ns_sldap.h revision 9f2fd570dfad3c35512617ae887140b15e3ec4c5
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _NS_SLDAP_H
#define _NS_SLDAP_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdio.h>
#include <sys/types.h>
#include <lber.h>
#include <ldap.h>
/*
* Version
*/
#define NS_LDAP_VERSION NS_LDAP_VERSION_2
#define NS_LDAP_VERSION_1 "1.0"
#define NS_LDAP_VERSION_2 "2.0"
/*
* Flags
*/
#define NS_LDAP_HARD 0x001
#define NS_LDAP_ALL_RES 0x002
/* Search Referral Option */
typedef enum SearchRef {
NS_LDAP_FOLLOWREF = 0x004,
NS_LDAP_NOREF = 0x008
} SearchRef_t;
typedef enum ScopeType {
NS_LDAP_SCOPE_BASE = 0x010,
NS_LDAP_SCOPE_ONELEVEL = 0x020,
NS_LDAP_SCOPE_SUBTREE = 0x040
} ScopeType_t;
/*
* BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
* IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
* THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
* IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
*/
#define NS_LDAP_KEEP_CONN 0x080
#define NS_LDAP_NEW_CONN 0x400
#define NS_LDAP_NOMAP 0x800
#define NS_LDAP_PAGE_CTRL 0x1000
#define NS_LDAP_NO_PAGE_CTRL 0x0000
/*
* NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
* to retrieve the DN in LDAP and DN is not to be converted when
* being passed back to the application. See __ns_ldap_uid2dn()
* and __ns_ldap_host2dn() for such usage.
*/
#define NS_LDAP_NOT_CVT_DN 0x2000
/*
* NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
* __ns_ldap_repAttr() to update the shadow database on the
* LDAP server.
*/
#define NS_LDAP_UPDATE_SHADOW 0x4000
/*
* NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
* and __ns_ldap_firstEntry() to read the shadow database on the
* LDAP server.
*/
#define NS_LDAP_READ_SHADOW 0x8000
/*
* Authentication Information
*/
typedef enum CredLevel {
NS_LDAP_CRED_ANON = 0,
NS_LDAP_CRED_PROXY = 1,
NS_LDAP_CRED_SELF = 2
} CredLevel_t;
typedef enum AuthType {
NS_LDAP_AUTH_NONE = 0,
NS_LDAP_AUTH_SIMPLE = 1,
NS_LDAP_AUTH_SASL = 2,
NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */
NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */
} AuthType_t;
typedef enum TlsType {
NS_LDAP_TLS_NONE = 0,
NS_LDAP_TLS_SIMPLE = 1,
NS_LDAP_TLS_SASL = 2
} TlsType_t;
typedef enum SaslMech {
NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */
NS_LDAP_SASL_CRAM_MD5 = 1,
NS_LDAP_SASL_DIGEST_MD5 = 2,
NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */
NS_LDAP_SASL_GSSAPI = 4,
NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */
} SaslMech_t;
typedef enum SaslOpt {
NS_LDAP_SASLOPT_NONE = 0,
NS_LDAP_SASLOPT_INT = 1,
NS_LDAP_SASLOPT_PRIV = 2
} SaslOpt_t;
typedef enum PrefOnly {
NS_LDAP_PREF_FALSE = 0,
NS_LDAP_PREF_TRUE = 1
} PrefOnly_t;
typedef enum enableShadowUpdate {
NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE = 0,
NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE = 1
} enableShadowUpdate_t;
typedef struct UnixCred {
char *userID; /* Unix ID number */
char *passwd; /* password */
} UnixCred_t;
typedef struct CertCred {
char *path; /* certificate path */
char *passwd; /* password */
char *nickname; /* nickname */
} CertCred_t;
typedef struct ns_auth {
AuthType_t type;
TlsType_t tlstype;
SaslMech_t saslmech;
SaslOpt_t saslopt;
} ns_auth_t;
typedef struct ns_cred {
ns_auth_t auth;
char *hostcertpath;
union {
UnixCred_t unix_cred;
CertCred_t cert_cred;
} cred;
} ns_cred_t;
typedef struct LineBuf {
char *str;
int len;
int alloc;
} LineBuf;
/*
* Configuration Information
*/
typedef enum {
NS_LDAP_FILE_VERSION_P = 0,
NS_LDAP_BINDDN_P = 1,
NS_LDAP_BINDPASSWD_P = 2,
NS_LDAP_SERVERS_P = 3,
NS_LDAP_SEARCH_BASEDN_P = 4,
NS_LDAP_AUTH_P = 5,
/*
* NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
* with version 1 clients and their configuration files. The only
* supported value is NS_LDAP_SEC_NONE. No application should be
* using this parameter type (either through getParam or setParam.
