ldap.h revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2001-2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is Mozilla Communicator client code, released
* March 31, 1998.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-1999 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*/
#ifndef _LDAP_H
#define _LDAP_H
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _SOLARIS_SDK
#define _SOLARIS_SDK
#endif
#ifndef LDAP_TYPE_TIMEVAL_DEFINED
#endif
#ifndef LDAP_TYPE_SOCKET_DEFINED /* API extension */
#endif
#include <lber.h>
#define LDAP_PORT 389
#define LDAPS_PORT 636
#define LDAP_VERSION2 2
#define LDAP_VERSION3 3
#define LDAP_VERSION_MIN LDAP_VERSION3
#define LDAP_VERSION_MAX LDAP_VERSION3
#define LDAP_VENDOR_NAME "Sun Microsystems Inc."
/*
* The following will be an RFC number once the LDAP C API Internet Draft
* is published as a Proposed Standard RFC. For now we use 2000 + the
* draft revision number (currently 5) since we are close to compliance
* with revision 5 of the draft.
*/
#define LDAP_API_VERSION 2005
/*
* C LDAP features we support that are not (yet) part of the LDAP C API
* Internet Draft. Use the ldap_get_option() call with an option value of
* LDAP_OPT_API_FEATURE_INFO to retrieve information about a feature.
*
* Note that this list is incomplete; it includes only the most widely
* used extensions. Also, the version is 1 for all of these for now.
*/
#define LDAP_API_FEATURE_SERVER_SIDE_SORT 1
#define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 1
#define LDAP_API_FEATURE_PERSISTENT_SEARCH 1
#define LDAP_API_FEATURE_PROXY_AUTHORIZATION 1
#define LDAP_API_FEATURE_X_LDERRNO 1
#define LDAP_API_FEATURE_X_MEMCACHE 1
#define LDAP_API_FEATURE_X_IO_FUNCTIONS 1
#define LDAP_API_FEATURE_X_EXTIO_FUNCTIONS 1
#define LDAP_API_FEATURE_X_DNS_FUNCTIONS 1
#define LDAP_API_FEATURE_X_MEMALLOC_FUNCTIONS 1
#define LDAP_API_FEATURE_X_THREAD_FUNCTIONS 1
#define LDAP_API_FEATURE_X_EXTHREAD_FUNCTIONS 1
#define LDAP_API_FEATURE_X_GETLANGVALUES 1
#define LDAP_API_FEATURE_X_CLIENT_SIDE_SORT 1
#define LDAP_API_FEATURE_X_URL_FUNCTIONS 1
#define LDAP_API_FEATURE_X_FILTER_FUNCTIONS 1
#define LDAP_NO_ATTRS "1.1"
#define LDAP_ALL_USER_ATTRS "*"
/*
* Standard options (used with ldap_set_option() and ldap_get_option):
*/
/*
* Well-behaved private and experimental extensions will use option values
* between 0x4000 (16384) and 0x7FFF (32767) inclusive.
*/
/*
* Special timeout values for poll and connect:
*/
#define LDAP_X_IO_TIMEOUT_NO_WAIT 0 /* return immediately */
/*
* Timeout value for nonblocking connect call
*/
/* 0x4000 + 0x0F01 = 0x4F01 = 20225 - API extension */
#define LDAP_OPT_ON ((void *)1)
#define LDAP_OPT_OFF ((void *)0)
#define NULLMSG ((LDAPMessage *)0)
/* structure representing an LDAP modification */
typedef struct ldapmod {
int mod_op; /* kind of mod + form of values */
#define LDAP_MOD_ADD 0x00
#define LDAP_MOD_DELETE 0x01
#define LDAP_MOD_REPLACE 0x02
#define LDAP_MOD_BVALUES 0x80
char *mod_type; /* attribute name to modify */
union mod_vals_u {
char **modv_strvals;
struct berval **modv_bvals;
} LDAPMod;
/*
* structure for holding ldapv3 controls
*/
typedef struct ldapcontrol {
char *ldctl_oid;
struct berval ldctl_value;
char ldctl_iscritical;
} LDAPControl;
/*
* LDAP API information. Can be retrieved by using a sequence like:
*
* LDAPAPIInfo ldai;
* ldai.ldapai_info_version = LDAP_API_INFO_VERSION;
* if ( ldap_get_option( NULL, LDAP_OPT_API_INFO, &ldia ) == 0 ) ...
