util_ldap.h revision a3fb74cf46195cb5ef2305ca8fca1c577ea00a95
4714N/A/* Licensed to the Apache Software Foundation (ASF) under one or more 4714N/A * contributor license agreements. See the NOTICE file distributed with 4714N/A * this work for additional information regarding copyright ownership. 4714N/A * The ASF licenses this file to You under the Apache License, Version 2.0 5329N/A * (the "License"); you may not use this file except in compliance with 5158N/A * the License. You may obtain a copy of the License at * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * @brief Apache LDAP library /* The LDAP API is currently only present in APR 1.x */ /* this whole thing disappears if LDAP is not enabled */ /* Apache header files */ /* Create a set of LDAP_DECLARE macros with appropriate export * and import tags for the platform /* Values that the deref member can have */ /* Structure representing an LDAP connection */ const char *
host;
/* Name of the LDAP server (or space separated list) */ int port;
/* Port of the LDAP server */ const char *
binddn;
/* DN to bind to server (can be NULL) */ const char *
bindpw;
/* Password to bind to server (can be NULL) */ int bound;
/* Flag to indicate whether this connection is bound yet */ const char *
reason;
/* Reason for an error failure */ int keep;
/* Will this connection be kept when it's unlocked */ int ChaseReferrals;
/* [on|off] (default = AP_LDAP_CHASEREFERRALS_ON)*/ int ReferralHopLimit;
/* # of referral hops to follow (default = AP_LDAP_DEFAULT_HOPLIMIT) */ request_rec *r;
/* request_rec used to find this util_ldap_connection_t */ /* LDAP cache state information */ * Open a connection to an LDAP server * @param ldc A structure containing the expanded details of the server * to connect to. The handle to the LDAP connection is returned * @tip This function connects to the LDAP server and binds. It does not * connect if already connected (ldc->ldap != NULL). Does not bind * @return If successful LDAP_SUCCESS is returned. * @fn int util_ldap_connection_open(request_rec *r, * util_ldap_connection_t *ldc) * Close a connection to an LDAP server * @param ldc A structure containing the expanded details of the server * @tip This function unbinds from the LDAP server, and clears ldc->ldap. * It is possible to rebind to this server again using the same ldc * structure, using apr_ldap_open_connection(). * @fn util_ldap_close_connection(util_ldap_connection_t *ldc) * Unbind a connection to an LDAP server * @param ldc A structure containing the expanded details of the server * @tip This function unbinds the LDAP connection, and disconnects from * the server. It is used during error conditions, to bring the LDAP * connection back to a known state. * @fn apr_status_t util_ldap_connection_unbind(util_ldap_connection_t *ldc) * Find a connection in a list of connections * @param r The request record * @param host The hostname to connect to (multiple hosts space separated) * @param port The port to connect to * @param binddn The DN to bind with * @param bindpw The password to bind with * @param deref The dereferencing behavior * @param secure use SSL on the connection * @tip Once a connection is found and returned, a lock will be acquired to * lock that particular connection, so that another thread does not try and * use this connection while it is busy. Once you are finished with a connection, * apr_ldap_connection_close() must be called to release this connection. * @fn util_ldap_connection_t *util_ldap_connection_find(request_rec *r, const char *host, int port, * const char *binddn, const char *bindpw, deref_options deref, * int netscapessl, int starttls) * Compare two DNs for sameness * @param r The request record * @param ldc The LDAP connection being used. * @param url The URL of the LDAP connection - used for deciding which cache to use. * @param dn The first DN to compare. * @param reqdn The DN to compare the first DN to. * @param compare_dn_on_server Flag to determine whether the DNs should be checked using * LDAP calls or with a direct string comparision. A direct * string comparison is faster, but not as accurate - false * negative comparisons are possible. * @tip Two DNs can be equal and still fail a string comparison. Eg "dc=example,dc=com" * and "dc=example, dc=com". Use the compare_dn_on_server unless there are serious * @fn int util_ldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, * const char *url, const char *dn, const char *reqdn, * int compare_dn_on_server) const char *
url,
const char *
dn,
const char *
reqdn,
