributes, and Values • To convert an LDIF string representation back to an entry of the datatype , call the function. Slapi_Entry slapi_str2entry() This function returns an entry of the datatype . If an error Slapi_Entry occurred during the conversion process, the function returns NULL instead. When you are done working with the entry, you should call the function.
Working with DNs and RDNs Once you find the attribute you are looking for, use slapi_attr_value_find() return the value of that attribute. Iterating through the Attributes in an Entry To iterate through the attributes associated with an entry, call the function to get the first attribute of the entry.
Working with DNs and RDNs If you need to manipulate DNs within parameter blocks, you can call the following front-end routines: Front-End Functions for Manipulating DNs Table 5-2 Function Description Determines if a DN is the root DN (the DN of the slapi_dn_isroot() privileged superuser).
Working with DNs and RDNs To determine if a value is a suffix for a DN, call . To slapi_dn_issuffix() determine if a DN is one of the suffixes served by the backend, call the function. slapi_dn_isbesuffix() Server Suffixes directive in the server configuration file specifies which DNs are suffix served by a particular backend.
Working with Search Filters NOTE These functions operate on the actual DN specified in the argument, not a copy of the DN. If you want to modify a copy of the DN, call to make a copy of the DN. slapi_ch_strdup() Working with Search Filters When a client requests an LDAP...
Working with Search Filters Table 5-3 Front-End Functions for Manipulating Filters (Continued) Function Description Free a filter from memory. slapi_filter_free() Determining If an Entry Matches a Filter After retrieving a filter from the parameter of the SLAPI_SEARCH_FILTER parameter block, you can call the function to determine if slapi_filter_test() entries in your database match the filter.
Working with Search Filters Getting the Search Criteria To get the search criteria specified by a search filter, call one of the following functions: • If the filter type is LDAP_FILTER_EQUALITY LDAP_FILTER_GE , or , you can get the attribute and LDAP_FILTER_LE LDAP_FILTER_APPROX value used in the filter by calling...
Checking Passwords Creating Complex Filters by Combining Filters You can use AND, OR and NOT to combine different filters to create a complex filter. To do this, call the function. slapi_filter_join() function returns the complex filter you’ve created. slapi_filter_join() When you are done using the complex filter, you should free it by calling slapi_filter_free() Filters of the type can have only one component.
Page 80
Checking Passwords Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 6 Writing Pre/Post-Operation Plug-ins This chapter explains how to write functions that the Netscape Directory Server (Directory Server) calls before and after executing an LDAP operation. These functions are called pre-operation and post-operation plug-in functions. • How Pre/Post-Operation Plug-ins Work (page 81) •...
Page 82
How Pre/Post-Operation Plug-ins Work You can also set up the Directory Server to call your own plug-in functions before and after: • Sending an LDAP entry back to the client. • Sending an LDAP result code back to the client. •...
Types of Pre-Operation and Post-Operation Functions Types of Pre-Operation and Post-Operation Functions As is the case with other server plug-in functions, pre-operation functions and post-operation functions are specified in a parameter block that you can set on server startup. Each function corresponds to an ID in the parameter block. In your initialization function, you can call the function to specify slapi_pblock_set()
Types of Pre-Operation and Post-Operation Functions Table 6-1 Functions Called before the Directory Server Executes an Operation (Continued) ID in Parameter Block Description Specifies the function called before the Directory Server SLAPI_PLUGIN_PRE_MODIFY_FN executes an LDAP modify operation. For information on writing this type of function, see “Processing an LDAP Modify Operation,”...
Page 85
Types of Pre-Operation and Post-Operation Functions Table 6-2 Functions Called after the Directory Server Executes an Operation ID in Parameter Block Description Specifies the function called after the Directory Server SLAPI_PLUGIN_POST_BIND_FN executes an LDAP bind operation. For information on writing this type of function, see “Processing an LDAP Bind Operation,”...
Registering Pre/Post-Operation Functions Table 6-2 Functions Called after the Directory Server Executes an Operation (Continued) ID in Parameter Block Description Specifies the function called after the Directory Server sends SLAPI_PLUGIN_POST_ENTRY_FN an entry back to the client (for example, when you call slapi_send_ldap_search_entry(), the post-operation entry function is called after the entry is sent back to the client).
Chapter 7 Defining Functions for LDAP Operations This chapter explains how to write pre-operation and post-operation functions for specific LDAP operations. In general, the functions outlined here use a parameter block to pass information between the plug-in and the Netscape Directory Server (Directory Server).
Specifying Start and Close Functions Specifying Start and Close Functions For each pre-operation and post-operation plug-in, you can specify the name of a function to be called after the server starts and before the server is shut down. Use the following parameters to specify these functions: Specifies the function called after the Directory Server SLAPI_PLUGIN_START_FN starts up.
Processing an LDAP Unbind Operation Your pre-operation and post-operation bind functions should return if successful. If the pre-operation function returns a non-zero value, the post-operation bind function is never called. For information on defining a function that handles authentication, see chapter 8, “Defining Functions for Authentication.”...
Processing an LDAP Search Operation • parameter specifies the pre-operation SLAPI_PLUGIN_PRE_UNBIND_FN function. unbind • parameter specifies the post-operation SLAPI_PLUGIN_POST_UNBIND_FN function. unbind You set these parameters to the names of your functions by calling slapi_pblock_set() Your plug-in functions should return if successful. If the pre-operation function returns a non-zero value, the post-operation unbind function is never called.
Processing an LDAP Search Operation Getting the List of Candidates When the Directory Server receives an LDAP search request, the front-end gets information about the search (such as the scope and base DN). The front-end normalizes the base DN by calling the function and slapi_dn_normalize() determines if the base DN identifies a DSA-specific entry (DSE).
Processing an LDAP Search Operation Parameter ID Data Type Description Slapi_Filter struct (an SLAPI_SEARCH_FILTER Slapi_Filter * opaque data structure) representing the filter to be used in the search. String representation of the filter SLAPI_SEARCH_STRFILTER char * to be used in the search. Array of attribute types to be SLAPI_SEARCH_ATTRS char **...
Page 93
Processing an LDAP Search Operation Parameter ID Data Type Description Set of search results. SLAPI_SEARCH_RESULT_SET void * Entry returned from iterating SLAPI_SEARCH_RESULT_ENTRY void * through the results set. This “next entry” function actually sets this parameter. (Netscape Directory Server 4.x) SLAPI_SEARCH_RESULT_ENTRY_EXT void * Reserved for future use.
Processing an LDAP Compare Operation Processing an LDAP Compare Operation When the Directory Server receives an LDAP compare request from a client, the front-end gets the DN of the entry being compared and the attribute and value being used in the comparison. The front-end makes this information available to pre-operation and post-operation plug-in functions in the form of parameters in a parameter block.
Page 95
Processing an LDAP Add Operation function should check the following: • If the operation has been abandoned, the function should return . (You do not need to call to send an LDAP error code to slapi_send_ldap_result() the client. According to the LDAP protocol, the client does not expect a server response after an operation is abandoned.) •...
Processing an LDAP Modify Operation Processing an LDAP Modify Operation When the Directory Server receives an LDAP request from a client, the modify front-end gets the DN of the entry to be modified and the modifications to be made. The front-end makes this information available to pre-operation and post-operation plug-in functions in the form of parameters in a parameter block.
Processing an LDAP Modify RDN Operation • If the RDN of the entry contains attribute values that are not part of the entry (for example, if the RDN is , but the entry has no value or has uid=bjensen a different value), the function should call slapi_send_ldap_result() send the LDAP error code...
Page 98
Processing an LDAP Modify RDN Operation The modify RDN function should check the following: • If the operation has been abandoned, the function should return . (You do not need to call to send an LDAP error code to slapi_send_ldap_result() the client.
Processing an LDAP Delete Operation Processing an LDAP Delete Operation When the Directory Server receives an LDAP request from a client, the delete front-end gets the DN of the entry to be removed from the directory. The front-end makes this information available to pre-operation and post-operation plug-in functions in the form of parameters in a parameter block.
Page 100
Processing an LDAP Abandon Operation Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 8 Defining Functions for Authentication This chapter explains how to write a plug-in function to bypass or replace the standard function for authentication with your own function. Information on authentication with the Netscape Directory Server (Directory Server) is organized in the following sections: •...
How the Directory Server Identifies Clients • Simple Authentication and Security Layer (SASL) is described in RFC 2222, which you can find at http://www.ietf.org/rfc/rfc2222.txt SASL provides the means to use mechanisms other than simple authentication and SSL to authenticate to the Directory Server. How the Directory Server Identifies Clients The server keeps track of the identity of the LDAP client through the parameters.
Page 103
How the Authentication Process Works If the method of authentication is (SASL authentication), the LDAP_AUTH_SASL server determines whether or not the SASL mechanism (specified in the request) is supported. If the SASL mechanism is not supported by the server, the server sends an result code back to the client and ends the LDAP_AUTH_METHOD_NOT_SUPPORTED processing of the bind request.
Page 104
How the Authentication Process Works If the credentials are correct, the server sets the SLAPI_CONN_DN parameter to the DN and the parameter to SLAPI_CONN_AUTHTYPE . The server sends an result code back LDAP_AUTH_SIMPLE LDAP_SUCCESS to the client and ends the processing of the request.
Writing Your Own Authentication Plug-in Writing Your Own Authentication Plug-in A situation may arise in which you may want to write and implement your own function for authentication; that is, replace the standard means of authentication with your own function. You can write a pre-operation bind plug-in function (a function that the server calls before processing an LDAP request) that bind...
Page 106
Writing a Pre-Operation Bind Plug-in Figure 8-1 Using a Pre-Operation Bind Plug-in Function to Handle Authentication Figure 8-2 illustrates the steps that your pre-operation bind plug-in function must take to authenticate LDAP clients to the Directory Server. Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Writing a Pre-Operation Bind Plug-in Figure 8-2 How Your Pre-Operation Bind Plug-in Function Can Authenticate LDAP Clients Defining Your Authentication Function The following sections cover guidelines that you can follow when defining your authentication function: • Getting and Checking the Bind Parameters •...
Writing a Pre-Operation Bind Plug-in • — A structure containing the credentials SLAPI_BIND_CREDENTIALS berval sent by the client. If you plan to support authentication through SASL mechanisms, you should also get the value of the parameter (a string value SLAPI_BIND_SASLMECHANISM specifying the name of the SASL mechanism to use for authentication).
Writing a Pre-Operation Bind Plug-in • — Means Secure Hashing Algorithm and can be defined using the plug-in. -password-storage-scheme • — Means Salted Secure Hashing Algorithm and can be defined using the SSHA plug-in. ssha-password-storage-scheme If you need to compare the client’s credentials against the value of the attribute, you can call the function.
Writing a Pre-Operation Bind Plug-in This sets the DN and authentication method for the connection to the client. (The server uses this DN and method in subsequent operations when checking access rights.) You can set to one of the following values: SLAPI_CONN_AUTHTYPE represents no authentication.
Writing a Pre-Operation Bind Plug-in If you do not register your SASL mechanism, the Directory Server will send an result code back to the client and will not call LDAP_AUTH_METHOD_NOT_SUPPORTED your pre-operation bind function. NOTE Be sure to check this source file for an example of a pre-operation plug-in function for SASL authentication with LDAP bind operations: <server_root>/plugins/slapd/slapi/examples/testsaslbind.c Example of a Pre-Operation Bind Plug-in...
Page 112
Writing a Pre-Operation Bind Plug-in Code Example 8-1 Sample Pre-Operation Bind Function (Continued) Slapi_Entry *e = NULL; Slapi_Entry **entries = NULL; Slapi_Attr *attr = NULL; /* Log a message to the server error log. */ slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind", "Pre-operation bind function called.\n" ); /* Gets parameters available when processing an LDAP bind operation.
Page 113
Writing a Pre-Operation Bind Plug-in Code Example 8-1 Sample Pre-Operation Bind Function (Continued) if ( slapi_entry_attr_find( e, "userpassword", &attr ) != 0 slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind", "Entry has no userpassword attribute\n" ); rc = LDAP_INAPPROPRIATE_AUTH; break; slapi_attr_get_values( attr, &pwvals ); if ( slapi_pw_find( pwvals, credentials ) != 0 ) { slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind", "Credentials are not correct for the entry\n"...
Writing a Pre-Operation Bind Plug-in Code Example 8-1 Sample Pre-Operation Bind Function (Continued) break; /* This plug-in does not support any other method of authentication */ case LDAP_AUTH_SASL: default: slapi_log_error( SLAPI_LOG_PLUGIN, "test_bind", "Unsupported authentication method requested: %d\n", method ); rc = LDAP_AUTH_METHOD_NOT_SUPPORTED; break;...
Using SASL with an LDAP Client nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: test-bind Check this source file for an example of a pre-operation plug-in function that handles authentication: <server_root>/plugins/slapd/slapi/examples/testbind.c Using SASL with an LDAP Client If you intend to use SASL as the method for authenticating clients, you need to enable your LDAP clients to use SASL.
Page 117
Using SASL with an LDAP Client • is a pointer to an array of structures representing serverctrls LDAPControl the LDAPv3 server controls that you want passed to the server for the bind operation. • is a pointer to an array of structures representing clientctrls LDAPControl...
Page 118
Using SASL with an LDAP Client • is the connection handle, which is a pointer to the LDAP structure containing information about the connection to the LDAP server. • is a pointer to the structure containing the results that you LDAPMessage want to parse.
Page 119
Using SASL with an LDAP Client Code Example 8-3 LDAP Client Authenticating Using SASL Method (Continued) if ( ldap_sasl_bind_s( ld, "uid=bjensen,ou=people,o=example.com", "babsmechanism", &cred, NULL, NULL, &servcred ) != LDAP_SUCCESS ) { ldap_perror( ld, "ldap_sasl_bind_s" ); return( 1 ); /* get and print the credentials returned by the server */ printf( "Server credentials: %s\n", servcred->bv_val );...
Page 120
Using SASL with an LDAP Client Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 9 Writing Entry Store/Fetch Plug-ins This chapter describes how to write entry store and entry fetch plug-ins. You can use these types of plug-ins to invoke functions before and after data is read from the default database. The chapter contains the following sections: •...
Writing Entry Store/Fetch Functions Figure 9-1 How the Server Calls Entry Store and Entry Fetch Plug-in Functions Writing Entry Store/Fetch Functions Unlike most other types of plug-in functions, entry store and entry fetch plug-in functions are not passed a parameter block when called. Instead, entry store and entry fetch plug-in functions must have the following prototype: void function_name( char **entry, unsigned long *len );...
Registering Entry Store/Fetch Functions Pointer to a string specifying the entry in LDIF format; for entry details on this format, see “slapi_filter_free(),” on page 361. Pointer to the length of the entry string. Since the text of the entry is passed in as an argument, you can modify the entry before it gets saved to disk and modify the entry after it is read from disk.
Page 126
Registering Entry Store/Fetch Functions plugin entrystore [on|off] "<name of plugin>" \ <library_name> <function_name> plugin entryfetch [on|off] "<name of plugin>" \ <library_name> <function_name> is the name and path to your shared library or dynamic link <library_name> library, and is the name of your plug-in function. <function_name>...
Chapter 10 Writing Extended Operation Plug-ins This chapter explains how to write plug-in functions to handle extended operations. Extended operations are are defined in the LDAP v3 protocol. The chapter contains the following sections: • How Extended Operation Plug-ins Work (page 127) •...
Writing Extended Operation Functions Writing Extended Operation Functions Like other plug-in functions, extended operation functions pass a single parameter block ( ) and return an integer value, as shown in the Slapi_PBlock following example declaration: int my_ext_func( Slapi_PBlock *pb ); Extended operation functions should return a value of if they are successful and a non-zero value if they are unsuccessful.
Registering Extended Operation Functions • If your function cannot handle the extended operation with the specified OID, your function should return the value . The front-end will send an SLAPI_PLUGIN_EXTENDED_NOT_HANDLED result code (with an “unsupported extended operation LDAP_PROTOCOL_ERROR error message”) back to the client. For a sample plug-in function (uncompiled C code) that NOTE implements an extended operation, check this file:...
Page 130
Registering Extended Operation Functions Code Example 10-1 Sample Initialization Function for Passing an OID (Continued) /* Get the number of additional arguments and copy them. */ for ( i = 0; argv[i] != NULL; i++ ) oids = (char **) slapi_ch_malloc( (i+1) * sizeof(char *) ); for ( i = 0;...
Specifying Start and Close Functions nsslapd-pluginEnabled: on nsslapd-plugin-depends-on-type: database nsslapd-pluginId: test-extendedop nsslapd-pluginarg0: 1.2.3.4 For an example plug-in function that implements an extended operation, take a look at this source file: <server_root>/plugins/slapd/slapi/examples/testextendedop.c In Netscape Directory Server 4.x, add this directive to the file: slapd.ldbm.conf plugin extendedop [on|off] "<name of plugin>"...
Page 132
Specifying Start and Close Functions Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 11 Writing Matching Rule Plug-ins This chapter explains how to write plug-in functions that handle matching rules. Matching rule plug-in functions are described in the following sections: • Understanding Matching Rules (page 133) • Understanding Matching Rule Plug-ins (page 135) •...
Understanding Matching Rules Extensible Match Filters In an extensible match filter, the client specifies that it wants to use the matching rule to compare a specified value against the values of entries in the directory. (For example, an extensible match filter might find all entries in which the attribute “sounds like”...
Understanding Matching Rule Plug-ins Extensible Match Filters in the Directory Server Directory Serveralready includes support for certain matching rules, which are used to determine the collation order and operator for searches of international data. You can enable the Directory Server to handle your own matching rules for extensible match searches by defining your own matching rules plug-ins and registering them with the server.
Understanding Matching Rule Plug-ins When the server starts up and loads the matching rule plug-in, it calls the initialization function. In this function, you pass the server the pointers to the factory functions and the close function. The server calls these functions when needed.
Understanding Matching Rule Plug-ins How the Server Associates Plug-ins with OIDs When the server encounters the OID for a matching rule, it attempts to find the plug-in associated with that matching rule. If no plug-in is associated with the matching rule, the server calls each matching rule plug-in to find one that handles the specified matching rule.
Understanding Matching Rule Plug-ins Finding a Plug-in for Searching To determine which matching rule plug-in is responsible for handling an extensible match filter for a given matching rule (based on its OID), the server does the following for each plug-in: In a new parameter block, the server sets the following Slapi_PBlock...
Indexing Based on Matching Rules How the Server Uses Parameter Blocks The server uses parameter blocks as a means to pass information to and from plug-in functions. When calling your matching rule plug-in functions, the server will create a new parameter block, set some input parameters, and pass the Slapi_PBlock parameter block to your function.
Indexing Based on Matching Rules The server gets the OID returned in the parameter and SLAPI_PLUGIN_MR_OID associates this OID with the rest of the attribute indexing information (such as the attribute type and the type of index) for future reference. When adding, modifying, or deleting the values of an attribute, the server will check this information to determine if the attribute is indexed.
Indexing Based on Matching Rules When the server is done, it frees any parameter blocks that were allocated during this process. Writing the Indexer Factory Function The indexer factory function takes a single argument. This function Slapi_PBlock should be thread-safe. The server may call this function concurrently. The indexer factory function should do the following: Get the OID from the parameter, and determine...
Indexing Based on Matching Rules Set the parameter to the function SLAPI_PLUGIN_DESTROY_FN responsible for freeing any memory allocated by the factory function, such as the indexer object. See “Writing a Destructor Function,” on page 153, for details. Return (or the result code ) if everything completed LDAP_SUCCESS successfully.
Indexing Based on Matching Rules Table 11-1 Input and Output Parameters Available to an Indexer Factory Function (Continued) Parameter Name Data Type Description Input parameter. Pointer to any private data SLAPI_PLUGIN_PRIVATE void * originally specified in the initialization function. See “Writing an Initialization Function,”...
Handling Extensible Match Filters Getting and Setting Parameters in Indexer Functions The following table summarizes the different parameters that the indexer function should get and set in the parameter block that is passed in. Input and Output Parameters Available to an Indexer Function Table 11-2 Parameter Name Data Type...
Handling Extensible Match Filters How the Server Handles the Filter When the server processes a search request that has an extensible match filter, the server does the following: First, the server finds the plug-in associated with this OID, if an association between the OID and plug-in has already been made.
Handling Extensible Match Filters The server calls the filter matching function (which is specified in the parameter), passing in the filter SLAPI_PLUGIN_MR_FILTER_MATCH_FN object, the entry, and the attributes of the entry. If the entry does not match but the search request also specifies that the attributes in the DN should be searched, the server calls the filter matching function again, passing in the filter object, the entry, and the attributes in the DN.