*/
#define LDAP_API_INFO_VERSION 1
typedef struct ldapapiinfo {
int ldapai_info_version; /* version of this struct (1) */
int ldapai_api_version; /* revision of API supported */
int ldapai_protocol_version; /* highest LDAP version supported */
char **ldapai_extensions; /* names of API extensions */
char *ldapai_vendor_name; /* name of supplier */
int ldapai_vendor_version; /* supplier-specific version times 100 */
} LDAPAPIInfo;
/*
* LDAP API extended features info. Can be retrieved by using a sequence like:
*
* LDAPAPIFeatureInfo ldfi;
* ldfi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
* ldfi.ldapaif_name = "VIRTUAL_LIST_VIEW";
* if ( ldap_get_option( NULL, LDAP_OPT_API_FEATURE_INFO, &ldfi ) == 0 ) ...
*/
#define LDAP_FEATURE_INFO_VERSION 1
typedef struct ldap_apifeature_info {
int ldapaif_info_version; /* version of this struct (1) */
char *ldapaif_name; /* name of supported feature */
int ldapaif_version; /* revision of supported feature */
/* possible result types a server can return */
/* Special values for ldap_result() "msgid" parameter */
#define LDAP_RES_ANY (-1)
#define LDAP_RES_UNSOLICITED 0
/* built-in SASL methods */
#define LDAP_SASL_SIMPLE 0 /* special value used for simple bind */
#ifdef _SOLARIS_SDK
#define LDAP_SASL_CRAM_MD5 "CRAM-MD5"
#define LDAP_SASL_DIGEST_MD5 "DIGEST-MD5"
#endif
/* search scopes */
#define LDAP_SCOPE_BASE 0x00
#define LDAP_SCOPE_ONELEVEL 0x01
#define LDAP_SCOPE_SUBTREE 0x02
/* alias dereferencing */
#define LDAP_DEREF_NEVER 0
#define LDAP_DEREF_SEARCHING 1
#define LDAP_DEREF_FINDING 2
#define LDAP_DEREF_ALWAYS 3
#define LDAP_NO_LIMIT 0
/* allowed values for "all" ldap_result() parameter */
#define LDAP_MSG_ONE 0
#define LDAP_MSG_ALL 1
#define LDAP_MSG_RECEIVED 2
/* possible error codes we can be returned */
/*
* LDAPv3 unsolicited notification messages we know about
*/
#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036"
/*
* LDAPv3 server controls we know about
*/
#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2"
#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473"
#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474"
#define LDAP_CONTROL_PERSISTENTSEARCH "2.16.840.1.113730.3.4.3"
#define LDAP_CONTROL_ENTRYCHANGE "2.16.840.1.113730.3.4.7"
#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
#define LDAP_CONTROL_PROXYAUTH "2.16.840.1.113730.3.4.12"
/* version 1 */
#define LDAP_CONTROL_PROXIEDAUTH "2.16.840.1.113730.3.4.18"
/* version 2 */
#ifdef _SOLARIS_SDK
/*
* Simple Page control OID
*/
#define LDAP_CONTROL_SIMPLE_PAGE "1.2.840.113556.1.4.319"
/*
* Begin LDAP Display Template Definitions
*/
#define LDAP_TEMPLATE_VERSION 1
/*
* general types of items (confined to most significant byte)
*/
#define LDAP_SYN_TYPE_TEXT 0x01000000L
#define LDAP_SYN_TYPE_IMAGE 0x02000000L
#define LDAP_SYN_TYPE_BOOLEAN 0x04000000L
#define LDAP_SYN_TYPE_BUTTON 0x08000000L
#define LDAP_SYN_TYPE_ACTION 0x10000000L
/*
* syntax options (confined to second most significant byte)
*/
#define LDAP_SYN_OPT_DEFER 0x00010000L
/*
* display template item syntax ids (defined by common agreement)
* these are the valid values for the ti_syntaxid of the tmplitem
* struct (defined below). A general type is encoded in the
* most-significant 8 bits, and some options are encoded in the next
* 8 bits. The lower 16 bits are reserved for the distinct types.
