NAME

ldap - Lightweight Directory Access Protocol package

SYNOPSIS

cc[ flag... ] file... -lldap[ library... ]
#include <lber.h>
#include <ldap.h>

DESCRIPTION

The Lightweight Directory Access Protocol ("LDAP") package includes various command line LDAP clients and a LDAP client library to provide programmatic access to the LDAP protocol. This man page gives an overview of the LDAP client library functions.

An application might use the LDAP client library functions as follows. The application would initialize a LDAP session with a LDAP server by calling ldap_init(3LDAP). Next, it authenticates to the LDAP server by calling ldap_sasl_bind(3LDAP) and friends. It may perform some LDAP operations and obtain results by calling ldap_search(3LDAP) and friends. To parse the results returned from these functions, it calls ldap_parse_result(3LDAP), ldap_next_entry(3LDAP), and ldap_first_entry(3LDAP) and others. It closes the LDAP session by calling ldap_unbind(3LDAP).

LDAP operations can be either synchronous or asynchronous. By convention, the names of the synchronous functions end with "_s." For example, a synchronous binding to the LDAP server can be performed by calling ldap_sasl_bind_s(3LDAP). Complete an asynchronous binding with ldap_sasl_bind(3LDAP). All synchronous functions return the actual outcome of the operation, either LDAP_SUCCESS or an error code. Asynchronous routines provide an invocation identifier which can be used to obtain the result of a specific operation by passing it to the ldap_result(3LDAP) function.

Initializing a LDAP session

Initializing a LDAP session involves calling the ldap_init(3LDAP) function. However, the call does not actually open a connection to the LDAP server. It merely initializes a LDAP structure that represents the session. The connection is opened when the first operation is attempted. Unlike ldap_init(), ldap_open(3LDAP) attempts to open a connection with the LDAP server. However, the use of ldap_open() is deprecated.

Authenticating to a LDAP server

The ldap_sasl_bind(3LDAP) and ldap_sasl_bind_s(3LDAP) functions provide general and extensible authenticaton for an LDAP client to a LDAP server. Both use the Simple Authentication Security Layer (SASL). Simplified routines ldap_simple_bind(3LDAP) and ldap_simple_bind_s(3LDAP) use cleartext passwords to bind to the LDAP server. Use of ldap_bind(3LDAP) and ldap_bind_s(3LDAP)(3LDAP) is deprecated.

Searching a LDAP directory

Search for an entry in a LDAP directory by calling the ldap_search_ext(3LDAP) or the ldap_search_ext_s(3LDAP) functions. These functions support LDAPv3 server controls, client controls and variable size and time limits as arguments for each search operation. ldap_search(3LDAP) and ldap_search_s(3LDAP) are identical functions but do not support the controls and limits as arguments to the call.

Adding or Deleting an entry

Use ldap_add_ext(3LDAP) and ldap_delete_ext(3LDAP) to add or delete entries in a LDAP directory server. The synchronous counterparts to these functions are ldap_add_ext_s(3LDAP) and ldap_delete_ext_s(3LDAP). The ldap_add(3LDAP), ldap_add_s(3LDAP), ldap_delete(3LDAP), and ldap_delete_s(3LDAP) provide identical functionality to add and to delete entries, but they do not support LDAP v3 server and client controls.

Modifying Entries

Use ldap_modify_ext(3LDAP) and ldap_modify_ext_s(3LDAP) to modify an existing entry in a LDAP server that supports for LDAPv3 server and client controls. Similarly, use ldap_rename(3LDAP) and ldap_rename_s(3LDAP) to change the name of an LDAP entry. The ldap_modrdn(3LDAP), ldap_modrdn2(3LDAP), ldap_modrdn_s(3LDAP) and ldap_modrdn2_s(3LDAP) interfaces are deprecated.

Obtaining Results

Use ldap_result(3LDAP) to obtain the results of a previous asynchronous operation. For all LDAP operations other than search, only one message is returned. For the search operation, a list of result messages can be returned.