Handling Extensible Match Filters If the query operator is , the server attempts to find the keys in SLAPI_OP_EQUAL the index that match the value specified in the search filter. In the case of the other query operators, the server attempts to find ranges of keys that match the value. Writing a Filter Factory Function The filter factory function takes a single argument.
Handling Extensible Match Filters Set the following parameters: Set the parameter to the official OID of the SLAPI_PLUGIN_MR_OID matching rule if the value of that parameter is not the official OID. Optional. Set the parameter to the filter object. SLAPI_PLUGIN_OBJECT Set the parameter to the filter SLAPI_PLUGIN_MR_FILTER_INDEX_FN...
Handling Extensible Match Filters Table 11-4 Input and Output Parameters Available to a Filter Factory Function (Continued) Parameter Name Data Type Description Input parameter. Pointer to any SLAPI_PLUGIN_PRIVATE void * private data originally specified in the initialization function. See “Writing an Initialization Function,”...
Handling Extensible Match Filters Set the parameter to the attribute type in the SLAPI_PLUGIN_MR_TYPE filter object. Set the parameter to the values in the filter SLAPI_PLUGIN_MR_VALUES object. Set the parameter to the query SLAPI_PLUGIN_MR_QUERY_OPERATOR operator that corresponds to this search filter. See “Query Operators in Matching Rules,”...
Handling Extensible Match Filters Table 11-5 Input and Output Parameters Available to a Filter Index Function (Continued) Parameter Name Data Type Description Output parameter. Official matching SLAPI_PLUGIN_MR_OID char * rule OID (if any) specified in the extensible match filter. Output parameter. Attribute type (if SLAPI_PLUGIN_MR_TYPE char * any) specified in the extensible...
Handling Sorting by Matching Rules Find the corresponding attribute in the attributes passed into the function. Make sure to check for subtypes of an attribute (for example, ) in cn=lang-ja the filter and in the attributes specified by attrs You can call the function to compare the attribute slapi_attr_type_cmp() in the filter against the attributes passed in as arguments.
Writing a Destructor Function The server calls the indexer function (specified by the parameter). SLAPI_PLUGIN_MR_INDEXER_FN Next, the server gets the value of the parameter, SLAPI_PLUGIN_MR_KEYS which is an array of structures containing the keys corresponding berval to the values. The server compares the keys to sort the results. Writing a Destructor Function The server calls the destructor function to free any memory that you’ve allocated;...
Page 154
Writing an Initialization Function In order to add your plug-in to that internal list, you need to write an initialization function. The initialization function takes a single Slapi_PBlock argument. The function should set the following parameters: • parameter should be set to the SLAPI_PLUGIN_MR_FILTER_CREATE_FN filter factory function.
Registering Matching Rule Functions Table 11-7 Input and Output Parameters Available to a Matching Rule Plug-in Initialization Function Parameter Name Data Type Description Output parameter. The factory SLAPI_PLUGIN_MR_INDEXER_CREATE_FN void * function used for creating (function pointer) indexers. Output parameter. The close SLAPI_PLUGIN_CLOSE_FN void * function, which the server calls...
Specifying Start and Close Functions is the name of your initialization function, and <init_fn_name> is the name and path of the library where the function is <library_name> defined. For example, the following directive registers the initialization function named , which is defined in the library my_init_fn() /usr/ns/myplugin.so plugin matchingrule on "my matching rule plugin"...
Chapter 12 Using the Custom Distribution Logic The distribution plug-in provided with Netscape Directory Server (Directory Server) distributes a flat namespace, allowing you to associate several databases with a single suffix. This chapter contains the following sections: • About Distributing Flat Namespaces (page 157) •...
Creating a Distribution Function Because the number of users is too large, you decide to distribute the entries according to the first letter of each user’s last name, assigning each letter to a separate database. To do this, you need to create your own distribution function. Your function determines how each operation received by the suffix is ou=users...
Page 159
Creating a Distribution Function Each time the server gets a request for a suffix that contains the distribution function, the function is called. The function then decides which database (backend) processes the request. The decision made by the function is based on some piece of information present in the pblock at the time of the request, such as the entry DN, a hash function, the time of day, or the type of operation.
Adding the Distribution Function to Your Directory You can create the root entry in two ways: • Import the same LDIF file into each database using the ldif2db command-line utility. This LDIF file should contain the root entry as well as data that you want to distribute across the databases.
Adding the Distribution Function to Your Directory Adding Multiple Databases to a Single Suffix The following procedures describe adding multiple databases to a suffix using the Console and the command-line. Using the Console In the Directory Server Console, select the Configuration tab. Expand the Data tree, and select the suffix to which you want to add another database.
Adding the Distribution Function to Your Directory The entry added corresponds to a database named that contains the data Data2 for the root suffix ou=people,dc=example,dc=com The database name, given in the DN attribute, must correspond with one of the values in the attribute of the suffix entry.
Using the Distribution Logic Examples Using the Distribution Logic Examples The directory provides three distribution logic examples. The examples illustrate the following: • Distributing entries based on the first letter of their RDN alpha_distribution The example uses as many databases as you like to contain the data. For example, if you create 3 databases for a single suffix, entries starting with the letters A-I to database 0, entries starting with the letters J-R go to database 1, and entries starting with the letters S-Z go to database 2.
Custom Distribution Checklist Windows distrib-plugin.dll Imagine you want to use the hash distribution function on a Solaris machine. First create a suffix. Then create several databases under that suffix. Next, import the suffix entry to each of the databases you created. Finally, add the following lines to the suffix: nsslapd-distribution-plugin: /plugin/distrib-plugin.so nsslapd-distribution-funct: hash_distribution...
Chapter 13 Using Data Interoperability Plug-ins This chapter explains how to use the Data Interoperability (DIOP) feature of Netscape Directory Server (Directory Server). The DIOP feature refers to Directory Server’s ability to work with a proprietary database, instead of the default database created during installation.
Installing Directory Server Installing Directory Server This section explains how to install Directory Server in order to test and use the DIOP feature. • Understanding Deployment Configuration • Installing Two Instances of Directory Server Understanding Deployment Configuration To verify whether the DIOP feature works in Directory Server, your deployment must comprise two instances of Directory Server: •...
Page 167
Installing Directory Server Table 13-1 Plug-in Status in DIOP-Enabled Directory Server (Continued) Default Directory Server Plug-ins Unsupported Plug-ins (Indicated by X) (Names as they appear in the Directory Server Console) ACL preoperation Binary Syntax Boolean Syntax Case Exact String Syntax Case Ignore String Syntax chaining database Class of Service...
Page 168
Installing Directory Server Table 13-1 Plug-in Status in DIOP-Enabled Directory Server (Continued) Default Directory Server Plug-ins Unsupported Plug-ins (Indicated by X) (Names as they appear in the Directory Server Console) State Change Telephone Syntax UID Uniqueness URI Syntax Views CLEAR CRYPT NS-MTA-MD5 SSHA...
Page 169
Installing Directory Server In the above figure, is the configuration Directory slapd-<configInstance> Server and is the Directory Server instance with the DIOP slapd-<diopInstance> plug-in turned on. • The management and administration of is done via slapd-<configInstance> the corresponding Directory Server Console, accessible from within Netscape Console.
Installing Directory Server /usr/netscape/servers/slapd-<diopInstance> where is the default installation directory. In the /usr/netscape/servers sections that follow, the installation directory is identified as <server_root> • After you install the two instances, you designate the second Directory Server instance ( ) for testing the DIOP feature. slapd-<diopInstance>...
Enabling the DIOP Feature in Directory Server Use Netscape Console to create a new/second instance of Directory Server in Figure 13-1). slapd-<diopInstance> In the navigation pane, select the Server Group, right click, select “Create Instance of Netscape Directory Server,” and follow the prompts. Disable the unsupported plug-ins in the second instance ), which you will use for enabling the DIOP plug-in.
Using the DIOP Feature In the text editor, open the file. dse.ldif The file is located in the directory. <server_root>/slapd-<diopInstance>/config/dse.ldif Add the above mentioned entry, save your changes, and close the file. Restart the server. <server_root>/slapd-<diopInstance>/start-server • By using the command.
Page 173
Using the DIOP Feature • If you want to use the sample plug-in, first build the plug-in, and then load it into the server: Shut down your DIOP-enabled Directory Server. Go to the directory in which the sample plug-in is located. cd <server_root>/plugins/slapd/slapi/examples Build the plug-in.
Sample DIOP Plug-in Shut down your DIOP-enabled Directory Server. Open the <server_root>/slapd-<diopInstance>/config/dse.ldif file in a text editor. Delete the entry, which holds cn=datainterop,cn=plugins,cn=config the plug-in information. Restart the server to load the modified configuration. You can also use the command to make these changes. ldapmodify Sample DIOP Plug-in To help you understand the DIOP feature, a sample DIOP plug-in is included...
Page 175
Sample DIOP Plug-in In the following table, the various required elements of the pre-operation plug-in are identified by the function calls used in the (to illustrate the testdatainterop.c use and simplify understanding). Table 13-2 Elements of Pre-Operation Plug-in Description of the #define PLUGIN_NAME "nullsuffix-preop"...
Sample DIOP Plug-in Table 13-2 Elements of Pre-Operation Plug-in (Continued) Sparse Tree Support Any modifications done to the server on the null suffix are processed by the plug-in. The plug-in writes the DN of all modifications received to a standalone BerkleyDB, and trying a simple test using LDIF entries without the required object classes or parent entries will still get processed by the server, populating the database created by the plug-in.
Plug-in API Reference Plug-in API Reference This section contains reference information on APIs that enable the following: • Preserving the Default Behavior of the Server • Bypassing Access Control Checks Preserving the Default Behavior of the Server Directory Server implements internal backends for supporting subtrees , and , which are the reserved naming contexts cn=config...
Page 178
Plug-in API Reference Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 14 Data Type and Structure Reference This chapter summarizes the data types and structures that you can use when writing Netscape Directory Server (Directory Server) plug-in functions. Summary of Data Types and Structures The functions in the server plug-in API use the following data types and structures: Data Types and Structures Description Represents binary data that is encoded...
Page 182
Summary of Data Types and Structures Data Types and Structures Description Specifies the prototype for a callback send_ldap_referral_fn_ptr_t function that you can write to send LDAPv3 referrals (search result references) back to the client. Specifies the prototype for a callback send_ldap_result_fn_ptr_t function that you can write to send LDAP result codes back to the client.
Summary of Data Types and Structures Data Types and Structures Description Represents an operation pending from an Slapi_Operation LDAP client. Contains name-value pairs that you can Slapi_PBlock get or set for each LDAP operation. Represents information about a server Slapi_PluginDesc plug-in.
Summary of Data Types and Structures Use a structure when working with attributes that contain binary data berval (such as a JPEG or audio file). computed_attr_context Represents information used for a computed attribute. Syntax typedef struct _computed_attr_context computed_attr_context; Description is the data type for an opaque structure that represents computed_attr_context information about a computed attribute.
Page 185
Summary of Data Types and Structures Specifies whether the control is critical to the operation. This ldctl_iscritical field can have one of the following values: • LDAP_OPT_ON specifies that the control is critical to the operation. • LDAP_OPT_OFF specifies that the control is not critical to the operation.
Summary of Data Types and Structures To ..Call this function Retrieve an allocated array of object slapi_get_supported_controls_copy() identifiers (OIDs) representing the controls supported by the Directory Server. LDAPMod Specifies changes to an attribute in an directory entry. Syntax typedef struct ldapmod { int mod_op;...
Page 187
Summary of Data Types and Structures The operation to be performed on the attribute and the type of data mod_op specified as the attribute values. This field can have one of the following values: #define LDAP_MOD_ADD 0x00 #define LDAP_MOD_DELETE 0x01 #define LDAP_MOD_REPLACE 0x02 #define LDAP_MOD_BVALUES...
Page 188
Summary of Data Types and Structures Code Example 14-1 Sample Code for Changing the Email Address of a User’s Entry Slapi_PBlock *rcpb; LDAPMod attribute1; LDAPMod *list_of_attrs[2]; char *mail_values[] = { "bab@example.com", NULL }; char *dn; /* Identify the entry that you want changed */ dn = "cn=Barbara Jensen, ou=Product Development, o=Ace Industry, c=US";...
Summary of Data Types and Structures See Also Slapi_Mod Slapi_Mods mrFilterMatchFn pecifies the prototype for a filter matching callback function. Syntax #include "slapi-plugin.h" typedef int (*mrFilterMatchFn) (void* filter, Slapi_Entry* entry, Slapi_Attr* attrs); Parameters This function has the following parameters: Pointer to the filter structure created by your filter factory function. (For filter details, see “Writing a Filter Factory Function.”) Pointer to the Slapi_Entry structure representing the candidate entry...
Summary of Data Types and Structures You need to define the filter matching function, which is the function that has prototype specified by . The server calls this function for each mrFilterMatchFn potential matching candidate entry. The server passes pointers to a filter structure that you create in your filter factory function (see “...
Summary of Data Types and Structures The LDAP referral entry callback function will be called once for each referral entry found by a search operation, which means it could be called zero or any number of times. parameter can be used to pass arbitrary plug-in or callback_data operation-specific information to a referral entry callback function.
Summary of Data Types and Structures plugin_search_entry_callback This typedef is used for LDAP search entry callback functions, which are plug-in defined functions that process LDAP entries that are located by an internal search. Syntax #include "slapi-plugin.h" typedef int (*plugin_search_entry_callback)(Slapi_Entry *e, void *callback_data);...
Page 193
Summary of Data Types and Structures Syntax #include "slapi-plugin.h" typedef int (*send_ldap_referral_fn_ptr_t)( Slapi_PBlock *pb, Slapi_Entry *e, struct berval **refs, struct berval ***urls); Parameters The function has the following parameters: Parameter block. Pointer to the Slapi_Entry structure representing the entry with which you are working.
Summary of Data Types and Structures send_ldap_result_fn_ptr_t specifies the prototype for a callback function that send_ldap_result_fn_ptr_t you can write to send LDAP result codes back to the client. You can register your function so that it is called whenever the function is slapi_send_ldap_result() called.
Summary of Data Types and Structures In your plug-in initialization function, register your function for sending results to the client by setting the SLAPI_PLUGIN_PRE_RESULT_FN parameter, depending on the type of plug-in SLAPI_PLUGIN_POST_RESULT_FN and if it is a pre-operation or post-operation, respectively, in the parameter block to the name of your function.
Summary of Data Types and Structures See Also slapi_send_ldap_search_entry() Slapi_Attr Represents an attribute in an entry. Syntax #include "slapi-plugin.h" typedef struct slapi_attr Slapi_Attr; Description is the data type for an opaque structure that represents an attribute Slapi_Attr in a directory entry. In certain cases, your server plug-in may need to work with an entry’s attributes.
Summary of Data Types and Structures To ..Call this function Initialize a valueset in a Slapi_Attr slapi_attr_set_valueset() structure from a specified Slapi_ValueSet structure. Get information about the plug-in slapi_attr_type2plugin() responsible for handling an attribute type. Compare two attribute names to slapi_attr_types_equivalent() determine if they represent the same attribute.
Page 198
Summary of Data Types and Structures The following table summarizes the front-end API functions that you can call to work with the backend operations. To ..Call this function Add the specified suffix to the slapi_be_addsuffix() given backend and increment the backend's suffix count.
Summary of Data Types and Structures To ..Call this function Verify if the backend is private. slapi_be_private() Find the backend that should be slapi_be_select() used to service the entry with the specified DN. Find the backend that matches by slapi_be_select_by_instance_name() the name of the backend.
Summary of Data Types and Structures Parameters The function has the following parameters: Pointer or reference to the address of the specified function. handle Name of the backend. be_name Old backend state. old_be_state New backend state. new_be_state Description function enables a plug-in to slapi_register_backend_state_change() register for callback when the state of a backend changes.
Summary of Data Types and Structures Syntax #include "slapi-plugin.h" typedef int (*slapi_compute_callback_t) (computed_attr_context *c, char* type, Slapi_Entry *e, slapi_compute_output_t outputfn); Parameters The function has the following parameters: Pointer to the computed_attr_context structure containing information relevant to the computed attribute. Attribute type of the attribute to be generated. type Pointer to the Slapi_Entry structure representing the entry to be sent back to the client.
Page 202
Summary of Data Types and Structures Syntax #include "slapi-plugin.h" typedef int (*slapi_compute_output_t) (computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e); Parameters The function has the following parameters: Returns One of the following values: • if the function successfully BER-encodes the computed attribute and adds it to the BER element to be sent to the client.
Summary of Data Types and Structures In the example above, the function slapi_compute_output_t outputfn passed in as an argument to function. After generating the my_compute_callback computed attribute, you need to call , passing it the context, the newly outputfn created attribute, and the entry. BER-encodes the attribute and appends outputfn it to the BER element to be sent to the client.
Summary of Data Types and Structures To ..Call this function Create a new condition variable. slapi_new_condvar() Send notification about a condition slapi_notify_condvar() variable. Wait for a condition variable. slapi_wait_condvar() Slapi_DN Represents a distinguished name in a directory entry. Syntax #include "slapi-plugin.h"...
Summary of Data Types and Structures To ..Call this function Convert a DN to canonical format slapi_dn_normalize() by normalizing the case and the format. Handle a DN in the syntax defined by RFC 22 and RFC 1779. To handle some syntaxes compatible with older versions of Directory Server, all of the syntaxes in the above RFC's may not be...
Page 206
Summary of Data Types and Structures To ..Call this function Generate an LDIF string slapi_entry2str() description. Generate an LDIF string slapi_entry2str_with_options() descriptions with options. Add components in an entry's slapi_entry_add_rdn_values() RDN. Add a string value to an attribute slapi_entry_add_string() in an entry.
Page 207
Summary of Data Types and Structures To ..Call this function Set the first value as a string. slapi_entry_attr_set_charptr()) Set the first value as an integer. slapi_entry_attr_set_int() Set the first value as a long. slapi_entry_attr_set_long() Set the first value as an unsigned slapi_entry_attr_set_uint() integer.
Summary of Data Types and Structures To ..Call this function Check if values present in an slapi_entry_rdn_values_present() entry's RDN are also present as attribute values. Determine if an entry complies slapi_entry_schema_check() with the schema for its object class. Set the DN of an entry.
Summary of Data Types and Structures To ..Call this function Determine if an entry matches a filter’s criteria. slapi_filter_test_ext() Get the filter type. slapi_filter_get_choice() Get the attribute type and value used for slapi_filter_get_ava() comparison in a filter (only applicable to LDAP_FILTER_EQUALITY, LDAP_FILTER_GE, LDAP_FILTER_LE, and LDAP_FILTER_APPROX searches).
Summary of Data Types and Structures To ..Call this function Compare two berval structures to slapi_berval_cmp() determine if they are equal. Call the indexer function associated slapi_mr_filter_index() with an extensible match filter. Free the specified matching rule slapi_matchingrule_free() structure (and optionally, its members) from memory.
Page 211
Summary of Data Types and Structures To ..Call this function Add a value to a Slapi_Mod slapi_mod_add_value() structure. Free internals of Slapi_Mod slapi_mod_done() structure. Dump the contents of an LDAPMod slapi_mod_dump() to the server log. Free a Slapi_Mod structure. slapi_mod_free() Initialize a Slapi_Mod iterator and slapi_mod_get_first_value()
Summary of Data Types and Structures To ..Call this function Set the operation type of a slapi_mod_set_operation() Slapi_Mod structure. Set the attribute type of a slapi_mod_set_type() Slapi_Mod. See Also LDAPMod Slapi_Mods Slapi_Mods Represents two or more LDAP modifications to a directory entry Syntax #include "slapi-plugin.h"...
Page 213
Summary of Data Types and Structures To ..Call this function Append a new mod to a slapi_mods_add_mod_values() Slapi_Mods structure, with attribute values provided as an array of Slapi_Value. Append a new mod to slapi_mods_add_string() Slapi_Mods structure with a single attribute value provided as a string.
Summary of Data Types and Structures To ..Call this function Insert an LDAPMod anywhere in a slapi_mods_insert_at() Slapi_Mods. Insert an LDAPMod into a slapi_mods_insert_before() Slapi_Mods structure before the current iterator position. Decrement the Slapi_Mods slapi_mods_iterator_backbone() current iterator position. Allocate a new uninitialized slapi_mods_new() Slapi_Mods structure.