* A generic LDAP compare function * @param r The request record * @param ldc The LDAP connection being used. * @param url The URL of the LDAP connection - used for deciding which cache to use. * @param dn The DN of the object in which we do the compare. * @param attrib The attribute within the object we are comparing for. * @param value The value of the attribute we are trying to compare for. * @tip Use this function to determine whether an attribute/value pair exists within an * object. Typically this would be used to determine LDAP top-level group * @fn int util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc, * const char *url, const char *dn, const char *attrib, const char *value) * An LDAP function that checks if the specified user is a member of a subgroup. * @param r The request record * @param ldc The LDAP connection being used. * @param url The URL of the LDAP connection - used for deciding which cache to use. * @param dn The DN of the object in which we find subgroups to search within. * @param attrib The attribute within group objects that identify users. * @param value The user attribute value we are trying to compare for. * @param subgroupAttrs The attributes within group objects that identify subgroups. * @param subgroupclasses The objectClass values used to identify groups (and * subgroups). apr_array_header_t *. * @param cur_subgroup_depth Current recursive depth during subgroup processing. * @param max_subgroup_depth Maximum depth of recursion allowed during subgroup * @tip Use this function to determine whether an attribute/value pair exists within a * starting group object or one of its nested subgroups. Typically this would be * used to determine LDAP nested group membership. * @deffunc int util_ldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t * *ldc, const char *url, const char *dn, * const char *attrib, const char value, * char **subgroupAttrs, apr_array_header_t * *subgroupclasses, int cur_subgroup_depth, int * @param r The request record * @param ldc The LDAP connection being used. * @param url The URL of the LDAP connection - used for deciding which cache to use. * @param basedn The Base DN to search for the user in. * @param scope LDAP scope of the search. * @param attrs LDAP attributes to return in search. * @param filter The user to search for in the form of an LDAP filter. This filter must return * exactly one user for the check to be successful. * @param bindpw The user password to bind as. * @param binddn The DN of the user will be returned in this variable. * @param retvals The values corresponding to the attributes requested in the attrs array. * @tip The filter supplied will be searched for. If a single entry is returned, an attempt * is made to bind as that user. If this bind succeeds, the user is not validated. * @fn int util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, * char *url, const char *basedn, int scope, char **attrs, * char *filter, char *bindpw, char **binddn, char ***retvals) * Searches for a specified user object in an LDAP directory * @param r The request record * @param ldc The LDAP connection being used. * @param url The URL of the LDAP connection - used for deciding which cache to use. * @param basedn The Base DN to search for the user in. * @param scope LDAP scope of the search. * @param attrs LDAP attributes to return in search. * @param filter The user to search for in the form of an LDAP filter. This filter must return * exactly one user for the check to be successful. * @param binddn The DN of the user will be returned in this variable. * @param retvals The values corresponding to the attributes requested in the attrs array. * @tip The filter supplied will be searched for. If a single entry is returned, an attempt * is made to bind as that user. If this bind succeeds, the user is not validated. * @fn int util_ldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc, * char *url, const char *basedn, int scope, char **attrs, * char *filter, char **binddn, char ***retvals) * Checks if SSL support is available in mod_ldap * @fn int util_ldap_ssl_supported(request_rec *r) * @param pool The pool to use to initialise the cache * @param reqsize The size of the shared memory segment to request. A size * of zero requests the max size possible from * @fn void util_ldap_cache_init(apr_pool_t *p, util_ldap_state_t *st) * @return The status code returned is the status code of the * apr_smmem_init() call. Regardless of the status, the cache * will be set up at least for in-process or in-thread operation. * Display formatted stats for cache * @param The pool to allocate the returned string from * @tip This function returns a string allocated from the provided pool that describes * various stats about the cache. * @fn char *util_ald_cache_display(apr_pool_t *pool, util_ldap_state_t *st) #
endif /* APR_HAS_LDAP */