Handling Errors and Parsing Results

Use the ldap_parse_result(3LDAP), ldap_parse_sasl_bind_result(3LDAP), and the ldap_parse_extended_result(3LDAP) functions to extract required information from results and to handle the returned errors. To convert a numeric error code into a null-terminated character string message describing the error, use ldap_err2string(3LDAP). The ldap_result2error(3LDAP) and ldap_perror(3LDAP) functions are deprecated. To step through the list of messages in a result returned by ldap_result(), use ldap_first_message(3LDAP) and ldap_next_message(3LDAP). ldap_count_messages(3LDAP) returns the number of messages contained in the list.

You can use ldap_first_entry(3LDAP) and ldap_next_entry(3LDAP) to step through and obtain a list of entries from a list of messages returned by a search result. ldap_count_entries(3LDAP) returns the number of entries contained in a list of messages. Call either ldap_first_attribute(3LDAP) and ldap_next_attribute(3LDAP) to step through a list of attributes associated with an entry. Retrieve the values of a given attribute by calling ldap_get_values(3LDAP) and ldap_get_values_len(3LDAP). Count the number of values returned by using ldap_count_values(3LDAP) and ldap_count_values_len(3LDAP).

Use the ldap_get_lang_values(3LDAP) and ldap_get_lang_values_len(3LDAP) to return an attribute's values that matches a specified language subtype. The ldap_get_lang_values() function returns an array of an attribute's string values that matches a specified language subtype. To retrieve the binary data from an attribute, call the ldap_get_lang_values_len() function instead.

Uniform Resource Locators (URLS)

You can use the ldap_url(3LDAP)functions to test a URL to verify that it is an LDAP URL, to parse LDAP URLs into their component pieces, to initiate searches directly using an LDAP URL, and to retrieve the URL associated with a DNS domain name or a distinguished name.

User Friendly Naming

The ldap_ufn(3LDAP) functions implement a user friendly naming scheme by means of LDAP. This scheme allows you to look up entries using fuzzy, untyped names like "mark smith, umich, us".

Caching

The ldap_memcache(3LDAP) functions provide an in-memory client side cache to store search requests. Caching improves performance and reduces network bandwidth when a client makes repeated requests.

Utility Functions

There are also various utility functions. You can use the ldap_sort(3LDAP) functions are used to sort the entries and values returned by means of the ldap search functions. The ldap_friendly(3LDAP) functions will map from short two letter country codes or other strings to longer "friendlier" names. Use the ldap_charset(3LDAP) functions to translate to and from the T.61 character set that is used for many character strings in the LDAP protocol.

Generating Filters

Make calls to ldap_init_getfilter(3LDAP) and ldap_search(3LDAP) to generate filters to be used in ldap_search(3LDAP) and ldap_search_s(3LDAP). ldap_init_getfilter() reads ldapfilter.conf(5), the LDAP configuration file, while ldap_init_getfilter_buf() reads the configuration information from buf of length buflen. ldap_getfilter_free(3LDAP) frees memory that has been allocated by means of ldap_init_getfilter().

BER Library

The LDAP package includes a set of lightweight Basic Encoding Rules ("BER)" functions. The LDAP library functions use the BER functions to encode and decode LDAP protocol elements through the slightly simplified BER defined by LDAP. They are not normally used directly by an LDAP application program will not normally use the BER functions directly. Instead, these functions provide a printf() and scanf()-like interface, as well as lower-level access.