Summary of Data Types and Structures Slapi_Operation Represents an operation pending from an LDAP client. Syntax #include "slapi-plugin.h" typedef struct op Slapi_Operation; Description is the data type for an opaque structure that represents an Slapi_Operation operation pending from an LDAP client. The following table summarizes the front-end API functions that you can call to work with mutually exclusive locks.
Page 216
Summary of Data Types and Structures For example, when the plug-in function for an LDAP bind operation is called, the server puts the DN and credentials in the SLAPI_BIND_TARGET parameters of the structure. You can SLAPI_BIND_CREDENTIALS Slapi_PBlock call to get the DN and credentials of the client requesting slapi_pblock_get() authentication.
Summary of Data Types and Structures To ..Call this function Perform an LDAP modify operation slapi_modify_internal_pb() based on a parameter block to modify a directory entry. Set up a parameter block so that it slapi_modify_internal_set_pb() can be used by slapi_modify_internal_pb() for an internal modify operation.
Summary of Data Types and Structures Syntax typedef struct slapi_plugindesc { char *spd_id; char *spd_vendor; char *spd_version; char *spd_description; } Slapi_PluginDesc; Parameters The function has the following parameters: Unique identifier for the server plug-in. spd_id Name of the vendor supplying the server plug-in; for spd_vendor example, example.com.
Page 219
Summary of Data Types and Structures Description is the data type for an opaque structure that represents a relative Slapi_RDN distinguished name in the server plug-in. The following table summarizes the front-end API functions that you can call to work with relative distinguished names. To ...
Summary of Data Types and Structures To ..Call this function Initialize a Slapi_RDN structure slapi_rdn_init_sdn() with an RDN value taken from the DN contained in a given Slapi_RDN. Check if an RDN value is stored in a slapi_rdn_isempty() Slapi_RDN structure.
Summary of Data Types and Structures Description is the data type for an opaque structure that represents the Slapi_UniqueID unique identifier of a directory entry. All directory entries contain a unique identifier. Unlike the distinguished name (DN), the unique identifier of an entry never changes, providing a good way to refer unambiguously to an entry in a distributed/replicated environment.
Page 222
Summary of Data Types and Structures To ..Call this function Convert the value into an unsigned slapi_value_get_ulong() long. Initialize a Slapi_Value structure slapi_value_init() with no values. Initialize a Slapi_Value structure slapi_value_init_berval() from the berval structure. Initialize a Slapi_Value structure slapi_value_init_string() from a string.
Summary of Data Types and Structures Slapi_ValueSet Represents a set of (or a list of Slapi_Value Slapi_Value Syntax #include "slapi-plugin.h" typedef struct slapi_value_set Slapi_ValueSet; Description is the data type for an opaque structure that represents set of Slapi_ValueSet (or a list of Slapi_Value Slapi_Value The following table summarizes the front-end API functions that you can call to...
Chapter 15 Function Reference This chapter contains reference information on Netscape Directory Server (Directory Server) server plug-in API. The server plug-in API includes the following functions: • Distribution Routines (page 226) • Functions for Access Control (page 228) • Functions for Internal Operations and Plug-in Callback (page 234) •...
Distribution Routines distribution_plugin_entry_point() Allows for backend distribution. Syntax #include "slapi-plugin.h" int distribution_plugin_entry_point (Slapi_PBlock *pb, Slapi_DN *target_dn, char **mtn_be_names, int be_count, Slapi_DN * node_dn); Parameters This function takes the following parameters: Pointer to the parameter block of the operation. Pointer to the target DN of the operation. target_dn Pointer to the list of names of backends declared for this node.
Functions for Access Control Functions for Access Control This section contains reference information on access control routines. Table 15-2 Access Control Routines Function Description Determines if the user who is requesting the current operation has the slapi_access_allowed() access rights to perform an operation on a given entry, attribute, or value. Determines if a user has the rights to perform the specified modifications slapi_acl_check_mods() on an entry.
Page 229
Functions for Access Control Permission to add a specified entry. SLAPI_ACL_ADD Permission to compare the specified values of an attribute in SLAPI_ACL_COMPARE an entry. Permission to delete a specified entry. SLAPI_ACL_DELETE Permission to read a specified attribute. SLAPI_ACL_READ Permission to search on a specified attribute or value. SLAPI_ACL_SEARCH Permission to write a specified attribute or value or SLAPI_ACL_WRITE...
Page 230
Functions for Access Control Description Call this function to determine if a user has access rights to a specified entry, attribute, or value. The function performs this check for users who request the operation that invokes this plug-in. For example, suppose you are writing a pre-operation plug-in for the add operation.
Functions for Access Control slapi_pblock_set( pb, SLAPI_BACKEND, be ); nAccessResult = slapi_access_allowed( pb, seObjectEntry, "*", bval, SLAPI_ACL_DELETE); slapi_acl_check_mods() Determines if a user has the rights to perform the specified modifications on an entry. Syntax #include "slapi-plugin.h" int slapi_acl_check_mods( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf );...
Page 232
Functions for Access Control Invalid syntax was specified. LDAP_INVALID_SYNTAX This error can occur if the ACL associated with an entry, attribute, or value uses the wrong syntax. The Directory Server is unable to perform the LDAP_UNWILLING_TO_PERFORM specified operation. This error can occur if, for example, you are requesting write access to a read-only database.
Functions for Access Control Memory Concerns You must free the buffer by calling when you are errbuf slapi_ch_free() finished using the error message. See Also slapi_access_allowed() slapi_ch_free() slapi_acl_verify_aci_syntax() Determines whether the access control items (ACIs) on an entry are valid. Syntax #include "slapi-plugin.h"...
Functions for Internal Operations and Plug-in Callback Functions for Internal Operations and Plug-in Callback This section contains reference information on routines for internal operations and plug-in callbacks. These functions can be used for internal operations based on DN as well as on unique ID. These functions should be used by all new plug-ins, and, preferably, old plug-ins should be changed to use them to take advantage of new plug-in configuration capabilities and to use an extensible interface.
Functions for Internal Operations and Plug-in Callback Parameters This function takes the following parameter: A parameter block that has been initialized using slapi_add_internal_set_pb(). Returns This function returns one of the following values: • if successful. • if an error occurs. If is returned, the field SLAPI_PLUGIN_INTOP_RESULT...
Functions for Internal Operations and Plug-in Callback Returns This function returns one of the following values: • if successful. • if an error occurs. If is returned, the field SLAPI_PLUGIN_INTOP_RESULT of the parameter block should be consulted to determine the precise LDAP result code.
Functions for Internal Operations and Plug-in Callback slapi_modify_internal_pb() Performs an LDAP modify operation based on a parameter block to modify a directory entry. Syntax #include "slapi-plugin.h" int slapi_modify_internal_pb(Slapi_PBlock *pb); Parameters This function takes the following parameter: A parameter block that has been initialized using slapi_modify_internal_set_pb().
Functions for Internal Operations and Plug-in Callback Parameters This function takes the following parameter: A parameter block that has been initialized using slapi_rename_internal_set_pb(). Returns This function returns one of the following values: • if successful. • if an error occurs. If is returned, the field SLAPI_PLUGIN_INTOP_RESULT...
Page 239
Functions for Internal Operations and Plug-in Callback A parameter block that has been initialized using slapi_seq_internal_callback_set_pb(). A pointer to arbitrary plug-in or operation-specific data that you callback_data would like to pass to your callback functions. Callback function that the server calls to send result codes. The function must have the prototype specified by plugin_result_callback.
Functions for Internal Operations and Plug-in Callback This function must have the prototype specified by . You specify this function in the plugin_search_entry_callback psec argument of slapi_search_internal_callback_pb() • You can write a callback function that is invoked when the search operation normally sends LDAPv3 search result references.
Functions for Internal Operations and Plug-in Callback A NULL terminated array of attribute types to return from attrlist entries that match filter. If you specify a NULL, all attributes will be returned. The address of a Slapi_Entry pointer to receive the entry if it ret_entry is found.
Functions for Setting Internal Operation Flags Returns This function returns one of the following values: • if successful. • if an error occurs. If is returned, the field SLAPI_PLUGIN_INTOP_RESULT of the parameter block should be consulted to determine the precise LDAP result code.
Functions for Setting Internal Operation Flags Table 15-4 Internal Operation Flag Routines (Continued) Function Description Performs an internal sequential access operation. slapi_seq_internal_callback_pb() Sets up a parameter block for use by slapi_seq_internal_set_pb() slapi_seq_internal_callback_pb() for an internal sequential-access operation. slapi_add_entry_internal_set_pb() Sets up a parameter block so that it can be used by slapi_add_internal_pb() an internal add operation.
Functions for Setting Internal Operation Flags Description This function populates parameters in the structure so that it can be used pblock for an internal add operation. slapi_add_internal_pb() slapi_add_internal_set_pb() Sets up a parameter block so that it can be used by slapi_add_internal_pb() for an internal add operation.
Functions for Setting Internal Operation Flags • set to DN of the new entry. SLAPI_TARGET_DN • set to request controls, if present. SLAPI_CONTROLS_ARG • set to to add. SLAPI_ADD_ENTRY Slapi_Entry Returns This function returns or one of the LDAP error codes if the entry LDAP_SUCCESS cannot be constructed from the specified attributes due to constraint violation.
Functions for Setting Internal Operation Flags Plug-in identity; a cookie that identifies the plug-in to the plugin_identity Directory Server during an internal operation. This cookie is used by the server to retrieve the plug-in configuration in order to determine whether to allow the operation and which actions to take during the operation processing.
Page 247
Functions for Setting Internal Operation Flags Parameter block populated with modify parameters. DN of the entry to be modified. For unique ID operation, this parameter is used to select the correct backend. Modifications to be applied to the entry. mods List of controls associated with the operation.
Functions for Setting Internal Operation Flags slapi_rename_internal_set_pb() Sets up a parameter block so that it can be used by for an internal rename operation. slapi_modrdn_internal_pb() Syntax #include "slapi-plugin.h" void slapi_rename_internal_set_pb(Slapi_PBlock *pb, const char *olddn, const char *newrdn, const char *newsuperior, int deloldrdn, LDAPControl **controls, const char *uniqueid, Slapi_ComponentId *plugin_identity, int operation_flags);...
Functions for Setting Internal Operation Flags Description This function populates with parameters for use by pblock for an internal rename operation. The function sets slapi_modrdn_internal_pb() the parameter block to contain the following data. For unique ID-based operation: • set to the DN that allows to select the right backend. SLAPI_TARGET_DN •...
Page 250
Functions for Setting Internal Operation Flags Search scope (LDAP_SCOPE_SUBTREE, etc.). scope Search filter. filter Attributes to be returned. attrs Flag specifying whether to return just attribute names or names attrsonly and values. List of controls associated with the operation. controls Unique identifier of the entry.
Functions for Setting Internal Operation Flags • set to the search filter. SLAPI_SEARCH_STRFILTER • set to request controls, if present. SLAPI_CONTROLS_ARG • set to the list of attributes to return. SLAPI_SEARCH_ATTRS • indicates whether attribute values should be SLAPI_SEARCH_ATTRSONLY returned. slapi_seq_internal_callback_pb() Performs internal sequential access operation.
Functions for Setting Internal Operation Flags slapi_seq_internal_set_pb() Sets up a parameter block for use by slapi_seq_internal_callback_pb() an internal, sequential-access operation. Syntax #include "slapi-plugin.h" void slapi_seq_internal_set_pb(Slapi_PBlock *pb, char *ibase, int type, char *attrname, char *val, char **attrs, int attrsonly, LDAPControl **controls, Slapi_ComponentId *plugin_identity, int operation_flags);...
Functions for Handling Attributes Functions for Handling Attributes This section contains reference information on attribute routines. Table 15-5 Attribute Routines Function Description Adds a value to an attribute. slapi_attr_add_value() Returns the base type of an attribute. slapi_attr_basetype() Duplicates an attribute. slapi_attr_dup() Gets the first value of an attribute.
Functions for Handling Attributes Table 15-5 Attribute Routines (Continued) Function Description Initializes a Slapi_ValueSet structure from another slapi_valueset_set_valueset() Slapi_ValueSet structure. slapi_attr_add_value() Adds a value to an attribute. Syntax #include "slapi-plugin.h" int slapi_attr_add_value(Slapi_Attr *a, const Slapi_Value *v); Parameters This function takes the following parameters: The attribute that will contain the values.
Functions for Handling Attributes Syntax #include "slapi-plugin.h" char *slapi_attr_basetype( char *type, char *buf, size_t bufsiz ); Parameters This function takes the following parameters: Attribute type from which you want to get the base type. type Buffer to hold the returned base type. Size of the buffer.
Functions for Handling Attributes Parameters This function takes the following parameters: The attribute to be duplicated. attr Returns This function returns the newly created copy of the attribute. Description Use this function to make a copy of an attribute. Memory Concerns You must free the returned attribute using slapi_attr_free() See Also...
Functions for Handling Attributes Returns This function returns one of the following values: • , which is the index of the first value. • if NULL or if the value is not found. hint Description Use this function to get the first value of an attribute. This is part of a set of functions to enumerate over an structure.
Functions for Handling Attributes Returns This function returns one of the following values: • if the specified flag is set. • if the specified flag is not set. Description This function determines if certain flags are set for a particular attribute. These flags can identify an attribute as a single-valued attribute, an operational attribute, or as a read-only attribute.
Functions for Handling Attributes Syntax #include "slapi-plugin.h" int slapi_attr_get_bervals_copy( Slapi_Attr *a, struct berval ***vals ); Parameters This function takes the following parameters: Attribute that contains the desired values. Pointer to an array of berval structure pointers to hold the vals desired values.
Functions for Handling Attributes Attribute for which you want to get the flags. attr When you call slapi_attr_get_flags(), this parameter is set to a flags pointer to the flags of the specified attribute. Do not free the flags; the flags are part of the actual data in the attribute, not a copy of the data. To determine which flags have been set, you can bitwise AND the value of the argument with one or more of the following: flags...
Functions for Handling Attributes Attribute containing the values to be counted. Integer to hold the counted values. numValues Returns This function always returns Description This function counts the number of values in an attribute and places that count in an integer. See Also slapi_attr_first_value() slapi_attr_next_value()
Functions for Handling Attributes Description This function replaces the deprecated function, . Use this slapi_attr_get_oid function to search the syntaxes for an attribute type’s OID. Memory Concerns You should free this string using slapi_ch_free() slapi_attr_get_type() Gets the name of the attribute type from a specified attribute. Syntax #include "slapi-plugin.h"...
Functions for Handling Attributes Syntax #include "slapi-plugin.h" int slapi_attr_get_valueset(const Slapi_Attr *a, Slapi_ValueSet **vs); Parameters This function takes the following parameters: Attribute containing the values to be placed into a valueset. Receives values from the first parameter. Returns This function always returns See Also slapi_entry_add_valueset() slapi_valueset_new()
Functions for Handling Attributes The empty attribute to be initialized. Attribute type to be initialized. type Returns This function returns the newly-initialized attribute. Description Use this function to initialize an empty attribute with an attribute type. See Also slapi_attr_new() slapi_attr_free() slapi_attr_dup() slapi_attr_new() Creates a new attribute.
Functions for Handling Attributes slapi_attr_next_value() Gets the next value of an attribute. Syntax #include "slapi-plugin.h" int slapi_attr_next_value( Slapi_Attr *a, int hint, Slapi_Value **v ); Parameters This function takes the following parameters: Attribute contained the desired value. Index of the value to be returned. hint Holds the value of the attribute.
Functions for Handling Attributes Syntax #include "slapi-plugin.h" int slapi_attr_set_valueset(Slapi_Attr *a, const Slapi_ValueSet *vs); Parameters This function takes the following parameters: Pointer to the Slapi_Attr structure, the value set of which you wish to set. Pointer to the Slapi_ValueSet structure from which you want to extract the values.
Functions for Handling Attributes Returns This function returns the copy of the desired normalized attribute or a normalized copy of what was passed in. Description Use this function to search the syntaxes for an attribute type and return its normalized form. Memory Concerns You should free the returned string using slapi_ch_free()
Functions for Handling Attributes See Also slapi_attr_get_type() slapi_attr_type_cmp() slapi_attr_types_equivalent() slapi_attr_basetype() slapi_attr_type_cmp() Compares two attribute types to determine if they are the same. Syntax #include "slapi-plugin.h" int slapi_attr_type_cmp( const char *t1, const char *t2, int opt ); Parameters This function takes the following parameters: Name of the first attribute type that you want to compare.
Functions for Handling Attributes slapi_attr_get_type() slapi_attr_types_equivalent() slapi_attr_basetype() slapi_attr_types_equivalent() Compares two attribute names to determine if they represent the same attribute. Syntax #include "slapi-plugin.h" int slapi_attr_types_equivalent( const char *t1, const char *t2 ); Parameters This function takes the following parameters: Pointer to the first attribute type that you want to compare. Pointer to the second attributed type that you want to compare.
Functions for Handling Attributes Syntax #include "slapi-plugin.h" int slapi_attr_value_cmp( const Slapi_Attr *attr, const struct berval *v1, const struct berval *v2 ); Parameters This function takes the following parameters: Attribute used to determine how these values are compared; for attr example, if the attribute contains case-insensitive strings, the strings are compared without regard to case.
Functions for Handling Attributes Parameters This function takes the following parameters: Attribute that you want to check. Pointer to the berval structure containing the value for which you want to search. Returns This function returns one of the following values: •...
Functions for Managing Backend Operations Description Use this function to create a valueset that contains the changes from smod See Also slapi_mods_init() slapi_mods_free() slapi_mods_done() Functions for Managing Backend Operations This section contains reference information on routines that help you deal with backends.
Functions for Managing Backend Operations Backend Routines (Continued) Table 15-6 Function Description Creates a new backend structure, allocates memory for it, and slapi_be_new() initializes values for relevant parameters. Verifies if the backend is private. slapi_be_private() Finds the backend that should be used to service the entry slapi_be_select() with the specified DN.
Functions for Managing Backend Operations Suffix that needs to be added to the backend. suffix slapi_be_delete_onexit() Sets the flag to denote that the backend will be deleted on exiting. Syntax #include "slapi-plugin.h" void slapi_be_delete_onexit(Slapi_Backend *be); Parameters This function takes the following parameter: Pointer to the structure containing the backend configuration.
Functions for Managing Backend Operations slapi_be_free() Frees memory and linked resources from the backend structure. Syntax #include "slapi-plugin.h" void slapi_be_free(Slapi_Backend **be); Parameters This function takes the following parameter: Pointer to the structure containing the backend configuration. slapi_be_get_instance_info() Gets the instance information of the specified backend. Syntax #include "slapi-plugin.h"...
Functions for Managing Backend Operations Parameters This function takes the following parameter: Pointer to the structure containing the backend configuration. Returns This function returns the name associated to the specified backend. Memory Concerns You should not free the returned pointer. slapi_be_get_readonly() Indicates if the database associated with the backend is in read-only mode.
Functions for Managing Backend Operations Syntax int slapi_be_getentrypoint(Slapi_Backend *be, int entrypoint, void **ret_fnptr, Slapi_PBlock *pb); Parameters This function takes the following parameters: Pointer to the structure containing the backend configuration. Entry point in the backend. entrypoint Opaque pointer to store function address. ret_fnptr Pointer to the parameter block.
Functions for Managing Backend Operations Description This function returns the suffix associated with the specified backend. This function is still present for compatibility purposes with previous versions of the Directory Server Plug-in API. Current versions of Directory Server do not support backends containing multiple suffixes;...
Functions for Managing Backend Operations Pointer to the structure containing the backend configuration. Flag to check; for example, SLAPI_BE_FLAG_REMOTE_DATA. flag Returns This function returns one of the following values: • if a flag is not set in the backend configuration. •...
Functions for Managing Backend Operations slapi_be_logchanges() Indicates whether the changes applied to the backend should be logged in the changelog. Syntax #include "slapi-plugin.h" int slapi_be_logchanges(Slapi_Backend *be); Parameters This function takes the following parameter: Pointer to the structure containing the backend configuration. Returns This function returns one of the following values: •...
Functions for Managing Backend Operations Returns This function returns a pointer to the newly-created backend. slapi_be_private() Verifies if the backend is private. Syntax #include "slapi-plugin.h" int slapi_be_private( Slapi_Backend *be ); Parameters This function takes the following parameter: Pointer to the structure containing the backend configuration. Returns This function returns one of the following values: •...