*/
NS_LDAP_TRANSPORT_SEC_P = 6,
NS_LDAP_SEARCH_REF_P = 7,
NS_LDAP_DOMAIN_P = 8,
NS_LDAP_EXP_P = 9,
NS_LDAP_CERT_PATH_P = 10,
NS_LDAP_CERT_PASS_P = 11,
NS_LDAP_SEARCH_DN_P = 12,
NS_LDAP_SEARCH_SCOPE_P = 13,
NS_LDAP_SEARCH_TIME_P = 14,
NS_LDAP_SERVER_PREF_P = 15,
NS_LDAP_PREF_ONLY_P = 16,
NS_LDAP_CACHETTL_P = 17,
NS_LDAP_PROFILE_P = 18,
NS_LDAP_CREDENTIAL_LEVEL_P = 19,
NS_LDAP_SERVICE_SEARCH_DESC_P = 20,
NS_LDAP_BIND_TIME_P = 21,
NS_LDAP_ATTRIBUTEMAP_P = 22,
NS_LDAP_OBJECTCLASSMAP_P = 23,
NS_LDAP_CERT_NICKNAME_P = 24,
NS_LDAP_SERVICE_AUTH_METHOD_P = 25,
NS_LDAP_SERVICE_CRED_LEVEL_P = 26,
NS_LDAP_HOST_CERTPATH_P = 27,
NS_LDAP_ENABLE_SHADOW_UPDATE_P = 28,
NS_LDAP_ADMIN_BINDDN_P = 29,
NS_LDAP_ADMIN_BINDPASSWD_P = 30,
/*
* The following entry (max ParamIndexType) is an internal
* placeholder. It must be the last (and highest value)
* entry in this eNum. Please update accordingly.
*/
NS_LDAP_MAX_PIT_P = 31
} ParamIndexType;
/*
* NONE - No self / SASL/GSSAPI configured
* ONLY - Only self / SASL/GSSAPI configured
* MIXED - self / SASL/GSSAPI is mixed with other types of configuration
*/
typedef enum {
NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
} ns_ldap_self_gssapi_config_t;
/*
* __ns_ldap_*() return codes
*/
typedef enum {
NS_LDAP_SUCCESS = 0, /* success, no info in errorp */
NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */
NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */
NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */
NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */
NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */
NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */
NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */
NS_LDAP_SUCCESS_WITH_INFO
= 9 /* success, with info in errorp */
} ns_ldap_return_code;
/*
* Detailed error code for NS_LDAP_CONFIG
*/
typedef enum {
NS_CONFIG_SYNTAX = 0, /* syntax error */
NS_CONFIG_NODEFAULT = 1, /* no default value */
NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */
NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */
NS_CONFIG_FILE = 4, /* configuration file problem */
NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */
} ns_ldap_config_return_code;
/*
* Detailed error code for NS_LDAP_PARTIAL
*/
typedef enum {
NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */
NS_PARTIAL_OTHER = 1 /* error encountered */
} ns_ldap_partial_return_code;
/*
* For use by __ns_ldap_addTypedEntry() for publickey serivicetype
*/
typedef enum {
NS_HOSTCRED_FALSE = 0,
NS_HOSTCRED_TRUE = 1
} hostcred_t;
/*
* Detailed password status
*/
typedef enum {
NS_PASSWD_GOOD = 0, /* password is good */
NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */
/* about to expire */
NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */
/* changed immediately */
NS_PASSWD_EXPIRED = 3, /* password expired */
NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */
/* account is locked */
NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */
/* by the administrator */
NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */
/* new password has */
/* invalid syntax -- */
/* trivial password: same */
/* value as attr, cn, sn, */
/* uid, etc. */
/* or strong password */
/* policies check */
NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */
/* new password has */
/* less chars than */
/* required */
NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */
/* reuse old password */
NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */
/* within minimum age */
} ns_ldap_passwd_status_t;
/*
* Password management information structure
*
* This structure is different from AcctUsableResponse_t structure in
* that this structure holds result of users account mgmt information when
* an ldap bind is done with user name and user password.