*/
/*
* handy macros
*/
/*
* display options for output routines (used by entry2text and friends)
*/
/*
* use calculated label width (based on length of longest label in
* template) instead of contant width
*/
#define LDAP_DISP_OPT_AUTOLABELWIDTH 0x00000001L
#define LDAP_DISP_OPT_HTMLBODYONLY 0x00000002L
/*
* perform search actions (applies to ldap_entry2text_search only)
*/
#define LDAP_DISP_OPT_DOSEARCHACTIONS 0x00000002L
/*
* include additional info. relevant to "non leaf" entries only
* used by ldap_entry2html and ldap_entry2html_search to include "Browse"
* and "Move Up" HREFs
*/
#define LDAP_DISP_OPT_NONLEAF 0x00000004L
/*
* display template item options (may not apply to all types)
* if this bit is set in ti_options, it applies.
*/
#define LDAP_DITEM_OPT_READONLY 0x00000001L
#define LDAP_DITEM_OPT_SORTVALUES 0x00000002L
#define LDAP_DITEM_OPT_SINGLEVALUED 0x00000004L
#define LDAP_DITEM_OPT_HIDEIFEMPTY 0x00000008L
#define LDAP_DITEM_OPT_VALUEREQUIRED 0x00000010L
#endif /* _SOLARIS_SDK */
/* Authentication request and response controls */
#define LDAP_CONTROL_AUTH_REQUEST "2.16.840.1.113730.3.4.16"
#define LDAP_CONTROL_AUTH_RESPONSE "2.16.840.1.113730.3.4.15"
/* Password information sent back to client */
#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"
#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"
/*
* Client controls we know about
*/
#define LDAP_CONTROL_REFERRALS "1.2.840.113556.1.4.616"
/*
* LDAP_API macro definition:
*/
#ifndef LDAP_API
#endif /* LDAP_API */
#ifdef _SOLARIS_SDK
/* Simple Page Control functions for Solaris SDK */
/* CRAM-MD5 functions */
/* DIGEST-MD5 Function */
LDAPMessage **result);
#endif /* _SOLARIS_SDK */
const void *optdata);
/*
* perform ldap operations and obtain results
*/
const char *passwd);
const char *passwd);
const char *newrdn);
const char *newrdn);
/* The following 2 functions are deprecated */
const char *newrdn, int deleteoldrdn);
const char *newrdn, int deleteoldrdn);
/*
*/
int freeit);
LDAPMessage *chain);
LDAPMessage *entry);
const int notypes);
const int notypes);
BerElement **ber);
BerElement *ber);
/* The following function is deprecated */
const char *target);
/*
* LDAPv3 extended operation calls
*/
/*
* Note: all of the new asynchronous calls return an LDAP error code,
* not a message id. A message id is returned via the int *msgidp
* parameter (usually the last parameter) if appropriate.
*/
struct berval **servercredp);
int *msgidp);
/*
* LDAPv3 extended parsing / result handling calls
*/
LDAPMessage *res);
LDAPMessage *msg);
LDAPMessage *res);
LDAPMessage *ref);
LDAPControl ***serverctrlsp);
#ifdef _SOLARIS_SDK
#endif
/* End of core standard C LDAP API definitions */
/*
* Server side sorting of search results (an LDAPv3 extension --
* LDAP_API_FEATURE_SERVER_SIDE_SORT)
*/
typedef struct LDAPsortkey { /* structure for a sort-key */
char *sk_attrtype;
char *sk_matchruleoid;
int sk_reverseorder;
} LDAPsortkey;
LDAPControl **ctrlp);
const char *string_rep);
/*
* Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW)
*/
/*
* structure that describes a VirtualListViewRequest control.