Functions for Managing Backend Operations Returns This function returns one of the following values: • A pointer to the default backend if no backend with the appropriate suffix is configured. • A pointer to the backend structure. Memory Concerns You should not free the returned pointer. See Also slapi_be_select_by_instance_name() slapi_be_select_by_instance_name()
Functions for Managing Backend Operations See Also slapi_be_select() slapi_be_set_flag() Sets the specified flag in the backend. Syntax #include "slapi-plugin.h" void slapi_be_set_flag(Slapi_Backend * be, int flag); Parameters This function takes the following parameters: Pointer to the structure containing the backend configuration. Flag (bitmap) that needs to be set.
Functions for Managing Backend Operations Syntax #include "slapi-plugin.h" void slapi_be_set_readonly(Slapi_Backend *be, int readonly); Parameters This function takes the following parameters: Pointer to the structure containing the backend configuration. Flag to specify the read-only status. readonly slapi_be_setentrypoint() Sets the entry point in the backend to the specified function. Syntax #include "slapi-plugin.h"...
Page 285
Functions for Managing Backend Operations Syntax #include "slapi-plugin.h" Slapi_Backend* slapi_get_first_backend(char **cookie); Parameters This function takes the following parameter: Output parameter containing the index of the returned backed. cookie This is useful for calls to slapi_get_next_backend(). Contains 0 in output if no backend is returned. Returns This function returns one of the following values: •...
Functions for Managing Backend Operations slapi_get_first_suffix() Returns the first root suffix of the DIT. Syntax #include "slapi-plugin.h" Slapi_DN * slapi_get_first_suffix(void ** node, int show_private); Parameters This function takes the following parameter: Contains the returned valued, which is the DN of the first root node suffix of the DIT.
Page 287
Functions for Managing Backend Operations Syntax #include "slapi-plugin.h" Slapi_Backend* slapi_get_next_backend(char *cookie); Parameters This function takes the following parameter: Upon input, contains the index from which the search for the cookie next backend is done. Upon output, contains the index of the returned backend.
Functions for Managing Backend Operations slapi_get_next_suffix() Returns the DN of the next root suffix of the DIT. Syntax #include "slapi-plugin.h" Slapi_DN * slapi_get_next_suffix(void ** node, int show_private); Parameters This function takes the following parameter: 0 checks only for non-private suffixes. show_private 1 checks for both private and non-private suffixes.
Functions for Managing Backend Operations slapi_is_root_suffix() Checks if a suffix is a root suffix of the DIT. Syntax #include "slapi-plugin.h" int slapi_is_root_suffix(Slapi_DN * dn); Parameters This function takes the following parameter: DN that you wish to check. Returns This function returns one of the following values: •...
Functions for Managing Backend Operations For example, if your plug-in stores any kind of state, such as a configuration cache, it will become invalidated or incomplete whenever the state of a backend changes. Because the plug-in wouldn’t be aware of these state changes, it would require restarting the server whenever a backend state changed.
Functions for Dealing with Controls Functions for Dealing with Controls This section contains reference information on routines for dealing with controls. Table 15-7 Routines for Dealing with Controls Function Description Creates an LDAPControl structure based on a BerElement, an slapi_build_control() OID, and a criticality flag.
Functions for Dealing with Controls Returns This function returns (LDAP result code) if successful. LDAP_SUCCESS Description This function creates an structure based on a , an OID, LDAPCotnrol BerElement and a criticality flag. The that is created can be used in LDAP client LDAPControl requests or internal operations.
Functions for Dealing with Controls Pointer that will receive the allocated LDAPControl structure. ctrlp Returns This function returns (LDAP result code) if successful. LDAP_SUCCESS Description This function creates an structure based on a , an OID, struct berval LDAPControl and a criticality flag. The that is created can be used in LDAP client LDAPControl requests or internal operations.
Functions for Dealing with Controls If the control is present in the list of controls, specifies the pointer to the berval structure containing the value of the control. If the control is present in the list of controls, specifies whether or not iscritical the control is critical to the operation of the server: •...
Functions for Dealing with Controls Returns This function returns one of the following values: • A pointer to an allocated structure if successful. LDAPControl • if an error occurs. NULL Description This function duplicates the contents of an structure. All fields within LDAPControl are copied to a new, allocated structure, and a pointer to the new LDAPControl...
Functions for Dealing with Controls Returns This function returns one of the following values: • if successful. • A non-zero value if an error occurs. Description This function replaces the deprecated slapi_get_supported_controls() function from previous releases, as it was not multithread safe. When you call to register a control, you slapi_register_supported_control()
Page 297
Functions for Dealing with Controls Parameters This function takes the following parameters: OID of the control you want to register. controloid Operation to which the control is applicable. controlops The specified control applies to the LDAP bind SLAPI_OPERATION_BIND operation. The specified control applies to the LDAP unbind SLAPI_OPERATION_UNBIND operation.
Functions for Syntax Plug-in slapi_control_present() Functions for Syntax Plug-in This section contains reference information on routines for syntax plug-ins. Table 15-8 Syntax Plug-in Routines Function Description Calls a function, specified in the syntax plug-in, to compare slapi_call_syntax_assertion2keys_ava_sv() against directory entries. Calls a function, specified in the syntax plug-in, to compare slapi_call_syntax_assertion2keys_sub_sv() against directory entries.
Functions for Syntax Plug-in Pointer to the Slapi_Value arrays containing the values ivals returned by the plug-in function; these values can now be compared against entries in the directory. Type of filter; for example, LDAP_FILTER_EQUALITY. ftype Returns This function returns one of the following values: •...
Page 300
Functions for Syntax Plug-in Parameters This function takes the following parameters: Handle to plug-in for this attribute type “Starts with” value from the search filter; for example, if the initial filter is ou=Sales*, the argument initial is Sales. Array of “contains” values from the search filter; for example, if the filter is ou=*Corporate*Sales*, the argument any is an array containing Corporate and Sales.
Functions for Managing Memory slapi_call_syntax_values2keys_sv() When adding or removing values from an index, calls the function (defined in the specified syntax plug-in) responsible for returning an array of keys matching the specified values. Syntax #include "slapi-plugin.h" int slapi_call_syntax_values2keys_sv( void *vpi, Slapi_Value **vals, Slapi_Value ***ivals, int ftype );...
Functions for Managing Memory Table 15-9 Memory Management Routines Function Description Frees an existing array. slapi_ch_array_free() Makes a copy of an existing berval structure. slapi_ch_bvdup() Makes a copy of an array of existing berval structures. slapi_ch_bvecdup() Allocates space for an array of a number of elements of a specified size. slapi_ch_calloc() Frees space allocated by the slapi_ch_malloc(), slapi_ch_free()
Functions for Managing Memory Syntax #include "slapi-plugin.h" extern struct berval* slapi_ch_bvdup( const struct berval *v ); Parameters This function takes the following parameter: Pointer to the berval structure that you want to copy. Returns This function returns a pointer to the new copy of the structure.
Functions for Managing Memory Returns This function returns a pointer to an array of the new copy of the berval structures. If the structures cannot be duplicated, e.g., because of insufficient virtual memory, the program terminates. slapd Memory Concerns The contents of the parameter are not altered by this function.
Functions for Managing Memory See Also slapi_ch_free() slapi_ch_malloc() slapi_ch_realloc() slapi_ch_strdup() slapi_ch_free() Frees space allocated by the , and slapi_ch_malloc() slapi_ch_realloc() functions and sets the pointer to . Call this function slapi_ch_calloc() NULL instead of the standard C function. free() Syntax #include "slapi-plugin.h"...
Functions for Managing Memory Syntax #include "slapi-plugin.h" void slapi_ch_free_string( char **s ); Parameters This function takes the following parameter: Address of the string that you want to free. If NULL, no action occurs. Description This function is similar to , but the argument is the address of a slapi_ch_free() string.
Functions for Managing Memory The returned pointer should be freed by calling slapi_ch_free() See Also slapi_ch_free() slapi_ch_calloc() slapi_ch_realloc() slapi_ch_strdup() slapi_ch_realloc() Changes the size of a block of allocated memory. Syntax #include "slapi-plugin.h" char * slapi_ch_realloc( char *block, unsigned long size ); Parameters This function takes the following parameters: Pointer to an existing block of allocated memory.
Functions for Managing DNs slapi_ch_strdup() slapi_ch_strdup() Makes a copy of an existing string. Syntax #include "slapi-plugin.h" char * slapi_ch_strdup( const char *s ); Parameters This function takes the following parameter: Pointer to the string you want to copy. Returns This function returns a pointer to a copy of the string. If space cannot be allocated, e.g., no more virtual memory exists, the program terminates.
Functions for Managing DNs Table 15-10 DN Management Routines Function Description Gets a copy of the DN of the parent of an entry. slapi_dn_beparent() Converts all characters in a DN to lowercase. slapi_dn_ignore_case() Determines if the a DN is the suffix of the local database. slapi_dn_isbesuffix() Determines if a DN is the parent of a specific DN.
Functions for Managing DNs Returns This function returns one of the following values: • The DN of the parent entry. • NULL if the specified DN is NULL, if the DN is an empty string, if the DN has no parent (for example, ), or if the specified DN is the suffix of o=example.com the local database.
Functions for Managing DNs Syntax #include "slapi-plugin.h" int slapi_dn_isbesuffix( Slapi_PBlock *pb, const char *dn ); Parameters This function takes the following parameters: Parameter block. DN that you want to check. Returns This function returns one of the following values: • if the specified DN is the suffix for the local database.
Functions for Managing DNs Returns This function returns one of the following values: • A non-zero value if is the parent of parentdn childdn • if the is not the parent of parentdn childdn See Also slapi_dn_issuffix() slapi_dn_isroot() Determines whether the specified DN is the root DN for this local database. Before calling this function, you should call slapi_dn_normalize_case() normalize the DN and convert all characters to lowercase.
Functions for Managing DNs slapi_dn_issuffix() Determines whether a DN is equal to the specified suffix. Before calling this function, you should call to normalize the DN and slapi_dn_normalize_case() convert all characters to lowercase. If you want to determine if a DN is the same as the suffix for the local database, call function instead.
Functions for Managing DNs Syntax #include "slapi-plugin.h" char *slapi_dn_normalize( char *dn ); Parameters This function takes the following parameter: DN that you want to normalize. Returns This function returns the normalized DN. A variable passed in as the argument is also converted in place. See Also slapi_dn_normalize_to_end() slapi_dn_normalize_case()
Functions for Managing DNs See Also slapi_dn_normalize() slapi_dn_ignore_case() slapi_dn_normalize_to_end() Normalizes part of a DN value, specifically the part going from what is pointed to to that pointed to by . This routine does not terminate the NULL normalized bit pointed to by at the return of the function.
Functions for Managing DNs If you want to check if the DN is the suffix of the local database, call the function instead. slapi_dn_beparent() Syntax #include "slapi-plugin.h" char *slapi_dn_parent( const char *dn ); Parameters This function takes the following parameter: DN of the entry for which you want to find the parent.
Functions for Managing Entries Returns This function returns the new DN formed by adding the RDN value in to the DN value in See Also slapi_sdn_add_rdn() slapi_rdn2typeval() Converts the second RDN type value to the value. berval Syntax #include "slapi-plugin.h" int slapi_rdn2typeval( char *rdn, char **type, struct berval *bv );...
Page 318
Functions for Managing Entries Table 15-11 Entry Routines Function Description Generates an LDIF string description. slapi_entry2str() Generates an LDIF string descriptions with options. slapi_entry2str_with_options() Add components in an entry’s RDN. slapi_entry_add_rdn_values() Adds a string value to an attribute in an entry. slapi_entry_add_string() Adds a data value to an attribute in an entry.
Functions for Managing Entries Table 15-11 Entry Routines (Continued) Function Description Finds the first attribute in an entry. slapi_entry_first_attr() Frees an entry from memory. slapi_entry_free() Gets the DN from an entry. slapi_entry_get_dn() Returns the DN of an entry as a constant. slapi_entry_get_dn_const() Returns the NDN of an entry.
Functions for Managing Entries Parameters This function takes the following parameters: Entry that you want to convert into an LDIF string. Length of the returned LDIF string. Returns This function returns one of the following values: • The LDIF string representation of the entry you specify. •...
Page 321
Functions for Managing Entries Syntax #include "slapi-plugin.h" char *slapi_entry2str_with_options( Slapi_Entry *e, int *len, int options ); Parameters This function takes the following parameters: Entry that you want to convert into an LDIF string. Length of the LDIF string returned by this function. An option set that specifies how you want the string converted.
Functions for Managing Entries Description This function generates an LDIF string value conforming to the following syntax: dn: <dn>\n [<attr>: <value>\n]* For example: dn: uid=jdoe, ou=People, o=example.com cn: Jane Doe sn: Doe To convert an entry described in LDIF string format to an LDAP entry using the data type, call the function.
Functions for Managing Entries • if the values were successfully added to the entry. The function LDAP_SUCCESS also returns if the entry is , if the entry’s DN is , or if LDAP_SUCCESS NULL NULL the entry’s RDN is NULL •...
Functions for Managing Entries Memory Concerns This routine makes a copy of the parameter can be value value NULL slapi_entry_add_value() Adds a specified data value to an attribute in an entry. Slapi_Value Syntax #include "slapi-plugin.h" int slapi_entry_add_value (Slapi_Entry *e, const char *type, const Slapi_Value *value);...
Functions for Managing Entries Syntax #include "slapi-plugin.h" int slapi_entry_add_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals ); Parameters This function takes the following parameters: Entry to which you want to add values. Attribute type to which you want to add values. type Array of Slapi_Value data values that you want to add.
Functions for Managing Entries Syntax #include "slapi-plugin.h" int slapi_entry_add_valueset(Slapi_Entry *e, const char *type, Slapi_ValueSet *vs); Parameters This function takes the following parameters: Entry to which you want to add values. Attribute type to which you want to add values. type Slapi_ValueSet data value that you want to add to the entry.
Functions for Managing Entries When you are no longer using the entry, you should free it from memory by calling function. slapi_entry_free() Memory Concerns When you no longer use the entry, free it from memory by calling the function. slapi_entry_free() See Also slapi_entry_dup() slapi_entry_free()
Functions for Managing Entries Syntax #include "slapi-plugin.h" int slapi_entry_attr_find( const Slapi_Entry *e, const char *type, Slapi_Attr **attr ); Parameters This function takes the following parameters: Entry that you want to check. Name of the attribute that you want to check. type Pointer to the attribute, if the attribute is in the entry.
Functions for Managing Entries Parameters This function takes the following parameters: Entry from which you want to get the string value. Attribute type from which you want to get the value. type Returns This function returns one of the following values: •...
Functions for Managing Entries Description This function is very similar to , except that it slapi_entry_attr_get_charptr() returns a array for multi-valued attributes. The array and all values are char** copies. Even if the attribute values are not strings, they will still be null terminated so that they can be used safely in a string context.
Functions for Managing Entries Entry from which you want to get the integer value. Attribute type from which you want to get the value. type Returns This function returns one of the following values: • The first value in the attribute converted to an integer. •...
Functions for Managing Entries Syntax #include "slapi-plugin.h" unsigned int slapi_entry_attr_get_uint( const Slapi_Entry* e, const char *type); Parameters This function takes the following parameters: Entry from which you want to get the value. Attribute type from which you want to get the value. type Returns This function returns one of the following values:...
Functions for Managing Entries • if the entry does not contain the attribute specified. slapi_entry_attr_has_syntax_value() Determines if an attribute in an entry contains a specified value. Syntax #include "slapi-plugin.h" int slapi_entry_attr_has_syntax_value(const Slapi_Entry *e, const char *type, const Slapi_Value *value); Parameters Entry that you want to check.
Functions for Managing Entries Parameters This function takes the following parameters: Entry to which you want to add values. Attribute to which you want to add values. type Array of Slapi_Value data values you want to add. vals Returns This function returns if successful;...
Functions for Managing Entries Returns This function returns when successful; any other value returned signals failure. Description This function replaces existing attribute values in a specified entry with a single data value. The function first deletes the existing attribute from the Slapi_Value entry, then replaces it with the new value specified.
Functions for Managing Entries See Also slapi_entry_attr_delete() slapi_entry_attr_set_int() Replaces the value or values of an attribute in an entry with a specified integer data value. Syntax #include "slapi-plugin.h" void slapi_entry_attr_set_int(Slapi_Entry* e, const char *type, int l); Parameters This function takes the following parameters: Entry in which you want to set the value.
Functions for Managing Entries Entry in which you want to set the value. Attribute type in which you want to set the value. type Long integer value that you want assigned to the attribute. slapi_entry_attr_set_uint() Replaces the value or values of an attribute in an entry with a specified unsigned integer data type value.
Functions for Managing Entries Parameters This function takes the following parameters: Entry in which you want to set the value. Attribute type in which you want to set the value. type Unsigned long value that you want assigned to the attribute. Description This function will replace the value or values of an attribute with the unsigned...
Page 339
Functions for Managing Entries Syntax #include "slapi-plugin.h" int slapi_entry_delete_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals ); Parameters This function takes the following parameters: Entry from which you want to delete values. Attribute from which you want to delete values. type Array of Slapi_Value data values that you want to delete.
Functions for Managing Entries slapi_entry_dup() Makes a copy of an entry, its DN, and its attributes. Syntax #include "slapi-plugin.h" Slapi_Entry *slapi_entry_dup( const Slapi_Entry *e ); Parameters This function takes the following parameter: Entry that you want to copy. Returns This function returns the new copy of the entry. If the structure cannot be duplicated, for example, if no more virtual memory exists, the program slapd...
Functions for Managing Entries Parameters This function takes the following parameters: Entry from which you want to get the attribute. Pointer to the first attribute in the entry. attr Returns Returns when successful; any other value returned signals failure. Memory Concerns Do not free the returned .
Functions for Managing Entries See Also slapi_entry_alloc() slapi_entry_dup() slapi_entry_get_dn() Gets the distinguished name (DN) of the specified entry. Syntax #include "slapi-plugin.h" char *slapi_entry_get_dn( Slapi_Entry *e ); Parameters This function takes the following parameter: Entry from which you want to get the DN. Returns This function returns the DN of the entry.
Functions for Managing Entries Parameters This function takes the following parameter: Entry from which you want to get the DN as a constant. Returns This function returns one of the following values: • of the entry that you specify. The is returned as a ;...
Functions for Managing Entries slapi_entry_get_sdn() Returns the object from the entry that you specify. Slapi_DN Syntax #include "slapi-plugin.h" Slapi_DN *slapi_entry_get_sdn( Slapi_Entry *e ); Parameters This function takes the following parameter: Entry from which you want to get the Slapi_DN object. Returns Returns the object form the entry that you specify.
Functions for Managing Entries Returns This function returns as a the value of the object from the entry const Slapi_DN that you specify. Memory Concerns Never free this value. If you need a copy, use slapi_sdn_dup() See Also slapi_sdn_dup() slapi_entry_get_uniqueid() Gets the unique ID value of the entry.
Functions for Managing Entries Syntax #include "slapi-plugin.h" int slapi_entry_has_children(const Slapi_Entry *e); Parameters This function takes the following parameter: Entry that you want to test for child entries. Returns This function returns one of the following values: • if the entry you supply has children entries. •...
Functions for Managing Entries Description This function initializes the attributes and the corresponding attribute values of an entry. Also, during the course of processing, the unique ID of the entry is set to , and the flag value is set to NULL Use this function to initialize a pointer.
Functions for Managing Entries Parameters This function takes the following parameters: Entry into which you want to merge values. Attribute type that contains the values you want to merge. type Values that you want to merge into the entry. Values are of type vals Slapi_Value.
Functions for Managing Entries Syntax #include "slapi-plugin.h" int slapi_entry_next_attr( const Slapi_Entry *e, Slapi_Attr *prevattr, Slapi_Attr **attr ); Parameters This function takes the following parameters: Entry from which you want to get the attribute. Previous attribute in the entry. prevattr Pointer to the next attribute after prevattr in the entry. attr Returns This function returns one of the following values:...
Functions for Managing Entries Entry from which you want to get the attribute. Returns The function returns one of the following values: • if the values in the RDN are present in attributes of the entry. • if the values are not present. slapi_entry_schema_check() Determines whether the specified entry complies with the schema for its object class.
Functions for Managing Entries Memory Concerns argument can be . It is only used to get the NULL flag. If that flag is present, no schema checking is SLAPI_IS_REPLACED_OPERATION done. slapi_entry_set_dn() Sets the distinguished name (DN) of an entry. Syntax #include "slapi-plugin.h"...