*/
typedef struct ns_ldap_passwd_mgmt {
ns_ldap_passwd_status_t
status; /* password status */
int sec_until_expired; /* seconds until expired, */
/* valid if status is */
/* NS_PASSWD_ABOUT_TO_EXPIRE */
} ns_ldap_passwd_mgmt_t;
/*
* LDAP V3 control flag for account management - Used for account management
* when no password is provided
*/
#define NS_LDAP_ACCOUNT_USABLE_CONTROL "1.3.6.1.4.1.42.2.27.9.5.8"
/*
* Structure for holding the response returned by server for
* NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
*/
typedef struct AcctUsableMoreInfo {
int inactive;
int reset;
int expired;
int rem_grace;
int sec_b4_unlock;
} AcctUsableMoreInfo_t;
/*
* Structure used to hold the response from the server for
* NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
*
* ACCOUNT_USABLE_RESPONSE::= CHOICE {
* is_available [0] INTEGER, seconds before expiration
* is_not_available [1] More_info
* }
*
* More_info::= SEQUENCE {
* inactive [0] BOOLEAN DEFAULT FALSE,
* reset [1] BOOLEAN DEFAULT FALSE,
* expired [2] BOOLEAN DEFAULT FALSE,
* remaining_grace [3] INTEGER OPTIONAL,
* seconds_before_unlock[4] INTEGER OPTIONAL
* }
*
* This structure is different from ns_ldap_passwd_mgmt_t structure in
* that this structure holds result of users account mgmt information when
* pam_ldap doesn't have the users password and proxy agent is used for
* obtaining the account management information.
*/
typedef struct AcctUsableResponse {
int choice;
union {
int seconds_before_expiry;
AcctUsableMoreInfo_t more_info;
} AcctUsableResp;
} AcctUsableResponse_t;
/*
* Simplified LDAP Naming API result structure
*/
typedef struct ns_ldap_error {
int status; /* LDAP error code */
char *message; /* LDAP error message */
ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */
/* management info */
} ns_ldap_error_t;
typedef struct ns_ldap_attr {
char *attrname; /* attribute name */
uint_t value_count;
char **attrvalue; /* attribute values */
} ns_ldap_attr_t;
typedef struct ns_ldap_entry {
uint_t attr_count; /* number of attributes */
ns_ldap_attr_t **attr_pair; /* attributes pairs */
struct ns_ldap_entry *next; /* next entry */
} ns_ldap_entry_t;
typedef struct ns_ldap_result {
uint_t entries_count; /* number of entries */
ns_ldap_entry_t *entry; /* data */
} ns_ldap_result_t;
/*
* structures for the conversion routines used by typedAddEntry()
*/
typedef struct _ns_netgroups {
char *name;
char **triplet;
char **netgroup;
} _ns_netgroups_t;
typedef struct _ns_netmasks {
char *netnumber;
char *netmask;
} _ns_netmasks_t;
typedef struct _ns_bootp {
char *name;
char **param;
} _ns_bootp_t;
typedef struct _ns_ethers {
char *name;
char *ether;
} _ns_ethers_t;
typedef struct _ns_pubkey {
char *name;
hostcred_t hostcred;
char *pubkey;
char *privkey;
} _ns_pubkey_t;
typedef struct _ns_alias {
char *alias;
char **member;
} _ns_alias_t;
typedef struct _ns_automount {
char *mapname;
char *key;
char *value;
} _ns_automount_t;
/*
* return values for the callback function in __ns_ldap_list()
*/
#define NS_LDAP_CB_NEXT 0 /* get the next entry */
#define NS_LDAP_CB_DONE 1 /* done */
/*
* Input values for the type specified in __ns_ldap_addTypedEntry()
* and __ns_ldap_delTypedEntry()
*/
#define NS_LDAP_TYPE_PASSWD "passwd"
#define NS_LDAP_TYPE_GROUP "group"
#define NS_LDAP_TYPE_HOSTS "hosts"
#define NS_LDAP_TYPE_IPNODES "ipnodes"
#define NS_LDAP_TYPE_PROFILE "prof_attr"
#define NS_LDAP_TYPE_RPC "rpc"
#define NS_LDAP_TYPE_PROTOCOLS "protocols"
#define NS_LDAP_TYPE_NETWORKS "networks"
#define NS_LDAP_TYPE_NETGROUP "netgroup"
#define NS_LDAP_TYPE_ALIASES "aliases"
#define NS_LDAP_TYPE_SERVICES "services"
#define NS_LDAP_TYPE_ETHERS "ethers"