* note that ldvlist_index and ldvlist_size are only relevant to
* ldap_create_virtuallist_control() if ldvlist_attrvalue is NULL.
*/
typedef struct ldapvirtuallist {
unsigned long ldvlist_before_count; /* # entries before target */
unsigned long ldvlist_after_count; /* # entries after target */
char *ldvlist_attrvalue; /* jump to this value */
unsigned long ldvlist_index; /* list offset */
unsigned long ldvlist_size; /* number of items in vlist */
void *ldvlist_extradata; /* for use by application */
/*
* VLV functions:
*/
unsigned long *list_sizep, int *errcodep);
/*
* Routines for creating persistent search controls and for handling
* "entry changed notification" controls (an LDAPv3 extension --
* LDAP_API_FEATURE_PERSISTENT_SEARCH)
*/
#define LDAP_CHANGETYPE_ADD 1
#define LDAP_CHANGETYPE_DELETE 2
#define LDAP_CHANGETYPE_MODIFY 4
#define LDAP_CHANGETYPE_MODDN 8
/*
* Routines for creating Proxied Authorization controls (an LDAPv3
* extension -- LDAP_API_FEATURE_PROXY_AUTHORIZATION)
* ldap_create_proxyauth_control() is for the old (version 1) control.
* ldap_create_proxiedauth_control() is for the newer (version 2) control.
* Version 1 is supported by iPlanet Directory Server 4.1 and later.
* Version 2 is supported by iPlanet Directory Server 5.0 and later.
*/
/*
* Functions to get and set LDAP error information (API extension --
* LDAP_API_FEATURE_X_LDERRNO )
*/
/*
* LDAP URL functions and definitions (an API extension --
* LDAP_API_FEATURE_X_URL_FUNCTIONS)
*/
/*
* types for ldap URL handling
*/
typedef struct ldap_url_desc {
char *lud_host;
int lud_port;
char *lud_dn;
char **lud_attrs;
int lud_scope;
char *lud_filter;
unsigned long lud_options;
#define LDAP_URL_OPT_SECURE 0x01
char *lud_string; /* for internal use only */
} LDAPURLDesc;
/*
* possible errors returned by ldap_url_parse()
*/
/*
* URL functions:
*/
int attrsonly);
#ifdef _SOLARIS_SDK
/*
* Additional URL functions plus Character set, Search Preference
* and Display Template functions moved from internal header files
*/
/*
* URL functions
*/
/*
* Character set functions
*/
#ifdef STR_TRANSLATION
unsigned long *lenp, int free_input);
unsigned long *lenp, int free_input);
int enable);
#ifdef LDAP_CHARSET_8859
int free_input);
int free_input);
#endif /* LDAP_CHARSET_8859 */
#endif /* STR_TRANSLATION */
/*
* Display Temple functions/structures
*/
/*
* display template item structure
*/
struct ldap_tmplitem {
unsigned long ti_syntaxid;
unsigned long ti_options;
char *ti_attrname;
char *ti_label;
char **ti_args;
struct ldap_tmplitem *ti_next_in_row;
struct ldap_tmplitem *ti_next_in_col;
void *ti_appdata;
};
#define NULLTMPLITEM ((struct ldap_tmplitem *)0)
/*
* object class array structure
*/
struct ldap_oclist {
char **oc_objclasses;
struct ldap_oclist *oc_next;
};
#define NULLOCLIST ((struct ldap_oclist *)0)
/*
* add defaults list
*/
struct ldap_adddeflist {
int ad_source;
#define LDAP_ADSRC_CONSTANTVALUE 1
#define LDAP_ADSRC_ADDERSDN 2
char *ad_attrname;
char *ad_value;
struct ldap_adddeflist *ad_next;
};
#define NULLADLIST ((struct ldap_adddeflist *)0)
/*
* display template global options
* if this bit is set in dt_options, it applies.