Functions for Managing Entries Syntax #include "slapi-plugin.h" void slapi_entry_set_sdn( Slapi_Entry *e, const Slapi_DN *sdn ); Parameters This function takes the following parameters: Entry to which you want to set the value of the Slapi_DN. The specified Slapi_DN value that you want to set. Description This function sets the value for the object in the entry you specify.
Functions for Managing Entries Description This function replaces the unique ID value of the entry with the value uniqueid that you specify. In addition, the function adds to the SLAPI_ATTR_UNIQUEID attribute list and gives it the unique ID value supplied. If the entry already contains attribute, its value is updated with the new value SLAPI_ATTR_UNIQUEID supplied.
Functions for Managing Entries • A size of 1k if the entry is empty. Description When determining the size of an entry, only the sizes of the attribute values are counted; the size of other entry values (such as the size of attribute names, variously-normalized DNs, or any metadata) are not included in the size returned.
Page 355
Functions for Managing Entries Syntax #include "slapi-plugin.h" Slapi_Entry *slapi_str2entry( char *s, int flags ); Parameters This function takes the following parameters: Description of an entry that you want to convert to Slapi_Entry. One or more flags specifying how the entry should be generated flags The value of the argument can be one of the following values:...
Functions Related to Entry Flags If an error occurred during the conversion process, the function returns NULL instead of the entry. When you are done working with the entry, you should call the function. slapi_entry_free() To convert an entry to a string description, call the slapi_filter_free() function.
Functions Related to Entry Flags Description In this release of Directory Server, the only external flag that can be set is . This flag means that the entry is a SLAPI_ENTRY_FLAG_TOMBSTONE tombstone entry. More flags may be exposed in future releases. Do not use your own flags. See Also slapi_entry_flag_is_set() slapi_entry_set_flag()
Functions for Dealing with Filters slapi_entry_set_flag() Sets a flag for a specified entry. Syntax #include "slapi-plugin.h" void slapi_entry_set_flag( Slapi_Entry *e, unsigned char flag); Parameters This function takes the following parameters: Entry for which you want to set the flags. Flag that you want to set. flag Description In current versions of Directory Server, the only external flag that can be set is...
Functions for Dealing with Filters Table 15-13 Filter Routines (Continued) Function Description Gets the attribute type and the value from the filter. slapi_filter_get_ava() Gets the type of the specified filter. slapi_filter_get_choice() Gets the substring values from the filter. slapi_filter_get_subfilt() Gets the attribute type specified in the filter. slapi_filter_get_type() Joins two specified filters.
Functions for Dealing with Filters Argument to the function (fn). Pointer to error code of , which can be accessed by error_code calling function. Possible values slapi_filter_apply() may set in include error_code SLAPI_FILTER_UNKNOWN_FILTER_TYPE should return FILTER_APPLY_FN _STOP _CONTINUE only. Returns This function returns an integer.
Functions for Dealing with Filters • if the two filters are identical. • A value other than if the two filters are not identical. Description This function allows you to determine if two filters are identical and/or are allowed to be in a different order. slapi_filter_dup() Creates a duplicate of the specified filter.
Functions for Dealing with Filters If 1, recursively frees all filters that comprise this filter. If 0, only recurse frees the filter specified by f. Description This function frees the filter in parameter Memory Concerns Filters created using must be freed after using this function. slapi_str2filter() Filters extracted from a pblock using slapi_pblock_get(...
Functions for Dealing with Filters • LDAP_FILTER_LE • LDAP_FILTER_APPROX • LDAP_FILTER_EQUALITY • LDAP_FILTER_SUBSTRINGS • LDAP_FILTER_PRESENT • LDAP_FILTER_EXTENDED • LDAP_FILTER_AND • LDAP_FILTER_OR • LDAP_FILTER_NOT A filter such as ( ), will return the type mail-foo mail Memory Concerns The attribute type is returned in type and should not be freed after calling this function.
Functions for Dealing with Filters Filter from which you want to get the attribute and value. Pointer to the attribute type of the filter. type Pointer to the address of the berval structure containing the bval value of the filter. Returns This function returns one of the following values: •...
Page 365
Functions for Dealing with Filters Syntax #include "slapi-plugin.h" int slapi_filter_get_choice( Slapi_Filter *f ); Parameters This function takes the following parameters: Filter of which you want to get type. Returns This function returns one of the following values: • (AND filter) LDAP_FILTER_AND For example: (&(ou=Accounting)(l=Sunnyvale))
Functions for Dealing with Filters For example: (o:dn:=Example) See Also slapi_filter_get_type() slapi_filter_get_attribute_type() slapi_filter_get_ava() slapi_filter_get_subfilt() Applies only to filters of the type . Gets the substring LDAP_FILTER_SUBSTRINGS values from the filter. Syntax #include "slapi-plugin.h" int slapi_filter_get_subfilt( Slapi_Filter *f, char **type, char **initial, char ***any, char **final ); Parameters This function takes the following parameters: Filter that you want to get the substring values from.
Functions for Dealing with Filters This filter finds entries in which the value of the attribute starts with John contains , and ends with Public Call this function to get these substring values as well as the attribute type from this filter.
Functions for Dealing with Filters This filter finds entries that have a value assigned to the attribute. mail Call this function to get the attribute type from this filter. In the case of the example above, calling this function gets the attribute type mail Memory Concerns The string returned in the parameter type must not be freed after calling this...
Functions for Dealing with Filters Description Filters of the type , and LDAP_FILTER_AND LDAP_FILTER_OR LDAP_FILTER_NOT generally consist of one or more other filters. For example: (&(ou=Accounting)(l=Sunnyvale)) (|(ou=Accounting)(l=Sunnyvale)) (!(l=Sunnyvale)) Each of these examples contain one or more filters. LDAP_FILTER_EQUALITY Call the function to create a new filter of the type slapi_filter_join() , or...
Functions for Dealing with Filters Returns This function returns the new filter constructed from the other two filters. Description Filters of the type , and LDAP_FILTER_AND LDAP_FILTER_OR LDAP_FILTER_NOT generally consist of one or more other filters. For example: (&(ou=Accounting)(l=Sunnyvale)) (|(ou=Accounting)(l=Sunnyvale)) (!(l=Sunnyvale)) Each of these examples contain one or more filters.
Functions for Dealing with Filters Returns This function returns the first filter that makes up the specified filter Description To iterate through all filters that make up a specified filter, use this function in conjunction with the function. slapi_filter_list_next() Filters of the type , and LDAP_FILTER_AND LDAP_FILTER_OR...
Functions for Dealing with Filters Returns This function returns the next filter (after ) that makes up the specified filter fprev Description To iterate through all filters that make up a specified filter, use this function in conjunction with the function.
Functions for Dealing with Filters Returns This function returns one of the following values: • if the entry matched the filter or if the specified filter is NULL. • if the filter type is unknown. • A positive value (an LDAP error code) if an error occurred. See Also slapi_filter_test_simple() slapi_filter_test_ext()
Functions for Dealing with Filters • A positive value (an LDAP error code) if an error occurred or if the current user does not have access rights to search the specified entry. Description This function allows you to determine if an entry matches a given filter and/or that the current user has the permission to access the entry.
Functions for Dealing with Filters slapi_find_matching_paren() Finds the matching right parentheses in a string, corresponding to the left parenthesis to which the string currently points. Syntax #include "slapi-plugin.h" char *slapi_find_matching_paren( const char *str ) Parameters This function takes the following parameter: String containing the parentheses.
Functions for Dealing with Filters Returns This function returns one of the following values: • A pointer to the structure representing the search filter. Slapi_Filter • if the string cannot be converteted; for example, if an empty string is NULL specified or if the filter syntax is incorrect.
Functions Specific to Extended Operation Description This function supports the case where the filter specifies virtual attributes. Performance for a real-attribute-only filter is the same as that for slapi_filter_test() See Also slapi_filter_test() Functions Specific to Extended Operation This section contains reference information on routines for dealing with extended operations.
Functions Specific to Bind Methods This function gets a copy of the object IDs (OIDs) of the extended operations supported by the server. You can register new extended operations by putting the OID in the parameter and calling SLAPI_PLUGIN_EXT_OP_OIDLIST slapi_block_set() Memory Concerns The array returned by this function should be freed by calling the function.
Functions for Thread-Safe LDAP Connections slapi_register_supported_saslmechanism() Registers the specified Simple Authentication and Security Layer (SASL) mechanism with the server. Syntax #include "slapi-plugin.h" void slapi_register_supported_saslmechanism( char *mechanism ); Parameters This function takes the following parameter: Name of the SASL mechanism. mechanism See Also “Functions for Managing DNs,”...
Page 380
Functions for Thread-Safe LDAP Connections Parameters This function takes the following parameters: Space-delimited list of one or more host names (or IP address in ldaphost dotted notation, such as "141.211.83.36") of the LDAP servers to which you want to connect. The names can be in hostname:portnumber format, in which case, portnumber overrides the port number specified by the ldapport argument.
Functions for Thread-Safe LDAP Connections If you specify a non-zero value for the argument, this function installs the shared server’s threading functions and allows multiple threads to share this session (the returned structure). The Directory Server processes each request in a LDAP separate thread.
Functions for Logging Syntax #include "slapi-plugin.h" void slapi_ldap_unbind( LDAP *ld ); Parameters This function takes the following parameter: Connection handle, which is a pointer to an LDAP structure containing information about the connection to the LDAP server. Description This function unbinds from another LDAP server. Call this function if you initialized the LDAP session with the function.
Page 383
Functions for Logging Parameters This function takes the following parameters: Level of severity of the message. In combination with the severity severity level specified by the administrator, this determines whether the message is written to the log. Name of the subsystem in which this function is called. The subsystem string that you specify here appears in the error log in the following format:...
Functions for Logging Written to the error log if the Log Level setting “Config file SLAPI_LOG_CONFIG processing” is selected. Written to the error log if the Log Level setting “Access SLAPI_LOG_ACL control list processing” is selected. Written to the error log if the Log Level setting “Log SLAPI_LOG_SHELL communications with shell back-ends”...
Functions for Handling Matching Rules Returns The function returns one of the following values: • is not selected as log level settings. loglevel • is selected as log level setting. loglevel Description To specify the level of logging used by the Directory Server, the administrator can use the Server Console or set the attribute.
Functions for Handling Matching Rules Syntax #include "slapi-plugin.h" int slapi_berval_cmp (const struct berval *L, const struct berval *R); Parameters This function takes the following parameters: Pointer to the first berval structure that you want to compare. Pointer to the second structure that you want to compare. Returns This function returns one of the following values: •...
Functions for Handling Matching Rules Description This function frees a structure (and, optionally, its Slapi_MatchingRuleEntry members) from memory. Call this function when you are done working with the structure. slapi_matchingrule_get() Gets information about a matching rule. Syntax #include "slapi-plugin.h" int slapi_matchingrule_get(SlPi_MatchingRuleEntry *mr, int arg, void *value);...
Functions for Handling Matching Rules Returns This function returns one of the following values: • if the information was successfully retrieved. • if an error occurred; for example, if an invalid argument was specified. Description This function gets information about a matching rule from the structure.
Functions for Handling Matching Rules Parameters This function takes the following parameter: Slapi_MatchingRuleEntry structure representing the mrEntry matching rule that you want to register. Returns This function returns one of the following values: • if the matching rule was successfully registered. •...
Functions for Handling Matching Rules argument can have one of the following values: Data Type Description of the value Argument Name of the matching rule. SLAPI_MATCHINGRULE_NAME char * OID of the matching rule. SLAPI_MATCHINGRULE_OID char * Description of the matching rule. SLAPI_MATCHINGRULE_DESC char * Syntax supported by the matching...
Functions for Handling Matching Rules Parameters This function takes the following parameters: Pointer to a Slapi_Filter structure, representing the extensible match filter for which you want to find the indexer function. Parameter block containing information about the extensible match filter. Returns This function returns the result code returned by the indexer function.
Page 392
Functions for Handling Matching Rules Parameters This function takes the following parameter: Parameter block containing information about the matching rule and attribute type to be used in indexing or sorting. Returns This function returns the result code returned by the indexer factory function. Description This function calls the indexer factory function for the plug-in responsible for handing a specified matching rule.
Functions for LDAPMod Manipulation • should specify the name of the function SLAPI_PLUGIN_DESTROY_FN responsible for freeing any memory allocated by this indexer factory function. For example, memory allocated for a structure that you pass to the indexer function using SLAPI_PLUGIN_OBJECT For more information on filter index functions and indexer functions, see chapter 11, “Writing Matching Rule Plug-ins.”...
Page 394
Functions for LDAPMod Manipulation Table 15-19 LDAPMod Manipulation Routines (Continued) Function Description Allocates a new Slapi_Mod structure. slapi_mod_new() Removes the value at the current Slapi_Mod iterator position. slapi_mod_remove_value() Sets the operation type of a Slapi_Mod structure. slapi_mod_set_operation() Sets the attribute type of a Slapi_Mod. slapi_mod_set_type() Creates a Slapi_Entry from an array of LDAPMod.
Functions for LDAPMod Manipulation Table 15-19 LDAPMod Manipulation Routines (Continued) Function Description Initializes a Slapi_Mods that is a wrapper for an existing array of slapi_mods_init_byref() LDAPMod. Initializes a Slapi_Mods structure from an array of LDAPMod. slapi_mods_init_passin() Inserts an LDAPMod into a Slapi_Mods structure after the current slapi_mods_insert_after() iterator position.
Functions for LDAPMod Manipulation Returns This function returns one of the following values: • if successful. • A non-zero value if not successful. Description This function creates an array of of type from a LDAPMod LDAP_MOD_ADD Slapi_Entry See Also slapi_mods2entry() slapi_mod_add_value() Adds a value to a structure.
Functions for LDAPMod Manipulation Parameters This function takes the following parameter: Pointer to a Slapi_Mod. Description This function frees the internals of a , leaving it in the uninitialized state. Slapi_Mod Memory Concerns Use this function on a stack-allocated when you have finished with it or Slapi_Mod want to reuse it.
Functions for LDAPMod Manipulation slapi_mod_free() Frees a structure. Slapi_Mod Syntax #include "slapi-plugin.h" void slapi_mod_free(Slapi_Mod **smod); Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod. smod Description This function frees a structure that was allocated by Slapi_Mod slapi_mod_new() See Also slapi_mod_new() slapi_mod_get_first_value()
Functions for LDAPMod Manipulation Description Use this function with to iterate through the slapi_mod_get_next_value() attribute values in a structure. Slapi_Mod See Also slapi_mod_get_next_value() slapi_mod_get_ldapmod_byref() Gets a reference to the in a structure. LDAPMod Slapi_Mod Syntax #include "slapi-plugin.h" const LDAPMod *slapi_mod_get_ldapmod_byref(const Slapi_Mod *smod); Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod.
Functions for LDAPMod Manipulation Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod. smod Returns This function returns a pointer to an owned by the caller. LDAPMod Description Use this function to get the out of a LDAPMod Slapi_Mod Memory Concerns...
Functions for LDAPMod Manipulation Description Use this function with to iterate through the slapi_mods_get_first_mod() attribute values in a Slapi_Mod See Also slapi_mods_get_first_mod() slapi_mod_get_num_values() Gets the number of values in a structure. Slapi_Mod Syntax #include "slapi-plugin.h" int slapi_mod_get_num_values(const Slapi_Mod *smod); Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod.
Functions for LDAPMod Manipulation Returns This function returns one of , or LDAP_MOD_ADD LDAP_MOD_DELETE , combined using the bitwise or operator with LDAP_MOD_REPLACE LDAP_MOD_BYVALUES See Also slapi_mod_set_operation() slapi_mod_get_type() Gets the attribute type of a structure. Slapi_Mod Syntax #include "slapi-plugin.h" const char *slapi_mod_get_type(const Slapi_Mod *smod); Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod.
Functions for LDAPMod Manipulation Parameters This function takes the following parameters: Pointer to an uninitialized Slapi_Mod. smod Suggested number of attribute values for which to make room. initCount Minimum value is 0. Description This function initializes a so that it is empty but initially has room for Slapi_Mod the given number of attribute values.
Functions for LDAPMod Manipulation Description This function initializes a containing a reference to an . Use Slapi_Mod LDAPMod this function when you have an and would like the convenience of the LDAPMod functions to access it. Slapi_Mod See Also slapi_mod_done() slapi_mod_init() slapi_mod_init_byval() slapi_mod_init_passin()
Functions for LDAPMod Manipulation Syntax #include "slapi-plugin.h" void slapi_mod_init_passin(Slapi_Mod *smod, LDAPMod *mod); Parameters This function takes the following parameters: Pointer to an uninitialized Slapi_Mod. smod Pointer to an LDAPMod. Description This function initializes a by passing in an . Use this function to Slapi_Mod LDAPMod convert an...
Functions for LDAPMod Manipulation Returns This function returns one of the following values: • if the is valid. Slapi_Mod • if the is not valid. Slapi_Mod Description Use this function to verify that the contents of are valid. It is Slapi_Mod considered valid if the operation type is one of LDAP_MOD_ADD...
Functions for LDAPMod Manipulation Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mod. smod See Also slapi_mod_get_first_value() slapi_mod_get_next_value() slapi_mod_set_operation() Sets the operation type of a structure. Slapi_Mod Syntax #include "slapi-plugin.h" void slapi_mod_set_operation(Slapi_Mod *smod, int op); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mod.
Functions for LDAPMod Manipulation Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mod. smod An attribute type. type Description Sets the attribute type of the to a copy of the given value. Slapi_Mod See Also slapi_mod_get_type() slapi_mods2entry() Creates a from an array of Slapi_Entry...
Functions for LDAPMod Manipulation Description This function creates a from a copy of an array of of type Slapi_Entry LDAPMod LDAP_MODD_ADD See Also slapi_entry2mods() slapi_mods_add() Appends a new with a single attribute value to structure. Slapi_Mods Syntax #include "slapi-plugin.h" void slapi_mods_add( Slapi_Mods *smods, int modtype, const char *type, unsigned long len, const char *val);...
Functions for LDAPMod Manipulation slapi_mods_add_string() slapi_mods_add_ldapmod() Appends an to a structure. LDAPMod Slapi_Mods Syntax #include "slapi-plugin.h" void slapi_mods_add_ldapmod(Slapi_Mods *smods, LDAPMod *mod); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods. smods Pointer to a the LDAPMod to be appended. Description Appends an to a...
Functions for LDAPMod Manipulation Syntax #include "slapi-plugin.h" void slapi_mods_add_mod_values( Slapi_Mods *smods, int modtype, const char *type, Slapi_Value **va );; Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods. smods One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or modtype LDAP_MOD_REPLACE. The LDAP attribute type. type A null-terminated array of Slapi_Value representing the attribute values.
Functions for LDAPMod Manipulation Syntax #include "slapi-plugin.h" void slapi_mods_add_smod( Slapi_Mods *smods, Slapi_Mod *smod ); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods. smods Pointer to an initialized Slapi_Mod. smod Description This function appends a new to a .
Functions for LDAPMod Manipulation Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods. smods One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or modtype LDAP_MOD_REPLACE. The LDAP attribute type. type A null-terminated array of berval representing the attribute bvps values. Description This function appends a new .
Functions for LDAPMod Manipulation Pointer to an initialized Slapi_Mods. smods One of LDAP_MOD_ADD, LDAP_MOD_DELETE, or modtype LDAP_MOD_REPLACE. The LDAP attribute type. type The attribute value represented as a null-terminated string. Description This function appends a new with a single string attribute value to a .
Functions for LDAPMod Manipulation Description This function frees the internals of a , leaving it in the uninitialized Slapi_Mods state. Use this function on a stack-allocated when you are finished Slapi_Mods with it, or when you wish to reuse it. See Also slapi_mods_init() slapi_mods_init_byref()
Functions for LDAPMod Manipulation Syntax #include "slapi-plugin.h" void slapi_mods_free(Slapi_Mods **smods); Parameters This function takes the following parameter: Pointer to an allocated Slapi_Mods. smods Description This function frees a that was allocated by Slapi_Mods slapi_mods_new() See Also slapi_mods_new() slapi_mods_get_first_mod() Initializes a iterator and returns the first Slapi_Mods LDAPMod...
Functions for LDAPMod Manipulation slapi_mods_get_first_smod() Initializes a iterator and returns the first wrapped in a Slapi_Mods structure. Slapi_Mods Syntax #include "slapi-plugin.h" Slapi_Mod *slapi_mods_get_first_smod(Slapi_Mods *smods, Slapi_Mod *smod); Parameters This function takes the following parameters: A pointer to a an initialized Slapi_Mods. smods Pointer to a Slapi_Mods that will be used to hold the mod.