LIST OF INTERFACES

ldap_open(3LDAP)

Deprecated. Use ldap_init(3LDAP).

ldap_init(3LDAP)

Initialize a session with a LDAP server without opening a connection to a server.

ldap_result(3LDAP)

Obtain the result from a previous asynchronous operation.

ldap_abandon(3LDAP)

Abandon or abort an asynchronous operation.

ldap_add(3LDAP)

Asynchronously add an entry

ldap_add_s(3LDAP)

Synchronously add an entry.

ldap_add_ext(3LDAP)

Asynchronously add an entry with support for LDAPv3 controls.

ldap_add_ext_s(3LDAP)

Synchronously add an entry with support for LDAPv3 controls.

ldap_bind(3LDAP)

Deprecated. Use ldap_sasl_bind(3LDAP) or ldap_simple_bind(3LDAP).

ldap_sasl_bind(3LDAP)

Asynchronously bind to the directory using SASL authentication

ldap_sasl_bind_s(3LDAP)

Synchronously bind to the directory using SASL authentication

ldap_bind_s(3LDAP)

Deprecated. Use ldap_sasl_bind_s(3LDAP) or ldap_simple_bind_s(3LDAP).

ldap_simple_bind(3LDAP)

Asynchronously bind to the directory using simple authentication.

ldap_simple_bind_s(3LDAP)

Synchronously bind to the directory using simple authentication.

ldap_unbind(3LDAP)

Synchronously unbind from the LDAP server, close the connection, and dispose the session handle.

ldap_unbind_ext(3LDAP)

Synchronously unbind from the LDAP server and close the connection. ldap_unbind_ext() allows you to explicitly include both server and client controls in the unbind request.

ldap_set_rebind_proc(3LDAP)

Set callback function for obtaining credentials from a referral.

ldap_memcache_init(3LDAP)

Create the in-memory client side cache.

ldap_memcache_set(3LDAP)

Associate an in-memory cache that has been already created by calling the ldap_memcache_init(3LDAP) function with an LDAP connection handle.

ldap_memcache_get(3LDAP)

Get the cache associated with the specified LDAP structure.

ldap_memcache_flush(3LDAP)

Flushes search requests from the cache.

ldap_memcache_destroy(3LDAP)

Frees the specified LDAPMemCache structure pointed to by cache from memory.

ldap_memcache_update(3LDAP)

Checks the cache for items that have expired and removes them.

ldap_compare(3LDAP)

Asynchronous compare with a directory entry.

ldap_compare_s(3LDAP)

Synchronous compare with a directory entry.

ldap_compare_ext(3LDAP)

Asynchronous compare with a directory entry, with support for LDAPv3 controls.

ldap_compare_ext_s(3LDAP)

Synchronous compare with a directory entry, with support for LDAPv3 controls.

ldap_control_free(3LDAP)

Dispose of an LDAP control.

ldap_controls_free(3LDAP)

Dispose of an array of LDAP controls.

ldap_delete(3LDAP)

Asynchronously delete an entry.

ldap_delete_s(3LDAP)

Synchronously delete an entry.

ldap_delete_ext(3LDAP)

Asynchronously delete an entry, with support for LDAPv3 controls.

ldap_delete_ext_s(3LDAP)

Synchronously delete an entry, with support for LDAPv3 controls.

ldap_init_templates(3LDAP)

Read a sequence of templates from a LDAP template configuration file.

ldap_init_templates_buf(3LDAP)

Read a sequence of templates from a buffer.

ldap_free_templates(3LDAP)

Dispose of the templates allocated.

ldap_first_reference(3LDAP)

Step through a list of continuation references from a search result.

ldap_next_reference(3LDAP)

Step through a list of continuation references from a search result.

ldap_count_references(3LDAP)

Count the number of messages in a search result.

ldap_first_message(3LDAP)

Step through a list of messages in a search result.

ldap_count_messages(3LDAP)

Count the messages in a list of messages in a search result.

ldap_next_message(3LDAP)

Step through a list of messages in a search result.

ldap_msgtype(3LDAP)

Return the type of LDAP message.

ldap_first_disptmpl(3LDAP)

Get first display template in a list.

ldap_next_disptmpl(3LDAP)

Get next display template in a list.

ldap_oc2template(3LDAP)