*/
/*
* users should be allowed to try to add objects of these entries
*/
#define LDAP_DTMPL_OPT_ADDABLE 0x00000001L
/*
* users should be allowed to do "modify RDN" operation of these entries
*/
#define LDAP_DTMPL_OPT_ALLOWMODRDN 0x00000002L
/*
* this template is an alternate view, not a primary view
*/
#define LDAP_DTMPL_OPT_ALTVIEW 0x00000004L
/*
* display template structure
*/
struct ldap_disptmpl {
char *dt_name;
char *dt_pluralname;
char *dt_iconname;
unsigned long dt_options;
char *dt_authattrname;
char *dt_defrdnattrname;
char *dt_defaddlocation;
struct ldap_oclist *dt_oclist;
struct ldap_adddeflist *dt_adddeflist;
struct ldap_tmplitem *dt_items;
void *dt_appdata;
struct ldap_disptmpl *dt_next;
};
#define NULLDISPTMPL ((struct ldap_disptmpl *)0)
#define LDAP_TMPL_ERR_VERSION 1
#define LDAP_TMPL_ERR_MEM 2
#define LDAP_TMPL_ERR_SYNTAX 3
#define LDAP_TMPL_ERR_FILE 4
/*
* buffer size needed for entry2text and vals2text
*/
#define LDAP_DTMPL_BUFSIZ 8192
LDAP_API(int)
LDAP_API(int)
struct ldap_disptmpl **tmpllistp);
LDAP_API(void)
LDAP_API(struct ldap_disptmpl *)
LDAP_API(struct ldap_disptmpl *)
struct ldap_disptmpl *tmpl);
LDAP_API(struct ldap_disptmpl *)
LDAP_API(struct ldap_disptmpl *)
LDAP_API(char **)
unsigned long syntaxmask);
LDAP_API(struct ldap_tmplitem *)
LDAP_API(struct ldap_tmplitem *)
LDAP_API(struct ldap_tmplitem *)
LDAP_API(struct ldap_tmplitem *)
struct ldap_tmplitem *col);
LDAP_API(int)
unsigned long opts);
LDAP_API(int)
LDAP_API(int)
unsigned long opts);
LDAP_API(int)
LDAP_API(int)
LDAP_API(int)
/*
* Search Preference Definitions
*/
struct ldap_searchattr {
char *sa_attrlabel;
char *sa_attr;
/* max 32 matchtypes for now */
unsigned long sa_matchtypebitmap;
char *sa_selectattr;
char *sa_selecttext;
struct ldap_searchattr *sa_next;
};
struct ldap_searchmatch {
char *sm_matchprompt;
char *sm_filter;
struct ldap_searchmatch *sm_next;
};
struct ldap_searchobj {
char *so_objtypeprompt;
unsigned long so_options;
char *so_prompt;
short so_defaultscope;
char *so_filterprefix;
char *so_filtertag;
char *so_defaultselectattr;
char *so_defaultselecttext;
struct ldap_searchattr *so_salist;
struct ldap_searchmatch *so_smlist;
struct ldap_searchobj *so_next;
};
#define NULLSEARCHOBJ ((struct ldap_searchobj *)0)
/*
* global search object options
*/
#define LDAP_SEARCHOBJ_OPT_INTERNAL 0x00000001
#define LDAP_SEARCHPREF_VERSION_ZERO 0
#define LDAP_SEARCHPREF_VERSION 1
#define LDAP_SEARCHPREF_ERR_VERSION 1
#define LDAP_SEARCHPREF_ERR_MEM 2
#define LDAP_SEARCHPREF_ERR_SYNTAX 3
#define LDAP_SEARCHPREF_ERR_FILE 4
LDAP_API(int)
LDAP_API(int)
struct ldap_searchobj **solistp);
LDAP_API(void)
LDAP_API(struct ldap_searchobj *)
LDAP_API(struct ldap_searchobj *)
struct ldap_searchobj *so);
/*
* specific LDAP instantiations of BER types we know about
*/
/* general stuff */
/* tag for sort control */
/* possible operations a client can invoke */
/* U-M LDAP release 3.0 compatibility stuff */
#define LDAP_REQ_UNBIND_30 0x62
#define LDAP_REQ_DELETE_30 0x6a
#define LDAP_REQ_ABANDON_30 0x70
/* U-M LDAP 3.0 compatibility auth methods */
/* filter types */
/* U-M LDAP 3.0 compatibility filter types */
/* substring filter component types */
/* U-M LDAP 3.0 compatibility substring filter component types */
#endif /* _SOLARIS_SDK */
/*
* Function to dispose of an array of LDAPMod structures (an API extension).