Functions for LDAPMod Manipulation Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mods. smods Returns This function returns a null-terminated array of owned by the LDAPMod Slapi_Mods Description Use this function to get direct access to the array of contained in a LDAPMod Slapi_Mods...
Functions for LDAPMod Manipulation Description Gets the array of out of a . Responsibility for the array LDAPMod Slapi_Mods transfers to the caller. The is left in the uninitialized state. Slapi_Mods See Also slapi_mods_get_ldapmods_byref() slapi_mods_get_next_mod() Increments the iterator and returns the next Slapi_Mods LDAPMod Syntax...
Functions for LDAPMod Manipulation slapi_mods_get_next_smod() Increments the iterator and returns the next wrapped in a Slapi_Mods Slapi_Mods Syntax #include "slapi-plugin.h" Slapi_Mod *slapi_mods_get_next_smod(Slapi_Mods *smods, Slapi_Mod *smod); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods. smods Pointer to a Slapi_Mods that will be used to hold the mod. smod Returns This function returns a pointer to the...
Functions for LDAPMod Manipulation Parameters This function takes the following parameter: Pointer to an initialized Slapi_Mods. smods Returns This function returns the number of mods Slapi_Mods slapi_mods_init() Initializes a Slapi_Mods Syntax #include "slapi-plugin.h" void slapi_mods_init(Slapi_Mods *smods, int initCount); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods.
Functions for LDAPMod Manipulation slapi_mods_init_byref() Initializes a that is a wrapper for an existing array of Slapi_Mods LDAPMod Syntax #include "slapi-plugin.h" void slapi_mods_init_byref(Slapi_Mods *smods, LDAPMod **mods); Parameters This function takes the following parameters: Pointer to an uninitialized Slapi_Mods. smods A null-terminated array of LDAPMod. mods Description Initializes a...
Functions for LDAPMod Manipulation A null-terminated array of LDAPMod. mods Description This function initializes a by passing in an array of . This Slapi_Mods LDAPMod function converts an array of to a LDAPMod Slapi_Mods Memory Concerns The responsibility for the array and its elements is transferred to the Slapi_Mods The array and its elements are destroyed when the is destroyed.
Functions for LDAPMod Manipulation slapi_mods_get_next_mod() slapi_mods_get_first_smod() slapi_mods_get_next_smod() slapi_mods_insert_at() Inserts an at position in a structure. smod Slapi_Mods Syntax #include "slapi-plugin.h" void slapi_mods_insert_at(Slapi_Mods *smods, LDAPMod *mod, int pos); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods. smods Pointer to the LDAPMod to be inserted.
Functions for LDAPMod Manipulation slapi_mods_insert_before() Inserts an into a structure before the current iterator position. LDAPMod Slapi_Mods Syntax #include "slapi-plugin.h" void slapi_mods_insert_before(Slapi_Mods *smods, LDAPMod *mod); Parameters This function takes the following parameters: Pointer to an initialized Slapi_Mods with valid iterator smods position.
Functions for LDAPMod Manipulation Pointer to an initialized Slapi_Mods. smods Pointer to the LDAPMod to be inserted. smod Position at which to insert the new mod. Minimum value is 0. Maximum value is the current number of mods. Description This function inserts an at a given position .
Functions for LDAPMod Manipulation Description This function inserts an immediately before the current position of the smod iterator. The iterator position is unchanged. Slapi_Mods Memory Concerns argument is not duplicated or copied, but the reference of the Slapi_Mod smod ) is passed into the ) structure.The Slapi_Mod smods...
Functions for LDAPMod Manipulation slapi_mods_new() Allocates a new uninitialized structure. Slapi_Mods Syntax #include "slapi-plugin.h" Slapi_Mods* slapi_mods_new( void ); Parameters This function takes no parameters. Returns This function returns a pointer to an allocated uninitialized Slapi_Mods Description This function allocates a new initialized Slapi_Mods Memory Concerns Use this function when you need a...
Functions for Monitoring Operations See Also slapi_mods_get_first_mod() slapi_mods_get_next_mod() slapi_mods_get_first_smod() slapi_mods_get_next_smod() Functions for Monitoring Operations This section contains reference information on operation routines. Table 15-20 Operation Routines Function Description Determines if the client has abandoned the current operation. slapi_op_abandoned() Gets the type of a Slapi_Operation. slapi_op_get_type() slapi_op_abandoned() Determines whether or not the client has abandoned the current operation (the...
Functions for Monitoring Operations Returns This function returns one of the following values: • if the operation has been abandoned. • if the operation has not been abandoned. slapi_op_get_type() Gets the type of a Slapi_Operation Syntax #include "slapi-plugin.h" unsigned long slapi_op_get_type(Slapi_Operation * op); Parameters This function takes the following parameter: The operation of which you wish to get the type.
Functions for Managing Parameter Block • SLAPI_OPERATION_COMPARE • SLAPI_OPERATION_ABANDON • SLAPI_OPERATION_EXTENDED See Also slapi_pblock_get() Functions for Managing Parameter Block This section contains reference information on parameter block routines. Table 15-21 Parameter Block Routines Function Description Frees a pblock from memory. slapi_pblock_destroy() Gets the value from a pblock.
Functions for Managing Parameter Block Memory Concerns The parameter block that you wish to free must have been created using . Use of this function with allocated on the stack slapi_pblock_new() pblocks (for example, ;) or using another memory allocator is not Slapi_PBlock pb supported and may lead to memory errors and memory leaks.
Page 433
Functions for Managing Parameter Block Returns This function returns one of the following values: • if successful. • if an error occurs (for example, if an invalid ID is specified). Memory Concerns The void argument should always be a pointer to the type of value you are *value retrieving: int connid = 0;...
Functions for Managing Parameter Block slapi_pblock_get(pb, SOME_PARAM, &someparam); slapi_pblock_set(pb, SOME_PARAM, NULL); /* make sure no one else reference this parameter */ slapi_ch_free_string(&someparam); Some internal functions may change the value passed in, so it is recommended to to retrieve the value again, rather than relying on a slapi_pblock_get() potential dangling pointer.
Page 435
Functions for Managing Parameter Block Parameters This function takes the following parameters: Parameter block. ID of the name-value pair that you want to set. For a list of IDs that you can specify, see chapter 16, “Parameter Block Reference.” Pointer to the value that you want to set in the parameter block. value Returns This function returns one of the following values:...
Functions for Handling Passwords When setting parameters to register a plug-in, the plug-in type must always be set first, since many of the plug-in parameters depend on the type. For example, set to extended operation before setting the list of extended SLAPI_PLUGIN_TYPE operation OIDs for the plug-in.
Functions for Handling Passwords Pointer to the Slapi_Value structure containing the password that you wish to check; for example, you can get this value from the SLAPI_BIND_CREDENTIALS parameter in the parameter block and create the Slapi_Value using slapi_value_init_berval(). Returns This function returns one of the following values: •...
Functions for Handling Passwords Returns This function returns one of the following values: • if the value is encoded. • if the value is not encoded. See Also slapi_pw_find_sv() slapi_encode() slapi_encode() Encodes a value with the specified algorithm. Syntax #include "slapi-plugin.h" char* slapi_encode(char *value, char *alg);...
Functions for Managing RDN See Also slapi_pw_find_sv() slapi_is_encoded() Functions for Managing RDN This section contains reference information on RDN routines. Table 15-23 RDN Routines Function Description Adds a new RDN to an existing RDN structure. slapi_rdn_add() Compares two RDNs. slapi_rdn_compare() Checks if a Slapi_RDN structure holds any RDN matching a give slapi_rdn_contains() type/value pair.
Functions for Managing RDN Table 15-23 RDN Routines (Continued) Function Description Checks if an RDN value is stored in a Slapi_RDN structure. slapi_rdn_isempty() Allocates a new Slapi_RDN structure. slapi_rdn_new() Creates a new Slapi_RDN structure. slapi_rdn_new_dn() Creates a new Slapi_RDN structure and sets an RDN value. slapi_rdn_new_rdn() Creates a new Slapi_RDN structure and sets an RDN value taken from slapi_rdn_new_sdn()
Functions for Managing RDN Returns This function always returns Description This function adds a new type/value pair to an existing RDN or sets the type/value pair as the new RDN if is empty. This function resets the flags, which means that the RDN array within the structure FLAG_RDNS Slapi_RDN...
Functions for Managing RDN slapi_rdn_contains() Checks whether a structure holds any RDN matching a given Slapi_RDN type/value pair. Syntax #include "slapi-plugin.h" int slapi_rdn_contains(Slapi_RDN *rdn, const char *type, const char *value,size_t length); Parameters This function takes the following parameters: The Slapi_RDN structure containing the RDN value(s). The type (cn, o, ou, etc.) of the RDN searched.
Functions for Managing RDN slapi_rdn_contains_attr() Checks whether a structure contains any RDN matching a given type Slapi_RDN and, if true, gets the corresponding attribute value. Syntax #include "slapi-plugin.h" int slapi_rdn_contains_attr(Slapi_RDN *rdn, const char *type, char **value); Parameters This function takes the following parameters: The Slapi_RDN structure containing the RDN value(s).
Functions for Managing RDN Syntax #include "slapi-plugin.h" void slapi_rdn_done(Slapi_RDN *rdn); Parameters This function takes the following parameter: Pointer to the structure to be cleared. Description This function clears the contents of a structure. It frees both the RDN Slapi_RDN value and the array of split RDNs. Those pointers are then set to NULL See Also slapi_rdn_free()
Functions for Managing RDN slapi_rdn_get_first() Gets the type/value pair corresponding to the first RDN stored in a Slapi_RDN structure. Syntax #include "slapi-plugin.h" int slapi_rdn_get_first(Slapi_RDN *rdn, char **type, char **value); Parameters This function takes the following parameters: The Slapi_RDN structure containing the RDN value(s). Repository that will hold the type of the first RDN.
Functions for Managing RDN Syntax #include "slapi-plugin.h" int slapi_rdn_get_index(Slapi_RDN *rdn, const char *type, const char *value,size_t length); Parameters This function takes the following parameters: The Slapi_RDN structure containing the RDN value(s). Type (cn, o, ou, etc.) of the RDN that is searched. type Value of the RDN searched.
Functions for Managing RDN Syntax #include "slapi-plugin.h" int slapi_rdn_get_index_attr(Slapi_RDN *rdn, const char *type, char **value); Parameters This function takes the following parameters: The Slapi_RDN structure containing the RDN value(s). Type (cn, o, ou, etc.) of the RDN searched. type Repository that will hold the value of the first RDN whose type value matches the content of the parameter type.
Functions for Managing RDN Parameters This function takes the following parameters: The Slapi_RDN structure containing the RDN value(s). Indicates the position of the RDN the precedes the currently index desired RDN. Repository that will hold the type (cn, o, ou, etc.) of the next type (index+1) RDN.
Functions for Managing RDN The target Slapi_RDN structure. Returns This function returns the number of RDN type/value pairs present in See Also slapi_rdn_add() slapi_rdn_get_rdn() Gets the RDN from a structure. Slapi_RDN Syntax #include "slapi-plugin.h" const char *slapi_rdn_get_rdn(const Slapi_RDN *rdn); Parameters This function takes the following parameter: The Slapi_RDN structure holding the RDN value.
Functions for Managing RDN The Slapi_RDN structure holding the RDN value. Returns This function returns the new RDN value. slapi_rdn_init() Initializes a structure with values. Slapi_RDN NULL Syntax #include "slapi-plugin.h" void slapi_rdn_init(Slapi_RDN *rdn); Parameters This function takes the following parameters: The Slapi_RDN structure to be initialized.
Functions for Managing RDN Parameters This function takes the following parameters: The Slapi_RDN structure to be initialized. The DN value whose RDN will be used to initialize the new Slapi_RDN structure. Description This function initializes a given structure with the RDN value taken Slapi_RDN from the DN passed in the parameter.
Functions for Managing RDN slapi_rdn_init_sdn() Initializes a structure with an RDN value taken from the DN Slapi_RDN contained in a given structure. Slapi_RDN Syntax #include "slapi-plugin.h" void slapi_rdn_init_sdn(Slapi_RDN *rdn,const Slapi_DN *sdn); Parameters This function takes the following parameters: The Slapi_RDN structure to be initialized. The Slapi_DN structure containing the DN value whose RDN will be used to initialize the new Slapi_RDN structure.
Functions for Managing RDN Returns This function returns one of the following values: • if there is no RDN value present. • contains a value. See Also slapi_rdn_init() slapi_rdn_done() slapi_rdn_free() slapi_rdn_new() Allocates a new structure and initializes the values to Slapi_RDN NULL Syntax...
Functions for Managing RDN Syntax #include "slapi-plugin.h" Slapi_RDN *slapi_rdn_new_dn(const char *dn); Parameters This function takes the following parameter: The DN value whose RDN will be used to initialize the new Slapi_RDN structure. Returns This function returns a pointer to the new structure initialized with Slapi_RDN the RDN taken from the DN value in...
Functions for Managing RDN Returns This function returns a pointer to the new structure with an RDN set to Slapi_RDN the content of fromrdn Description This function creates a new structure and initializes its RDN with the Slapi_RDN value of fromrdn Memory Concerns The memory is allocated by the function itself.
Functions for Managing RDN Memory Concerns The memory is allocated by the function itself. See Also slapi_rdn_new_dn() slapi_rdn_new_rdn() slapi_rdn_remove() Removes an RDN type/value pair from a structure. Slapi_RDN Syntax #include "slapi-plugin.h" int slapi_rdn_remove(Slapi_RDN *rdn, const char *type, const char *value, size_t length); Parameters This function takes the following parameters: The target Slapi_RDN structure.
Functions for Managing RDN slapi_rdn_remove_attr() Removes an RDN type/value pair from a structure. Slapi_RDN Syntax #include "slapi-plugin.h" int slapi_rdn_remove_attr(Slapi_RDN *rdn, const char *type); Parameters This function takes the following parameters: The target Slapi_RDN structure. Type (cn, o, ou, etc.) of the RDN searched. type Returns This function returns one of the following values:...
Functions for Managing RDN The target Slapi_RDN structure. The index of the RDN type/value pair to remove. atindex Returns This function returns one of the following values: • if the RDN is removed from • if no RDN is removed because either is empty or the index goes beyond the number of RDNs present.
Functions for Managing RDN Description This function sets an RDN value in a structure. The structure is freed Slapi_RDN from memory and freed of any previous content before setting the new RDN. The new RDN is taken from the DN value present in the parameter.
Functions for Managing Roles Parameters This function takes the following parameters: The target Slapi_RDN structure. The Slapi_RDN structure containing the DN value whose RDN will be set in rdn. Description This function sets an RDN value in a structure. The structure is freed Slapi_RDN from memory and freed of any previous content before setting the new RDN.
Functions for Managing DNs Syntax #include "slapi-plugin.h" int slapi_role_check(Slapi_Entry *entry_to_check, Slapi_DN *role_dn,int *present); Parameters This function takes the following parameters: The entry in which the presence of a role is to be checked. entry_to_check The DN of the role for which to check. role_dn Pointer to an integer where the result, present or not present, present...
Page 462
Functions for Managing DNs Table 15-25 DN Routines Function Description Builds the new DN of an entry. slapi_moddn_get_newdn() Adds the RDN contained in a Slapi_RDN structure to the DN contained slapi_sdn_add_rdn() in a Slapi_DN structure. Compares two DNs. slapi_sdn_compare() Copies a DN. slapi_sdn_copy() Clears a Slapi_DN structure.
Functions for Managing DNs Table 15-25 DN Routines (Continued) Function Description Sets a DN value in a Slapi_DN structure. slapi_sdn_set_dn_passin() Sets a a normalized DN in a Slapi_DN structure. slapi_sdn_set_ndn_byref() Sets a normalized DN in a Slapi_DN structure. slapi_sdn_set_ndn_byval() Sets a new parent in an entry. slapi_sdn_set_parent() Sets a new RDN for an entry.
Functions for Managing DNs slapi_sdn_add_rdn() Adds the RDN contained in a structure to the DN contained in a Slapi_RDN structure. Slapi_DN Syntax #include "slapi-plugin.h" Slapi_DN *slapi_sdn_add_rdn(Slapi_DN *sdn, const Slapi_RDN *rdn); Parameters This function takes the following parameters: Slapi_DN structure containing the value to which a new RDN is to be added.
Functions for Managing DNs Returns This function returns one of the following values: • is equal to sdn1 sdn2 • sdn1 NULL • is not sdn2 NULL sdn1 NULL Description This function compares two DNs, . The comparison is case sensitive. sdn1 sdn2 slapi_sdn_copy()
Functions for Managing DNs Syntax #include "slapi-plugin.h" void slapi_sdn_done(Slapi_DN *sdn); Parameters This function takes the following parameter: Pointer to the structure to clear. Description This function clears the contents of a structure. It frees both the DN and Slapi_DN the normalized DN, if any, and sets those pointers to NULL See Also slapi_sdn_free()
Functions for Managing DNs slapi_sdn_free() Frees a structure. Slapi_DN Syntax #include "slapi-plugin.h" void slapi_sdn_free(Slapi_DN **sdn); Parameters This function takes the following parameter: Pointer tot he pointer of the Slapi_DN structure to be freed. Description This function frees the structure and its contents pointed to by the Slapi_DN contents of See Also...
Functions for Managing DNs Returns This function gets the parent DN of an entry within a given backend. The parent DN is returned is , unless is empty or is a suffix of the backend sdn_parent itself. In this case, is empty.
Functions for Managing DNs slapi_sdn_get_ndn() Gets the normalized DN of a structure. Slapi_DN Syntax #include "slapi-plugin.h" const char * slapi_sdn_get_ndn(const Slapi_DN *sdn); Parameters This function takes the following parameter: The Slapi_DN structure containing the DN value. Returns This function returns the normalized DN value. Description This function retrieves the normalized DN (in a canonical format and lower case) from a...
Functions for Managing DNs Returns This function returns the length of the normalized DN. Description This function contains the length of the normalized DN and normalizes if it has not already been normalized. slapi_sdn_get_parent() Gets the parent DN of a given structure.
Functions for Managing DNs Parameters This function takes the following parameters: Pointer to the Slapi_DN structure containing the DN. Pointer to the Slapi_RDN structure where the RDN is returned. Description This function takes the DN stored in the structure pointed to by Slapi_DN retrieves its returned RDN within the structure pointed to by...
Functions for Managing DNs • if there is no RDN value (normalized or not) present in the Slapi_DN structure. • is a component of the structure. Slapi_DN Description This function checks whether a structure contains an RDN value that is Slapi_DN a component of the DN structure.
Functions for Managing DNs slapi_sdn_isgrandparent() Checks whether a DN is the parent of the parent of a given DN. Syntax #include "slapi-plugin.h" int slapi_sdn_isgrandparent( const Slapi_DN *parent, const Slapi_DN *child ); Parameters This function takes the following parameters: Pointer to the Slapi_DN structure containing the DN which parent claims to be the grandparent DN of the DN in child.
Functions for Managing DNs Parameters This function takes the following parameters: Pointer to the Slapi_DN structure containing the DN which parent claims to be the parent of the DN in child. Pointer to the Slapi_DN structure containing the DN of the child supposed child of the DN in the structure pointed to by parent.
Functions for Managing DNs Returns This function returns one of the following values: • if the DN is is the suffix of suffixsdn • if the DN in is not a suffix of suffixsdn See Also slapi_sdn_isparent() slapi_sdn_new() Allocates a new structure and initializes it to Slapi_DN NULL...
Functions for Managing DNs Parameters This function takes the following parameter: The DN value to be set in the new Slapi_DN structure. Returns This function returns a pointer to the new structure with a DN value set Slapi_DN to the content of Description This function creates a new structure and initializes its DN with the...
Functions for Managing DNs Returns This function returns a pointer to the new structure with a DN value set Slapi_DN to the content of Description This function creates a new structure and initializes its DN with the Slapi_DN value of .
Functions for Managing DNs Memory Concerns The memory is allocated by the function itself. See Also slapi_sdn_new_dn_byval() slapi_sdn_new_ndn_byref() slapi_sdn_new_ndn_byref() Creates a new structure and sets a normalized DN value. Slapi_DN Syntax #include "slapi-plugin.h" Slapi_DN *slapi_sdn_new_ndn_byref(const char *ndn); Parameters This function takes the following parameter: The normalized DN value to be set in the new Slapi_DN structure.