#define NS_LDAP_TYPE_SHADOW "shadow"
#define NS_LDAP_TYPE_NETMASKS "netmasks"
#define NS_LDAP_TYPE_AUTHATTR "auth_attr"
#define NS_LDAP_TYPE_EXECATTR "exec_attr"
#define NS_LDAP_TYPE_USERATTR "user_attr"
#define NS_LDAP_TYPE_PROJECT "project"
#define NS_LDAP_TYPE_PUBLICKEY "publickey"
#define NS_LDAP_TYPE_AUUSER "audit_user"
#define NS_LDAP_TYPE_BOOTPARAMS "bootparams"
#define NS_LDAP_TYPE_AUTOMOUNT "auto_"
#define NS_LDAP_TYPE_TNRHDB "tnrhdb"
#define NS_LDAP_TYPE_TNRHTP "tnrhtp"
/*
* service descriptor/attribute mapping structure
*/
typedef struct ns_ldap_search_desc {
char *basedn; /* search base dn */
ScopeType_t scope; /* search scope */
char *filter; /* search filter */
} ns_ldap_search_desc_t;
typedef struct ns_ldap_attribute_map {
char *origAttr; /* original attribute */
char **mappedAttr; /* mapped attribute(s) */
} ns_ldap_attribute_map_t;
typedef struct ns_ldap_objectclass_map {
char *origOC; /* original objectclass */
char *mappedOC; /* mapped objectclass */
} ns_ldap_objectclass_map_t;
/*
* Value of the userPassword attribute representing NO Unix password
*/
#define NS_LDAP_NO_UNIX_PASSWORD "<NO UNIX PASSWORD>"
/* Opaque handle for batch API */
typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
/*
* The type of standalone configuration specified by a client application.
* The meaning of the requests is as follows:
*
* NS_CACHEMGR: libsldap will request all the configuration via door_call(3C)
* to ldap_cachemgr.
* NS_LDAP_SERVER: the consumer application has specified a directory server
* to communicate to.
* NS_PREDEFINED: reserved for internal use
*/
typedef enum {
NS_CACHEMGR = 0,
NS_LDAP_SERVER
} ns_standalone_request_type_t;
/*
* This structure describes an LDAP server specified by a client application.
*/
typedef struct ns_dir_server {
char *server; /* A directory server's IP */
uint16_t port; /* A directory server's port. */
/* Default value is 389 */
char *domainName; /* A domain name being served */
/* by the specified server. */
/* Default value is the local */
/* domain's name */
char *profileName; /* A DUAProfile's name. */
/* Default value is 'default' */
ns_auth_t *auth; /* Authentication information used */
/* during subsequent connections */
char *cred; /* A credential level to be used */
/* along with the authentication info */
char *host_cert_path; /* A path to the certificate database */
/* Default is '/vat/ldap' */
char *bind_dn; /* A bind DN to be used during */
/* subsequent LDAP Bind requests */
char *bind_passwd; /* A bind password to be used during */
/* subsequent LDAP Bind requests */
} ns_dir_server_t;
/*
* This structure contains information describing an LDAP server.
*/
typedef struct ns_standalone_conf {
union {
ns_dir_server_t server;
void *predefined_conf; /* Reserved for internal use */
} ds_profile; /* A type of the configuration */
#define SA_SERVER ds_profile.server.server
#define SA_PORT ds_profile.server.port
#define SA_DOMAIN ds_profile.server.domainName
#define SA_PROFILE_NAME ds_profile.server.profileName
#define SA_AUTH ds_profile.server.auth
#define SA_CRED ds_profile.server.cred
#define SA_CERT_PATH ds_profile.server.host_cert_path
#define SA_BIND_DN ds_profile.server.bind_dn
#define SA_BIND_PWD ds_profile.server.bind_passwd
ns_standalone_request_type_t type;
} ns_standalone_conf_t;
/*
* This function "informs" libsldap that a client application has specified
* a directory to use. The function obtains a DUAProfile, credentials,
* and naming context. During all further operations on behalf
* of the application requested a standalone schema libsldap will use
* the information obtained by __ns_ldap_initStandalone() instead of
* door_call(3C)ing ldap_cachemgr(1M).