* Warning: don't use this unless the mods array was allocated using the
* same memory allocator as is being used by libldap.
*/
/*
* Preferred language and get_lang_values (an API extension --
* LDAP_API_FEATURE_X_GETLANGVALUES)
*
* The following two APIs are deprecated
*/
/*
* Rebind callback function (an API extension)
*/
/*
* Thread function callbacks (an API extension --
* LDAP_API_FEATURE_X_THREAD_FUNCTIONS).
*/
/*
* Thread callback functions:
*/
/*
* Structure to hold thread function pointers:
*/
struct ldap_thread_fns {
void *ltf_lderrno_arg;
};
/*
* Client side sorting of entries (an API extension --
* LDAP_API_FEATURE_X_CLIENT_SIDE_SORT)
*/
/*
* Client side sorting callback functions:
*/
typedef int (LDAP_C LDAP_CALLBACK
const struct berval *);
typedef void (LDAP_C LDAP_CALLBACK
typedef int (LDAP_C LDAP_CALLBACK
typedef int (LDAP_C LDAP_CALLBACK
/*
* Client side sorting functions:
*/
const char **b);
/*
* Filter functions and definitions (an API extension --
* LDAP_API_FEATURE_X_FILTER_FUNCTIONS)
*/
/*
* Structures, constants, and types for filter utility routines:
*/
typedef struct ldap_filt_info {
char *lfi_filter;
char *lfi_desc;
int lfi_scope; /* LDAP_SCOPE_BASE, etc */
int lfi_isexact; /* exact match filter? */
struct ldap_filt_info *lfi_next;
} LDAPFiltInfo;
#define LDAP_FILT_MAXSIZ 1024
/*
* Filter utility functions:
*/
/*
* Friendly mapping structure and routines (an API extension)
*/
typedef struct friendly {
char *f_unfriendly;
char *f_friendly;
} *FriendlyMap;
FriendlyMap *map);
/*
* In Memory Cache (an API extension -- LDAP_API_FEATURE_X_MEMCACHE)
*/
LDAPMemCache **cachep);
int scope);
/*
* Server reconnect (an API extension).
*/
/*
* Asynchronous I/O (an API extension).
*/
/*
* This option enables completely asynchronous IO. It works by using ioctl()
* on the fd, (or tlook())
*/
/*
* I/O function callbacks option (an API extension --
* LDAP_API_FEATURE_X_IO_FUNCTIONS).
* Use of the extended I/O functions instead is recommended; see above.
*/
/*
* Extended I/O function callbacks option (an API extension --
* LDAP_API_FEATURE_X_EXTIO_FUNCTIONS).
*/
/* 0x4000 + 0x0F00 = 0x4F00 = 20224 - API extension */
/*
* generalized bind
*/
/*
* Authentication methods:
*/
#define LDAP_AUTH_NONE 0x00
#define LDAP_AUTH_SIMPLE 0x80
#define LDAP_AUTH_SASL 0xa3
const char *passwd, int authmethod);
/*
* experimental DN format support
*/
#ifdef _SOLARIS_SDK
#endif
/*
*/
/*
* functions and definitions that have been replaced by new improved ones
*/
/*
* Use ldap_get_option() with LDAP_OPT_API_INFO and an LDAPAPIInfo structure
* instead of ldap_version(). The use of this API is deprecated.