Return template appropriate for the objectclass.

ldap_name2template(3LDAP)

Return named template

ldap_tmplattrs(3LDAP)

Return attributes needed by the template.

ldap_first_tmplrow(3LDAP)

Return first row of displayable items in a template.

ldap_next_tmplrow(3LDAP)

Return next row of displayable items in a template.

ldap_first_tmplcol(3LDAP)

Return first column of displayable items in a template.

ldap_next_tmplcol(3LDAP)

Return next column of displayable items in a template.

ldap_entry2text(3LDAP)

Display an entry as text by using a display template.

ldap_entry2text_search(3LDAP)

Search for and display an entry as text by using a display template.

ldap_vals2text(3LDAP)

Display values as text.

ldap_entry2html(3LDAP)

Display an entry as HTML (HyperText Markup Language) by using a display template.

ldap_entry2html_search(3LDAP)

Search for and display an entry as HTML by using a display template.

ldap_vals2html(3LDAP)

Display values as HTML.

ldap_perror(3LDAP)

Deprecated. Use ldap_parse_result(3LDAP).

ldap_result2error(3LDAP)

Deprecated. Use ldap_parse_result(3LDAP).

ldap_err2string(3LDAP)

Convert LDAP error indication to a string.

ldap_first_attribute(3LDAP)

Return first attribute name in an entry.

ldap_next_attribute(3LDAP)

Return next attribute name in an entry.

ldap_first_entry(3LDAP)

Return first entry in a chain of search results.

ldap_next_entry(3LDAP)

Return next entry in a chain of search results.

ldap_count_entries(3LDAP)

Return number of entries in a search result.

ldap_friendly_name(3LDAP)

Map from unfriendly to friendly names.

ldap_free_friendlymap(3LDAP)

Free resources used by ldap_friendly(3LDAP).

ldap_get_dn(3LDAP)

Extract the DN from an entry.

ldap_explode_dn(3LDAP)

Convert a DN into its component parts.

ldap_explode_dns(3LDAP)

Convert a DNS-style DN into its component parts (experimental).

ldap_is_dns_dn(3LDAP)

Check to see if a DN is a DNS-style DN (experimental).

ldap_dns_to_dn(3LDAP)

Convert a DNS domain name into an X.500 distinguished name.

ldap_dn2ufn(3LDAP)

Convert a DN into user friendly form.

ldap_get_values(3LDAP)

Return an attribute's values.

ldap_get_values_len(3LDAP)

Return an attribute's values with lengths.

ldap_value_free(3LDAP)

Free memory allocated by ldap_get_values(3LDAP).

ldap_value_free_len(3LDAP)

Free memory allocated by ldap_get_values_len(3LDAP).

ldap_count_values(3LDAP)

Return number of values.

ldap_count_values_len(3LDAP)

Return number of values.

ldap_init_getfilter(3LDAP)

Initialize getfilter functions from a file.

ldap_init_getfilter_buf(3LDAP)

Initialize getfilter functions from a buffer.

ldap_getfilter_free(3LDAP)

Free resources allocated by ldap_init_getfilter(3LDAP).

ldap_getfirstfilter(3LDAP)

Return first search filter.

ldap_getnextfilter(3LDAP)

Return next search filter.

ldap_build_filter(3LDAP)

Construct an LDAP search filter from a pattern.

ldap_setfilteraffixes(3LDAP)

Set prefix and suffix for search filters.

ldap_modify(3LDAP)

Asynchronously modify an entry.

ldap_modify_s(3LDAP)

Synchronously modify an entry.

ldap_modify_ext(3LDAP)

Asynchronously modify an entry, return value, and place message.

ldap_modify_ext_s(3LDAP)

Synchronously modify an entry, return value, and place message.

ldap_mods_free(3LDAP)

Free array of pointers to mod structures used by ldap_modify(3LDAP).

ldap_modrdn2(3LDAP)