*
* conf
* A structure describing where and in which way to obtain all the
* configuration describing how to communicate to a choosen LDAP directory.
*
* errorp
* An error object describing an error occured.
*/
ns_ldap_return_code __ns_ldap_initStandalone(
const ns_standalone_conf_t *conf,
ns_ldap_error_t **errorp);
/*
* This function obtains the directory's base DN and a DUAProfile
* from a specified server.
*
* server
* Specifies the selected directory sever.
*
* cred
* Contains an authentication information and credential required to
* establish a connection.
*
* config
* If not NULL, a new configuration basing on a DUAProfile specified in the
* server parameter will be create and returned.
*
* baseDN
* If not NULL, the directory's base DN will be returned.
*
* error
* Describes an error, if any.
*/
ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
const ns_dir_server_t *server,
const ns_cred_t *cred,
char **config, char **baseDN,
ns_ldap_error_t **error);
#define SA_PROHIBIT_FALLBACK 0
#define SA_ALLOW_FALLBACK 1
#define DONT_SAVE_NSCONF 0
#define SAVE_NSCONF 1
/*
* This function obtains the root DSE from a specified server.
*
* server_addr
* An adress of a server to be connected to.
*
* rootDSE
* A buffer containing the root DSE in the ldap_cachmgr door call format.
*
* errorp
* Describes an error, if any.
*
* anon_fallback
* If set to 1 and establishing a connection fails, __s_api_getRootDSE()
* will try once again using anonymous credentials.
*/
ns_ldap_return_code __ns_ldap_getRootDSE(
const char *server_addr,
char **rootDSE,
ns_ldap_error_t **errorp,
int anon_fallback);
/*
* This function iterates through the list of the configured LDAP servers
* and "pings" those which are marked as removed or if any error occurred
* during the previous receiving of the server's root DSE. If the
* function is able to reach such a server and get its root DSE, it
* marks the server as on-line. Otherwise, the server's status is set
* to "Error".
* For each server the function tries to connect to, it fires up
* a separate thread and then waits until all the threads finish.
* The function returns NS_LDAP_INTERNAL if the Standalone mode was not
* initialized or was canceled prior to an invocation of
* __ns_ldap_pingOfflineServers().
*/
ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
/*
* This function cancels the Standalone mode and destroys the list of root DSEs.
*/
void __ns_ldap_cancelStandalone(void);
/*
* This function initializes an ns_auth_t structure provided by a caller
* according to a specified authentication mechanism.
*/
ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
ns_auth_t *auth,
ns_ldap_error_t **errorp);
/*
* Simplified LDAP Naming APIs
*/
int __ns_ldap_list(
const char *service,
const char *filter,
int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
char **realfilter, const void *userdata),
const char * const *attribute,
const ns_cred_t *cred,
const int flags,
ns_ldap_result_t ** result,
ns_ldap_error_t ** errorp,
int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
const void *userdata);
int __ns_ldap_list_sort(
const char *service,
const char *filter,
const char *sortattr,
int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
char **realfilter, const void *userdata),
const char * const *attribute,
const ns_cred_t *cred,
const int flags,
ns_ldap_result_t ** result,
ns_ldap_error_t ** errorp,
int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
const void *userdata);
int __ns_ldap_list_batch_start(
ns_ldap_list_batch_t **batch);
int __ns_ldap_list_batch_add(
ns_ldap_list_batch_t *batch,
const char *service,
const char *filter,
int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
char **realfilter, const void *userdata),
const char * const *attribute,
const ns_cred_t *cred,
const int flags,
ns_ldap_result_t ** result,
ns_ldap_error_t ** errorp,
int *rcp,
int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
const void *userdata);
int __ns_ldap_list_batch_end(