*/
typedef struct _LDAPVersion {
int sdk_version; /* Version of the SDK, * 100 */
int protocol_version; /* Highest protocol version supported, * 100 */
int SSL_version; /* SSL version if this SDK supports it, * 100 */
int security_level; /* highest level available */
int reserved[4];
} LDAPVersion;
#define LDAP_SECURITY_NONE 0
/* use ldap_create_filter() instead of ldap_build_filter() */
/* use ldap_set_filter_additions() instead of ldap_setfilteraffixes() */
/* older result types a server can return -- use LDAP_RES_MODDN instead */
#define LDAP_RES_MODRDN LDAP_RES_MODDN
#define LDAP_RES_RENAME LDAP_RES_MODDN
/* older error messages */
/* end of unsupported functions */
#ifdef _SOLARIS_SDK
/* SSL Functions */
/*
* these three defines resolve the SSL strength
* setting auth weak, diables all cert checking
* the CNCHECK tests for the man in the middle hack
*/
#define LDAPSSL_AUTH_WEAK 0
#define LDAPSSL_AUTH_CERT 1
#define LDAPSSL_AUTH_CNCHECK 2
/*
* Initialize LDAP library for SSL
*/
int defsecure);
/*
* Install I/O routines to make SSL over LDAP possible.
* Use this after ldap_init() or just use ldapssl_init() instead.
*/
/*
* The next three functions initialize the security code for SSL
* The first one ldapssl_client_init() does initialization for SSL only
* The next one supports ldapssl_clientauth_init() intializes security
* for SSL for client authentication. The third function initializes
* security for doing SSL with client authentication, and PKCS, that is,
* the third function initializes the security module database(secmod.db).
* The parameters are as follows:
* const char *certdbpath - path to the cert file. This can be a shortcut
* to the directory name, if so cert7.db will be postfixed to the string.
* void *certdbhandle - Normally this is NULL. This memory will need
* to be freed.
* int needkeydb - boolean. Must be ! = 0 if client Authentification
* is required
* char *keydbpath - path to the key database. This can be a shortcut
* to the directory name, if so key3.db will be postfixed to the string.
* void *keydbhandle - Normally this is NULL, This memory will need
* to be freed
* int needsecmoddb - boolean. Must be ! = 0 to assure that the correct
* security module is loaded into memory
* char *secmodpath - path to the secmod. This can be a shortcut to the
* directory name, if so secmod.db will be postfixed to the string.
*
* These three functions are mutually exclusive. You can only call
* one. This means that, for a given process, you must call the
* appropriate initialization function for the life of the process.
*/
/*
* Initialize the secure parts (Security and SSL) of the runtime for use
* by a client application. This is only called once.
*/
const char *certdbpath, void *certdbhandle);
/*
* Initialize the secure parts (Security and SSL) of the runtime for use
* by a client application that may want to do SSL client authentication.
*/
const char *certdbpath, void *certdbhandle,
/*
* Initialize the secure parts (Security and SSL) of the runtime for use
* by a client application that may want to do SSL client authentication.
*/
const char *certdbpath, void *certdbhandle,
const int needsecmoddb, const char *secmoddbpath,
const int sslstrength);
/*
* get a meaningful error string back from the security library
* this function should be called, if ldap_err2string doesn't
* identify the error code.
*/
/*
* Enable SSL client authentication on the given ld.
*/
char *keypasswd, char *certnickname);
(void *context, char **modulepath);
#define PKCS_STRUCTURE_ID 1
struct ldapssl_pkcs_fns {
int local_structure_id;
void *local_data;
};
/* end of SSL functions */
#endif /* _SOLARIS_SDK */
/* SASL options */
#define LDAP_OPT_X_SASL_MECH 0x6100
#define LDAP_OPT_X_SASL_REALM 0x6101
#define LDAP_OPT_X_SASL_AUTHCID 0x6102
#define LDAP_OPT_X_SASL_AUTHZID 0x6103
#define LDAP_OPT_X_SASL_SSF_MIN 0x6107
#define LDAP_OPT_X_SASL_SSF_MAX 0x6108
#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
/*
* ldap_interactive_bind_s Interaction flags
* Interactive: prompt always - REQUIRED
*/
#define LDAP_SASL_INTERACTIVE 1U
/*
* V3 SASL Interaction Function Callback Prototype
* when using SASL, interact is pointer to sasl_interact_t
* should likely passed in a control (and provided controls)
*/
typedef int (LDAP_SASL_INTERACT_PROC)
#ifdef __cplusplus
}
#endif
#endif /* _LDAP_H */