Functions for Managing DNs slapi_sdn_new_ndn_byval() Creates a new structure and sets a normalized DN value. Slapi_DN Syntax #include "slapi-plugin.h" Slapi_DN *slapi_sdn_new_ndn_byval(const char *ndn); Parameters This function takes the following parameter: The normalized DN value to be set in the new Slapi_DN structure.
Functions for Managing DNs Parameters This function takes the following parameters: The DN of the entry subject of scope test. The base DN against which dn is going to be tested. base The scope tested. This parameter can take one of the following scope levels: •...
Functions for Managing DNs Parameters This function takes the following parameters: The target Slapi_DN structure. The DN value to be set in sdn. Returns This function returns a pointer to the structure containing the new DN Slapi_DN value. Description This function sets a DN value in a structure.
Functions for Managing DNs Returns This function returns a pointer to the structure containing the new DN Slapi_DN value. Description This function sets a DN value in a structure. The DN of the new Slapi_DN structure will point to a copy of the string pointed to by ;...
Functions for Managing DNs slapi_sdn_set_dn_byref() slapi_sdn_set_ndn_byref() Sets a normalized DN in a structure. Slapi_DN Syntax #include "slapi-plugin.h" Slapi_DN *slapi_sdn_set_ndn_byref(Slapi_DN *sdn, const char *ndn); Parameters This function takes the following parameters: The target Slapi_DN structure. Normalized DN value to be set in sdn. Returns This function returns a pointer to the structure containing the new...
Functions for Managing DNs Parameters This function takes the following parameters: The target Slapi_DN structure. The normalized DN value to be set in sdn. Returns This function returns a pointer to the structure containing the new Slapi_DN normalized DN value. Description This function sets a normalized DN value in a structure.
Functions for Managing DNs Returns The function returns a pointer to the structure that contains the DN of Slapi_DN the entry after the new parent DN has been set. Description This function sets a new parent for an entry. This is done by keeping the RDN of the original DN of the entry and by adding the DN of its new parent (the value of ) to it.
Functions for Sending Entries and Results to the Client Functions for Sending Entries and Results to the Client This section contains reference information on routines for sending entries and results to the client. Table 15-26 Routines for Sending Entries and Results to Clients Function Description Processes an entry’s LDAP v3 referrals.
Page 487
Functions for Sending Entries and Results to the Client Returns This function returns one of the following values: • if successful. • if an error occurs. Description When you call this function, the server processes the LDAP referrals specified in argument.
Functions for Sending Entries and Results to the Client slapi_send_ldap_result() Sends an LDAP result code back to the client. Syntax #include "slapi-plugin.h" void slapi_send_ldap_result( Slapi_PBlock *pb, int err, char *matched, char *text, int nentries, struct berval **urls ); Parameters This function takes the following parameters: Parameter block.
Functions for Sending Entries and Results to the Client and the database contains entries for but no entry c=US o=Example,c=US , you should set the ou=Product Division,o=Example,c=US matched parameter to o=Example, c=US • urls When sending an result code back to an LDAPv2 LDAP_PARTIAL_RESULTS client or an result code back to an LDAPv3 client, use...
Page 490
Functions for Sending Entries and Results to the Client Parameters This function takes the following parameters: Parameter block. Pointer to the Slapi_Entry structure representing the entry that you want to send back to the client. Pointer to the array of LDAPControl structures representing ectrls the controls associated with the search request.
Functions Related to UTF-8 This value is equivalent to the parameter in the SLAPI_SEARCH_ATTRSONLY parameter block. If you want to define your own function for sending entries, write a function that complies with the type definition , and set send_ldap_search_entry_fn_ptr_t parameter in the parameter block to the name of SLAPI_PLUGIN_DB_ENTRY_FN your function.
Functions Related to UTF-8 Table 15-27 UTF-8 Related Routines (Continued) Function Description Converts a lower-case UTF-8 character to an upper-case character. slapi_utf8ToUpper() Converts a lower-case UTF-8 character to an upper-case character. slapi_UTF8TOUPPER() slapi_has8thBit() Checks if a string has an 8-bit character. Syntax #include "slapi-plugin.h"...
Functions Related to UTF-8 A null-terminated UTF-8 string. Returns This function returns one of the following values: • A positive number if is after • if the two string are identical, ignoring case. • A negative number if is after Description The function takes two UTF-8 strings ( ) of unsigned char to be compared.
Page 494
Functions Related to UTF-8 Syntax #include "slapi-plugin.h" int slapi_UTF8CASECMP(char *s0, char *s1); Parameters This function takes the following parameters: A null-terminated UTF-8 string. A null-terminated UTF-8 string. Returns This function returns one of the following values: • A positive number if is after •...
Functions Related to UTF-8 • If one string is shorter then the other, the difference is returned. slapi_utf8ncasecmp() Makes case-insensitive string comparison of first n characters of two UTF-8 strings. Syntax #include "slapi-plugin.h" int slapi_utf8ncasecmp(unsigned char *s0, unsigned char *s1, int n); Parameters This function takes the following parameters: A null-terminated UTF-8 string.
Page 496
Functions Related to UTF-8 Syntax #include "slapi-plugin.h" int slapi_UTF8NCASECMP(char *s0, char *s1, int n); Parameters This function takes the following parameters: A null-terminated UTF-8 string. A null-terminated UTF-8 string. The number of UTF-8 characters (not bytes) from s0 and s1 to compare.
Functions Related to UTF-8 • If there is a difference between two bytes, the difference is returned. • If one string is shorter then the other, the difference is returned. slapi_utf8isLower() Verifies if a UTF-8 character is a lower-case letter. Syntax #include "slapi-plugin.h"...
Functions Related to UTF-8 • if the character is a lowercase letter. • if the character is not a lowercase letter. slapi_utf8isUpper() Verifies if a UTF-8 character is an upper-case letter. Syntax #include "slapi-plugin.h" int slapi_utf8isUpper(unsigned char *s); Parameters This function takes the following parameter: A single UTF-8 character (could be multiple bytes) Returns This function returns one of the following values:...
Functions Related to UTF-8 Returns This function returns one of the following values: • if the character is an upper case letter. • if the character is not an uppercase letter. slapi_utf8StrToLower() Converts upper case characters in a UTF-8 string to lower-case characters. Syntax #include "slapi-plugin.h"...
Functions Related to UTF-8 slapi_UTF8STRTOLOWER() Converts upper-case characters in a UTF-8 string to lower-case characters. Syntax #include "slapi-plugin.h" unsigned char *slapi_UTF8STRTOLOWER(char *s);; Parameters This function takes the following parameter: A null-terminated UTF-8 string to be converted to lower case. Returns This function returns one of the following values: •...
Functions Related to UTF-8 A null-terminated UTF-8 string. Returns This function returns one of the following values: • A null-terminated UTF-8 string whose characters are converted to upper case; characters that are not lower case are copied as-is. • if the string is not considered to be a UTF-8 string. Null Description This function converts a string of multiple UTF-8 characters, not a single character...
Functions Related to UTF-8 Memory Concerns The output string is allocated in this function and needs to be released when it is no longer used. slapi_utf8ToLower() Converts an upper-case UTF-8 character to a lower-case character. Syntax #include "slapi-plugin.h" void slapi_utf8ToLower(unsigned char *s, unsigned char *d, int *ssz, int *dsz);...
Functions Related to UTF-8 A single UTF-8 character (could be multiple bytes). Pointer to the lower case form of s. The memory for this must be allocated by the caller before calling the function. Returns the length in bytes of the input character. Returns the length in bytes of the output character.
Functions for Handling Values Parameters This function takes the following parameters: Pointer to a single UTF-8 character (could be multiple bytes). Pointer to the upper case version of s. The memory for this must be allocated by the caller before calling the function. Returns the length in bytes of the input character.
Functions for Handling Values Table 15-28 Value Routines (Continued) Function Description Allocates a new Slapi_Value structure from a string. slapi_value_new_string() Allocates a new Slapi_Value structure and initializes it from a slapi_value_new_string_passin() string. Allocates a new Slapi_Value from another Slapi_Value structure. slapi_value_new_value() Sets the value.
Functions for Handling Values Returns This function returns one of the following values: • if the two values are equal. • is smaller than • is greater than Description This function compares two using the matching rule associated to Slapi_Values the attribute This function replaces the deprecated function used in...
Functions for Handling Values slapi_value_free() Frees the specified structure and its members from memory. Slapi_Value Syntax #include "slapi-plugin.h" slapi_value_free(Slapi_Value **value); Parameters This function takes the following parameter: Address of the pointer to the Slapi_Value you wish to free. value Description This function frees the structure and its members (if it is not Slapi_Value...
Functions for Handling Values Memory Concerns You should not free the structure unless you plan to replace it by calling berval slapi_value_set_berval() See Also slapi_value_set_berval() slapi_value_get_int() Converts the value to an integer. Syntax #include "slapi-plugin.h" int slapi_value_get_int(const Slapi_Value *value); Parameters This function takes the following parameter: Pointer to the Slapi_Value that you want to get as an integer.
Functions for Handling Values Syntax #include "slapi-plugin.h" size_t slapi_value_get_length(const Slapi_Value *value); Parameters This function takes the following parameter: Pointer to the Slapi_Value of which you wish to get the value length. Returns This function returns one of the following values: •...
Functions for Handling Values • A long integer which corresponds to the value stored in the Slapi_Value structure. • if there is no value. Description This function converts the value contained in the structure into a Slapi_Value long integer. See Also slapi_value_get_int() slapi_value_get_ulong() slapi_value_get_uint()
Functions for Handling Values See Also slapi_value_set_string() slapi_value_get_uint() Converts the value to an unsigned integer. Syntax #include "slapi-plugin.h" unsigned int slapi_value_get_uint(const Slapi_Value *value); Parameters This function takes the following parameter: Pointer to the value that you wish to get as an unsigned integer. value Returns This function returns one of the following values:...
Functions for Handling Values Parameters This function takes the following parameter: Pointer to the value that you wish to get as an unsigned integer. value Returns This function returns one of the following values: • An unsigned long integer which corresponds to the value stored in the structure.
Functions for Handling Values Returns This function returns a pointer to the initialized structure (itself). Slapi_Value Description This function initializes the structure, resetting all of its fields to zero. Slapi_Value The value passed as the parameter must be a valid Slapi_Value slapi_value_init_berval() Initializes a...
Functions for Handling Values Pointer to the value to be initialized. The pointer must not be NULL. Null-terminated string used to initialize the value. Returns This function returns a pointer to the initialized structure (itself). Slapi_Value Description This function initializes the structure with the value contained in Slapi_Value the string.
Functions for Handling Values See Also slapi_value_free() slapi_value_new_string_passin() slapi_value_set_string_passin() slapi_value_new() Allocates a new structure. Slapi_Value Syntax #include "slapi-plugin.h" slapi_value_new(); Parameters This function does not take any parameters. Returns This function returns a pointer to the newly allocated structure. If Slapi_Value space cannot be allocated (for example, if no more virtual memory exists), the program terminates.
Functions for Handling Values Syntax #include "slapi-plugin.h" slapi_value_new_berval(const struct berval *bval); Parameters This function takes the following parameter: Pointer to the berval structure used to initialize the newly bval allocated Slapi_Value. Returns This function returns a pointer to the newly allocated .
Functions for Handling Values Null-terminated string used to initialize the newly allocated Slapi_Value. Returns This function returns a pointer to the newly allocated . If space cannot Slapi_Value be allocated (for example, if no more virtual memory exists), the program slapd will terminate.
Functions for Handling Values Returns This function returns a pointer to a newly allocated structure. If Slapi_Value space cannot be allocated (for example, if no virtual memory exists), the slapd program terminates. Description This function returns a structure containing the string passed as the Slapi_Value parameter.
Functions for Handling Values Description This function returns a structure containing a value duplicated from Slapi_Value structure passed as the parameter. This function is identical to Slapi_Value slapi_value_dup() Memory Concerns When you are no longer using the value, you should free it from memory by calling the function.
Functions for Handling Values When you are no longer using the structure, you should free it from Slapi_Value memory by calling slapi_value_free() See Also slapi_value_free() slapi_value_set_berval() Copies the value from a structure into a structure. berval Slapi_Value Syntax #include "slapi-plugin.h" slapi_value_set_berval( Slapi_Value *value, const struct berval *bval );...
Functions for Handling Values See Also slapi_value_free() slapi_value_set_int() Sets the integer value of a structure. Slapi_Value Syntax #include "slapi-plugin.h" slapi_value_set_int(Slapi_Value *value, int intVal); Parameters This function takes the following parameters: Pointer to the Slapi_Value structure in which to set the value integer value.
Functions for Handling Values slapi_value_set_string() Copies a string in the value of a structure. Slapi_Value Syntax #include "slapi-plugin.h" slapi_value_set_string(Slapi_Value *value, const char *strVal); Parameters This function takes the following parameters: Pointer to the Slapi_Value structure in which to set the value. value The string containing the value to set.
Functions for Handling Values Syntax #include "slapi-plugin.h" int slapi_value_set_string_passin ( Slapi_Value *value, char *strVal); Parameters This function takes the following parameters: Pointer to the Slapi_Value structure into which the value will value be set. The string containing the value to set. strVal Returns This function returns one of the following values:...
Functions for Handling Valueset Pointer to the Slapi_Value in which to set the value. value Pointer to the Slapi_Value from which to get the value. vfrom Returns This function returns one of the following values: • The pointer to the structure passed as the parameter.
Functions for Handling Valueset Table 15-29 Valueset Routines (Continued) Function Description Finds the value in a valueset using the syntax of an attribute. slapi_valueset_find() Gets the first value of a Slapi_ValueSet structure. slapi_valueset_first_value() Frees the specified Slapi_ValueSet structure and its members from slapi_valueset_free() memory.
Functions for Handling Valueset Memory Concerns The value is duplicated from the structure, which can be freed from Slapi_Value memory after using it without altering the structure. Slapi_ValueSet This function does not verify if the value is already present in the structure.
Functions for Handling Valueset See Also slapi_valueset_add_value() slapi_valueset_first_value() slapi_valueset_next_value() slapi_valueset_count() Returns the number of values contained in a structure. Slapi_ValueSet Syntax #include "slapi-plugin.h" int slapi_valueset_count( const Slapi_ValueSet *vs); Parameters This function takes the following parameter: Pointer to the Slap_ValueSet structure of which you wish to get the count.
Functions for Handling Valueset Memory Concerns Use this function when you are no longer using the values but you want to re-use structure for a new set of values. Slapi_ValueSet slapi_valueset_find() Finds the value in a valueset using the syntax of an attribute. Syntax #include "slapi-plugin.h"...
Functions for Handling Valueset Syntax #include "slapi-plugin.h" int slapi_valueset_first_value( Slapi_ValueSet *vs, Slapi_Value **v ); Parameters This function takes the following parameters: Pointer to the Slapi_ValueSet structure from which you wish to get the value. Address of the pointer to the Slapi_Value structure for the returned value.
Functions for Handling Valueset Parameters This function takes the following parameter: Pointer to the Slapi_ValueSet to free. Description This function frees the structure and its members if it is not Slapi_ValueSet . Call this function when you are done working with the structure. NULL See Also slapi_valueset_done()
Functions for Handling Valueset slapi_valueset_new() Allocates a new structure. Slapi_ValueSet Syntax #include "slapi-plugin.h" Slapi_ValueSet *slapi_valueset_new( void ); Parameters This function takes no parameters. Returns This function returns a a pointer to the newly allocated structure. Slapi_ValueSet If no space could be allocated (for example, if no more virtual memory exists), the program terminates.
Functions for Handling Valueset Value returned by the previous call to index slapi_valueset_next_value or slapi_value_first_value(). Address to the pointer to the Slapi_Value structure for the returned value. Returns This function returns one of the following values: • The index of the value in the Slapi_ValueSet •...
Functions for Handling Valueset Pointer to the Slapi_ValueSet structure into which you wish to copy the values. Pointer to the Slapi_Mod structure from which you wish to smod copy the values. Description This function copies all of the values contained in a structure into a Slapi_Mod structure.
Functions Specific to Virtual Attribute Service Description This function initializes a structure by copying the values Slapi_ValueSet contained in another structure. Slapi_ValueSet Memory Concerns The function does not verify that the structure contains values, Slapi_ValueSet so it is your responsibility to verify that there are no values prior to calling this function.
Functions Specific to Virtual Attribute Service You can call and take the values slapi_vattr_values_type_thang_get() present in the list rather than calling vattr_type_thang to retrieve the value. slapi_vattr_values_get() Syntax #include "slapi-plugin.h" int slapi_vattr_list_attrs Slapi_Entry *e, vattr_type_thang **types, int flags, int *buffer_flags); Parameters This function takes the following parameters: The entry of interest.
Functions Specific to Virtual Attribute Service Syntax #include "slapi-plugin.h" void slapi_vattr_attrs_free(vattr_type_thang **types, int flags); Parameters This function takes the following parameters: Pointer to the list of attributes to be freed. types Bit mask of options. Valid value is as follows: flags SLAPI_VIRTUALATTRS_RETURNED_POINTERS Description...
Functions Specific to Virtual Attribute Service Returns Return if success, if error. slapi_vattr_value_compare() Compares attribute type and name in a given entry. Syntax #include "slapi-plugin.h" int slapi_vattr_value_compare( Slapi_Entry *e, char *type, Slapi_Value *test_this, int *result, int flags); Parameters This function takes the following parameters: Entry to be compared.
Functions Specific to Virtual Attribute Service Syntax #include "slapi-plugin.h" void slapi_vattr_values_free ( Slapi_ValueSet **value, char **actual_type_name, int flags); Parameters This function takes the following parameters: Valueset to be freed. value List of type names. actual_type_name The buffer flags returned from flags slapi_vattr_values_get_ex().
Functions Specific to Virtual Attribute Service Attribute type name. type Pointer to the result set: 0 if the compare is true, 1 if the compare results is false. Matching result. Valid value is as follows: type_name_disposition SLAPI_VIRTUALATTRS_TYPE_NAME_MATCHED_EXACTLY_OR _ALIAS Type name as found. actual_type_name Not used.
Page 540
Functions Specific to Virtual Attribute Service Entry from which to get the values. Attribute type name. type Pointer to result set. results Matching result. type_name_disposition Type name as found. actual_type_name Bit mask of options. Valid values are as follows: flags SLAPI_REALATTRS_ONLY SLAPI_VIRTURALATTRS_ONLY SLAPI_VIRTUALATTRS_REQUEST_POINTERS...
Functions Specific to Virtual Attribute Service Description This function returns the values for an attribute type from an entry, including the values for any subtypes of the specified attribute type. The routine will return the values of virtual attributes in that entry if requested to do so. Memory Concerns should be used to free the retrurned result set and slapi_vattr_values_free()
Functions for Managing Locks and Synchronization Bit mask of options. Valid value is as follows: buffer_flags SLAPI_VIRTUALATTRS_RETURNED_POINTERS Description function is faster for getting the slapi_vattr_values_type_thang_get() values of an attribute when a list is returned from a vattr_type_thang call. However, when the list for that call returns slapi_vattr_list_types() , the computation becomes similar to .
Functions for Managing Locks and Synchronization slapi_destroy_condvar() Frees a structure from memory. Slapi_CondVar Syntax #include "slapi-plugin.h" void slapi_destroy_condvar( Slapi_CondVar *cvar ); Parameters This function takes the following parameters: Pointer to the Slapi_CondVar structure that you want to free from memory. cvar Description This function frees a...
Functions for Managing Locks and Synchronization slapi_lock_mutex() Locks the specified mutex. Syntax #include "slapi-plugin.h" void slapi_lock_mutex( Slapi_Mutex *mutex ); Parameters This function takes the following parameters: Pointer to a Slapi_Mutex structure representing the mutex mutex that you want to lock. Description This function locks the mutex specified by the structure.
Functions for Managing Locks and Synchronization • A pointer to the new structure. Slapi_CondVar • if memory cannot be allocated. NULL Description This function creates a new condition variable and returns a pointer to the structure. You can create the structure by calling the Slapi_CondVar Slapi_Mutex...
Functions for Managing Locks and Synchronization Syntax #include "slapi-plugin.h" int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all ); Parameters This function takes the following parameters: Pointer to an Slapi_CondVar structure representing the condition cvar variable. If 1, notifies all threads that are waiting on the condition variable. notify_all Returns This function returns one of the following values:...
Functions for Managing Locks and Synchronization Returns This function returns one of the following values: • A non-zero value if the mutex was successfully unlocked. • if the mutex was or was not locked by the calling thread. NULL Description This function unlocks the mutex specified by the structure.