ns_ldap_list_batch_t *batch);
void __ns_ldap_list_batch_release(
ns_ldap_list_batch_t *batch);
int __ns_ldap_addAttr(
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const ns_cred_t *cred,
const int flags,
ns_ldap_error_t **errorp);
int __ns_ldap_delAttr(
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const ns_cred_t *cred,
const int flags,
ns_ldap_error_t **errorp);
int __ns_ldap_repAttr(
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const ns_cred_t *cred,
const int flags,
ns_ldap_error_t **errorp);
int __ns_ldap_addEntry(
const char *service,
const char *dn,
const ns_ldap_entry_t *entry,
const ns_cred_t *cred,
const int flags,
ns_ldap_error_t **errorp);
int __ns_ldap_addTypedEntry(
const char *servicetype,
const char *basedn,
const void *data,
const int create,
const ns_cred_t *cred,
const int flags,
ns_ldap_error_t **errorp);
int __ns_ldap_delEntry(
const char *service,
const char *dn,
const ns_cred_t *cred,
const int flags,
ns_ldap_error_t **errorp);
int __ns_ldap_firstEntry(
const char *service,
const char *filter,
const char *sortattr,
int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
char **realfilter, const void *userdata),
const char * const *attribute,
const ns_cred_t *cred,
const int flags,
void **cookie,
ns_ldap_result_t ** result,
ns_ldap_error_t **errorp,
const void *userdata);
int __ns_ldap_nextEntry(
void *cookie,
ns_ldap_result_t ** result,
ns_ldap_error_t **errorp);
int __ns_ldap_endEntry(
void **cookie,
ns_ldap_error_t **errorp);
int __ns_ldap_freeResult(
ns_ldap_result_t **result);
int __ns_ldap_freeError(
ns_ldap_error_t **errorp);
int __ns_ldap_uid2dn(
const char *uid,
char **userDN,
const ns_cred_t *cred,
ns_ldap_error_t ** errorp);
int __ns_ldap_host2dn(
const char *host,
const char *domain,
char **hostDN,
const ns_cred_t *cred,
ns_ldap_error_t ** errorp);
int __ns_ldap_dn2domain(
const char *dn,
char **domain,
const ns_cred_t *cred,
ns_ldap_error_t ** errorp);
int __ns_ldap_auth(
const ns_cred_t *cred,
const int flag,
ns_ldap_error_t **errorp,
LDAPControl **serverctrls,
LDAPControl **clientctrls);
int __ns_ldap_freeCred(
ns_cred_t **credp);
int __ns_ldap_err2str(
int err,
char **strmsg);
int __ns_ldap_setParam(
const ParamIndexType type,
const void *data,
ns_ldap_error_t **errorp);
int __ns_ldap_getParam(
const ParamIndexType type,
void ***data,
ns_ldap_error_t **errorp);
int __ns_ldap_freeParam(
void ***data);
char **__ns_ldap_getAttr(
const ns_ldap_entry_t *entry,
const char *attrname);
ns_ldap_attr_t *__ns_ldap_getAttrStruct(
const ns_ldap_entry_t *entry,
const char *attrname);
int __ns_ldap_getServiceAuthMethods(
const char *service,
ns_auth_t ***auth,
ns_ldap_error_t **errorp);
int __ns_ldap_getSearchDescriptors(
const char *service,
ns_ldap_search_desc_t ***desc,
ns_ldap_error_t **errorp);
int __ns_ldap_freeSearchDescriptors(
ns_ldap_search_desc_t ***desc);
int __ns_ldap_getAttributeMaps(
const char *service,
ns_ldap_attribute_map_t ***maps,
ns_ldap_error_t **errorp);
int __ns_ldap_freeAttributeMaps(
ns_ldap_attribute_map_t ***maps);
char **__ns_ldap_getMappedAttributes(
const char *service,
const char *origAttribute);
char **__ns_ldap_getOrigAttribute(
const char *service,
const char *mappedAttribute);
int __ns_ldap_getObjectClassMaps(
const char *service,
ns_ldap_objectclass_map_t ***maps,
ns_ldap_error_t **errorp);
int __ns_ldap_freeObjectClassMaps(
ns_ldap_objectclass_map_t ***maps);
char **__ns_ldap_getMappedObjectClass(
const char *service,
const char *origObjectClass);
char **__ns_ldap_getOrigObjectClass(
const char *service,
const char *mappedObjectClass);
int __ns_ldap_getParamType(
const char *value,
ParamIndexType *type);
int __ns_ldap_getAcctMgmt(
const char *user,
AcctUsableResponse_t *acctResp);
boolean_t __ns_ldap_is_shadow_update_enabled();
void
__ns_ldap_self_gssapi_only_set(
int flag);
int
__ns_ldap_self_gssapi_config(
ns_ldap_self_gssapi_config_t *config);
#ifdef __cplusplus
}
#endif
#endif /* _NS_SLDAP_H */