Functions for Managing Computed Attributes Functions for Managing Computed Attributes This section contains reference information on computed-attribute routines. Table 15-32 Routines for Computed Attributes Function Description Registers a function as an evaluator that the server will call to slapi_compute_add_evaluator() generate a computed attribute. Registers callbacks for filter and search rewriting.
Functions for Managing Computed Attributes Before the server sends an entry as a search result back to the client, the server determines if any of the requested attributes are computed attributes and generates the values for those attributes. To do this, the server calls each registered evaluator function for each individually requested attribute.
Functions for Manipulating Bits compute_rewrite_search_filter() Calls evaluator functions to see if there is a match with a search filter. Syntax #include "slapi-plugin.h" int compute_rewrite_search_filter (Slapi_PBlock *pb); Parameters This function takes the following parameter: Parameter block that matches the rewrite search filter. Returns This function returns one of the following values: •...
Functions for Manipulating Bits Table 15-33 Bit Manipulator Routines Function Description Checks whether a particular bit is set in an integer. slapi_isbitset_int() Checks whether a particular bit is set in a character. slapi_isbitset_uchar() Sets the specified bit in an integer. slapi_setbit_int() Sets the specified bit in a character.
Functions for Manipulating Bits slapi_isbitset_uchar() Checks whether a particular bit is set in the specified character. Syntax #include "slapi-plugin.h" int slapi_isbitset_uchar(unsigned char f,unsigned char bitnum); Parameters This function takes the following parameters: The unsigned character, a bit of which is to be checked. The bit number in the unsigned character that needs to be bitnum checked.
Functions for Manipulating Bits Returns This function returns the integer with the specified bit set. See Also slapi_isbitset_int() slapi_unsetbit_int() slapi_setbit_uchar() Sets the specified bit in a character. Syntax #include "slapi-plugin.h" unsigned char slapi_setbit_uchar(unsigned char f, unsigned char bitnum); Parameters This function takes the following parameters: The character in which a bit is to be set.
Functions for Manipulating Bits Parameters This function takes the following parameters: The integer in which a bit is to be unset. The bit number that needs to be unset in the integer. bitnum Returns This function returns the integer with the specified bit unset. See Also slapi_isbitset_int() slapi_setbit_int()
Functions for Registering Object Extensions Functions for Registering Object Extensions This section contains reference information on routines for registering object extensions. This set of functions provides a means for extending core server objects; this functionality is provided so that you can efficiently pass state information between plug-in calls.
Functions for Registering Object Extensions Description A plug-in retrieves a pointer to its own extension by calling with the object from which the extension is to be slapi_get_object_extension retrieved. The factory uses to find the offset into the object where the objecttype extension block is stored.
Functions for Registering Object Extensions The function which is called when an instance of an object is destructor destroyed. This function must release any resources acquired by the constructor function. Handle to find the offset into the object where the extension objecttype block is stored.
Functions Related to Data Interoperability A pointer to the core server object that needs to be changed. object Address for finding the extension within the block. extensionhandle Pointer to the extension block. extension Description This function enables a plug-in to change its extensions. See Also slapi_register_object_extension() slapi_get_object_extension()
Page 559
Functions Related to Data Interoperability Syntax #include "slapi-plugin.h" int slapi_op_reserved(Slapi_PBlock *pb); Parameter This function takes the following parameter: Parameter block. Returns This function returns if the operation is not reserved and a non-zero value if the operation is reserved. Description This function allows you to implement a custom DIOP plug-in that does not affect the default behavior of the server.
Functions Related to Data Interoperability Syntax #include "slapi-plugin.h" void slapi_operation_set_flag( Slapi_Operation *op, unsigned long flag) Parameter This function takes the following parameters: Operation data structure. Flag to be set. By default, only one flag is supported, the flag SLAPI_OP_FLAG_NO_ACCESS_CHECK flag, which specifies that access control should not be checked.
Functions Related to Data Interoperability Flag to be cleared. By default, only one flag is supported, the flag SLAPI_OP_FLAG_NO_ACCESS_CHECK flag, which specifies that access control should not be checked. See Also slapi_operation_set_flag() slapi_is_flag_set() slapi_is_flag_set() Determines whether the specified flag is set in the operation. Syntax #include "slapi-plugin.h"...
Functions for Registering Additional Plug-ins See Also slapi_operation_set_flag() slapi_operation_clear_flag() Functions for Registering Additional Plug-ins This section contains reference information on interfaces that allow a plug-in to register additional plug-ins. Table 15-36 Routines for Registering Additional Plug-ins Function Description Allows a plug-in to register a plug-in. slapi_register_plugin() slapi_register_plugin() Allows plug-in to register a plug-in.
Page 563
Functions for Registering Additional Plug-ins Group identity of the plug-ins. group_identity Description This function allows a plug-in to register a plugin. This was added so that an object plug-in can register all the plug-in interfaces that it supports, including legacy plug-ins.
Page 564
Functions for Registering Additional Plug-ins Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Chapter 16 Parameter Block Reference This chapter describes the parameters available in the parameter Slapi_PBlock block, the type of data associated with each parameter, and the plug-in functions in which those parameters are accessible. To get the values of these parameters, call the function.
Parameters for Registering Plug-in Functions • Parameters for Error Logging (page 599) • Parameters for Filters (page 600) • Parameters for Password Storage (page 602) • Parameters for Resource Limits (page 603) • Parameters for the Virtual Attribute Service (page 603) Parameters for Registering Plug-in Functions The parameters listed in this section identify plug-in functions recognized by the server.
Page 567
Parameters for Registering Plug-in Functions To register your plug-in function, write an initialization function that sets the values of the following parameters to your functions. Parameter ID Description This function is called before an LDAP bind operation SLAPI_PLUGIN_PRE_BIND_FN is completed. This function is called before an LDAP unbind SLAPI_PLUGIN_PRE_UNBIND_FN operation is completed.
Parameters for Registering Plug-in Functions Parameter ID Description This function is called before an internal LDAP delete SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN operation is completed. This function is called before an internal LDAP modify SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN operation is completed. This function is called before an internal LDAP modify SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN RDN operation is completed.
Parameters for Registering Plug-in Functions Parameter ID Description This function is called after a set of search results is sent SLAPI_PLUGIN_POST_RESULT_FN back to the client. This function is called after the server starts up. You SLAPI_PLUGIN_START_FN can specify a start function for each post-operation plug-in.
Parameters Accessible to All Plug-ins Entry Plug-ins The parameters listed below are used for entry store and entry fetch plug-in functions. These plug-in functions are called by the server before writing an entry to disk and after reading an entry from disk. Entry store and entry fetch plug-in functions are passed using the string representation (in LDIF) of the entry.
Parameters Accessible to All Plug-ins • Information about Targets Information about the Database The parameters listed below specify information about the backend database. These parameters are available for all types of plug-ins. These specific parameters cannot be set by calling .
Page 572
Parameters Accessible to All Plug-ins Parameter ID Data Type Description Indicates the maximum number of nesting SLAPI_BE_MAXNESTLEVEL int * levels allowed within groups for access control evaluation. Contains a list of client IP addresses that are SLAPI_CLIENT_DNS struct berval registered in DNS. Used to determine the authorization type.
Parameters Accessible to All Plug-ins Information about the Connection The parameters listed below specify information about the connection. These parameters are available for all types of plug-ins. Parameter ID Data Type Description The client certificate associated with the SLAPI_CONN_CERT CERTCertificate * connection;...
Page 574
Parameters Accessible to All Plug-ins Parameter ID Data Type Description Method used to authenticate the current SLAPI_CONN_AUTHMETHOD char * user. If you call slapi_pblock_get() to get this value, you should call slapi_ch_free_string() to free the resulting value when done. This parameter can have one of the following values: •...
Parameters Accessible to All Plug-ins Parameter ID Data Type Description IP address to which the client is SLAPI_CONN_SERVERNETADDR* PRNetAddr connecting. You might want to use this parameter if, for example, your server accepts connections on multiple IP addresses. *These parameters use an NSPR structure. See for more information.
Parameters Accessible to All Plug-ins Parameter ID Data Type Description Specifies the DN to which the operation SLAPI_TARGET_DN char * applies; for example, the DN of the entry being added or removed. Array of the controls specified in the SLAPI_REQCONTROLS LDAPControl ** request.
Parameters Accessible to All Plug-ins Information about Access Control Lists The parameters listed below are used with the access control list (ACL) plug-in functions to determine access control levels. Parameter ID Data Type Description Flag sent to the ACL plug-in when it is called SLAPI_PLUGIN_ACL_ALLOW_ACCESS that indicates that ACL access is allowed.
Parameters Accessible to All Plug-ins Information about the Plug-in The parameters listed below specify information about the plug-in that is available to all plug-in functions defined in the current library. These parameters are available for all types of plug-ins. Parameter ID Data Type Description Pointer to the internal server representation of this...
Parameters Accessible to All Plug-ins Defined Constant Description Version 3 of the plug-in interface, which is SLAPI_PLUGIN_VERSION_03 supported by current releases of Directory Server but not by previous releases. Information about Command-Line Arguments The parameters listed below are used to determine the command-line arguments with which a plug-in was invoked.
Parameters Accessible to All Plug-ins Parameter ID Data Type Description The nsuniqueid (unique ID) attribute SLAPI_ATTR_UNIQUEID value. The nsParentUniqueID attribute value. SLAPI_ATTR_VALUE_PARENT_UNIQUEID The nsTombstone attribute value. SLAPI_ATTR_VALUE_TOMBSTONE Attribute Flags The parameters listed below are used by the function to slapi_attr_get_flags() get the flags associated with the specified attribute.
Parameters for the Bind Function Parameter ID Description Ignores the options on both names and compares SLAPI_TYPE_CMP_BASE the base names only. Compares the base name plus options, as specified. SLAPI_TYPE_CMP_EXACT Ignores the options on the second name that are not SLAPI_TYPE_CMP_SUBTYPE in the first name.
Parameters for the Search Function Parameter ID Data Type Description Simple Authentication and Security Layer SLAPI_BIND_RET_SASLCREDS struct berval * (SASL) credentials that you want to send back to the client. Set this before calling slapi_send_ldap_result(). Simple Authentication and Security Layer SLAPI_BIND_SASLMECHANISM char * (SASL) mechanism that is used (for...
Parameters for the Search Function Parameter ID Data Type Description The scope of the search. The scope can be one of the SLAPI_SEARCH_SCOPE following values: • LDAP_SCOPE_BASE • LDAP_SCOPE_ONELEVEL • LDAP_SCOPE_SUBTREE Method for handling aliases in a search. This SLAPI_SEARCH_DEREF method can be one of the following values: •...
Parameters for the Search Function Parameter ID Data Type Description Entry returned from iterating through SLAPI_SEARCH_RESULT_ENTRY void * the results set. Reserved for future use. SLAPI_SEARCH_RESULT_ENTRY_EXT void * Number of search results found. SLAPI_NENTRIES Array of the URLs to other LDAP SLAPI_SEARCH_REFERRALS struct berval ** servers to which the current server is...
Parameters that Convert Strings to Entries Parameter ID Data Type Description A textual error message passed from SLAPI_PB_RESULT_TEXT char * internal subsystems to a plug-in. Currently used by the slapi_entry_schema_check() function to provide extra explantory information when it returns a non-zero value, when the schema check fails.
Parameters for the Add Function Parameters for the Add Function The following table lists the parameters in the parameter block passed to the database add function. If you are writing a pre-operation, database, or post-operation add function, you can get these values by calling the function.
Parameters for the Compare Function Parameters for the Compare Function The following table lists the parameters in the parameter block passed to the database compare function. If you are writing a pre-operation, database, or post-operation compare function, you can get these values by calling the function.
Parameters for the Modify Function Parameters for the Modify Function The following table lists the parameters in the parameter block passed to the database modify function. If you are writing a pre-operation, database, or post-operation modify function, you can get these values by calling the function.
Parameters for the Abandon Function Parameter ID Data Type Description DN of the new parent of the entry, SLAPI_MODRDN_NEWSUPERIOR char * if the entry is being moved to a new location in the directory tree. Internal only; used by the SLAPI_MODRDN_EXISING_ENTRY Slapi_Entry * multi-master replication update...
Parameters for the Matching Rule Function See “Processing an LDAP Abandon Operation,” on page 99, for more information on these parameters. Parameters for the Matching Rule Function The following table lists the parameters in the parameter block passed to the database matching rule function.
Parameters for the Matching Rule Function Parameter ID Data Type Description Specifies the intended use of the SLAPI_PLUGIN_MR_USAGE unsigned int * indexer object. This parameter can have one of the following values: • SLAPI_PLUGIN_MR_USAGE_INDEX specifies that the indexer object should be used to index entries. •...
Parameters for LDBM Backend Pre- and Post-Operation Functions Parameter ID Description Less than or equal to (<=) operator. SLAPI_OP_LESS_OR_EQUAL Equal to (=) operator. SLAPI_OP_EQUAL Greater than or equal to (>=) operator. SLAPI_OP_GREATER_OR_EQUAL Greater than (>) operator. SLAPI_OP_GREATER Allows an operation to use a wildcard (*) in a search SLAPI_OP_SUBSTRING filter.
Parameters for the Database Parameter ID Description This function is called before a database modify SLAPI_PLUGIN_BE_PRE_MODRDN_FN RDN operation is completed. Post-Operation Plug-ins The parameters listed in this section are used with post-operation database plug-in functions. Parameter ID Description This function is called after a database add SLAPI_PLUGIN_BE_POST_ADD_FN operation is completed.
Parameters for the Database Parameter ID Data Type Description A pointer to the backend database that is SLAPI_BACKEND Slapi_Backend * handling the operation. A value that indicates whether the backend SLAPI_BE_LASTMOD int * database is tracking modifiersName and modifyTimeStamp; true if the value is not zero.
Parameters for LDAP Functions Parameter ID Data Type Description Flag that indicates this is a replicated SLAPI_IS_REPLICATED_OPERATION operation. Information about Backend State Change The following parameters can be used in the slapi_register_backend_state_change() functions to register and slapi_unregister_backend_state_change() unregister callbacks when a backend state changes. Parameter ID Data Type Description...
Parameters for LDAP Functions Parameter ID Data Type Description Array of entries found by an SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES Slapi_Entry ** internal LDAP search operation. See slapi_search_internal_ pb() for details. Array of referrals (in the form SLAPI_PLUGIN_INTOP_SEARCH_REFERRALS char ** of LDAP URLs) found by an internal LDAP search operation.
Parameters for LDAP Functions Parameter ID Data Type Description This control applies to the LDAP compare SLAPI_OPERATION_COMPARE LDAPControl * operation. This control applies to the LDAP delete SLAPI_OPERATION_DELETE LDAPControl * operation. This control applies to the LDAPv3 extended SLAPI_OPERATION_EXTENDED LDAPControl * operation.
Parameters for Error Logging Parameter ID Description A flag used to suppress the operational attributes. See SLAPI_DUMP_NOOPATTRS SLAPI_ATTR_FLAG_OPATTR. By default, lines will be wrapped as defined in the SLAPI_DUMP_NOWRAP LDIF specification. This flag disables line wrapping. This flag is only used internally by replication. This SLAPI_DUMP_STATEINFO flag allows access to the internal data used by multi-master replication.
Parameters for Filters Parameter ID Description This message is written to the error log if the log level SLAPI_LOG_FILTER setting “Search filter processing” is selected. This message is written to the error log if the log level SLAPI_LOG_CONFIG setting “Config file processing” is selected. This message is written to the error log if the log level SLAPI_LOG_ACL setting “Access control list processing”...
Parameters for Filters Parameters for Comparison Filters The parameters listed below are filters that are used to compare a value against an attribute. Parameter ID Description AND filter. For example: (&(ou=Accounting)(l=Sunnyvale)) LDAP_FILTER_AND Approximation filter. For example: (ou~=Sales) LDAP_FILTER_APPROX Equals filter. For example: (ou=Accounting) LDAP_FILTER_EQUALITY Extensible filter.
Parameters for Password Storage Parameters for Password Storage The following plug-in functions and parameters access password storage schemes to encode, decode, and compare passwords: • Password Storage Plug-ins • Parameters for Password Storage Password Storage Plug-ins The parameters listed below are used with functions that you can call to store passwords.
Parameters for Resource Limits Parameters for Resource Limits The following parameters are used to provide information about resource limits: • Parameter for Binder-Based Resource Limits • Status Codes for Resource Limits Parameter for Binder-Based Resource Limits The following parameter is a valid value for the slapi_reslimit_register() function.
Page 604
Parameters for the Virtual Attribute Service These identifiers are flags that can be passed to various functions in the flags parameter: slapi_vattr_values_XXX() Parameter Data Type Description Flag that indicates only real attributes SLAPI_REALATTRS_ONLY are used. Flag that indicates only virtual attributes SLAPI_VIRTUALATTRS_ONLY are used.
Page 605
Parameters for the Virtual Attribute Service Flag that indicates the attribute name SLAPI_VIRTUALATTRS_TYPE_NAME disposition value indicates a matching _MATCHED_EXACTLY_OR_ALIAS result. Flag that indicates the attribute name SLAPI_VIRTUALATTRS_TYPE_NAME matched the subtype. _MATCHED_SUBTYPE Chapter 16 Parameter Block Reference...
Page 606
Parameters for the Virtual Attribute Service Netscape Directory Server Plug-in Programmer’s Guide • October 2004...
Glossary access control instruction See ACI. ACI Also Access Control Instruction. An instruction that grants or denies permissions to entries in the directory. access control list See ACL. ACL Also Access Control List. The mechanism for controlling access to your directory.
Page 608
attribute Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value. attribute list A list of required and optional attributes for a given entry type or object class.
Page 609
browser Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. browsing index Also virtual view index. Speeds up the display of entries in the Directory Server Console.
Page 610
CIR See consumer-initiated replication. class definition Specifies the information needed to create an instance of a particular object and determines how the object works in relation to other objects in the directory. class of service See CoS. classic CoS A classic CoS identifies the template entry by both its DN and the value of one of the target entry’s attributes.
Page 611
DAP Directory Access Protocol. The ISO X.500 standard protocol that provides client access to the directory. data master The server that is the master source of a particular piece of data. database link An implementation of chaining. The database link behaves like a database but has no persistent storage.
Page 612
DNS alias A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as might point to a real machine called www.yourdomain.domain where the server currently exists.
Page 613
hostname A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, is the machine www.example.com in the subdomain domain. example HTML Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics, and form items and to display links to other pages.
Page 614
LDAP Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms. LDAPv3 Version 3 of the LDAP protocol, upon which Directory Server bases its schema format. LDAP client Software used to request and view LDAP entries from an LDAP Directory Server.
Page 615
master agent See SNMP master agent. matching rule Provides guidelines for how the server compares strings during a search operation. In an international search, the matching rule tells the server what collation order and operator to use. MD5 A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data that is unique with high probability and is mathematically extremely hard to produce;...
Page 616
network management application Network Management Station component that graphically displays information about SNMP managed devices (which device is up or down, which and how many error messages were received, etc.). network management station See NMS. NIS Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers.
Page 617
password policy A set of rules that governs how passwords are used in a given directory. permission In the context of access control, permission states whether access to the directory information is granted or denied and the level of access that is granted or denied.
Page 618
RDN Also Relative Distinguished Name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name. referential integrity Mechanism that ensures that relationships between related entries are maintained within the directory. referral (1) When a server receives a search or update request from an LDAP client that it cannot process, it usually sends back to the client a pointer to the LDAP sever that can process the request.
Page 619
root The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine. root suffix The parent of one or more sub suffixes. A directory tree can contain more than one root suffix. SASL Also Simple Authentication and Security Layer.
Page 620
SIE Server Instance Entry. The ID assigned to an instance of Directory Server during installation. Simple Authentication and Security Layer See SASL. Simple Network Management Protocol See SNMP. single-master replication The most basic replication scenario in which two servers each hold a copy of the same read-write replicas to consumer servers. In a single-master replication scenario, the supplier server maintains a change log.
Page 621
superuser The most privileged user available on Unix machines. The superuser has complete access privileges to all files on the machine. Also called root. supplier Server containing the master copy of directory trees or subtrees that are replicated to consumer servers. supplier server In the context of replication, a server that holds a replica that is copied to a different server is called a supplier for that replica.
Page 622
URL Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is . The port number is necessary only on selected protocol://machine:port/document servers, and it is often assigned by the server, freeing the user of having to place it in the URL.