Deprecated. Use ldap_rename(3LDAP) instead.

ldap_modrdn2_s(3LDAP)

Deprecated. Use ldap_rename_s(3LDAP) instead.

ldap_modrdn(3LDAP)

Deprecated. Use ldap_rename(3LDAP) instead.

ldap_modrdn_s(3LDAP)

Depreciated. Use ldap_rename_s(3LDAP) instead.

ldap_rename(3LDAP)

Asynchronously modify the name of an LDAP entry.

ldap_rename_s(3LDAP)

Synchronously modify the name of an LDAP entry.

ldap_msgfree(3LDAP)

Free result messages.

ldap_parse_result(3LDAP)

Search for a message to parse.

ldap_parse_extended_result(3LDAP)

Search for a message to parse.

ldap_parse_sasl_bind_result(3LDAP)

Search for a message to parse.

ldap_search(3LDAP)

Asynchronously search the directory.

ldap_search_s(3LDAP)

Synchronously search the directory.

ldap_search_ext(3LDAP)

Asynchronously search the directory with support for LDAPv3 controls.

ldap_search_ext_s(3LDAP)

Synchronously search the directory with support for LDAPv3 controls.

ldap_search_st(3LDAP)

Synchronously search the directory with support for a local timeout value.

ldap_ufn_search_s(3LDAP)

User friendly search the directory.

ldap_ufn_search_c(3LDAP)

User friendly search the directory with cancel.

ldap_ufn_search_ct(3LDAP)

User friendly search the directory with cancel and timeout.

ldap_ufn_setfilter(3LDAP)

Set filter file used by ldap_ufn(3LDAP) functions.

ldap_ufn_setprefix(3LDAP)

Set prefix used by ldap_ufn(3LDAP) functions.

ldap_ufn_timeout(3LDAP)

Set timeout used by ldap_ufn(3LDAP) functions.

ldap_is_ldap_url(3LDAP)

Check a URL string to see if it is an LDAP URL.

ldap_url_parse(3LDAP)

Break up an LDAP URL string into its components.

ldap_free_urldesc(3LDAP)

Free an LDAP URL structure.

ldap_url_search(3LDAP)

Asynchronously search by using an LDAP URL.

ldap_url_search_s(3LDAP)

Synchronously search by using an LDAP URL.

ldap_url_search_st(3LDAP)

Asynchronously search by using an LDAP URL, with support for a local timeout value.

ldap_dns_to_url(3LDAP)

Locate the LDAP URL associated with a DNS domain name.

ldap_dn_to_url(3LDAP)

Locate the LDAP URL associated with a distinguished name.

ldap_init_searchprefs(3LDAP)

Initialize searchprefs functions from a file.

ldap_init_searchprefs_buf(3LDAP)

Initialize searchprefs functions from a buffer.

ldap_free_searchprefs(3LDAP)

Free memory allocated by searchprefs functions.

ldap_first_searchobj(3LDAP)

Return first searchpref object.

ldap_next_searchobj(3LDAP)

Return next searchpref object.

ldap_sort_entries(3LDAP)

Sort a list of search results.

ldap_sort_values(3LDAP)

Sort a list of attribute values.

ldap_sort_strcasecmp(3LDAP)

Case insensitive string comparison.

ldap_set_string_translators(3LDAP)

Set character set translation functions used by LDAP library.

ldap_translate_from_t61(3LDAP)

Translate from the T.61 character set to another character set.

ldap_translate_to_t61(3LDAP)

Translate to the T.61 character set from another character set.

ldap_enable_translation(3LDAP)

Enable or disable character translation for an LDAP entry result.

ldap_version(3LDAP)

Get version information about the LDAP SDK for C.

ldap_get_lang_values(3LDAP)

Return an attribute's value that matches a specified language subtype.

ldap_get_lang_values_len(3LDAP)

Return an attribute's value that matches a specified language subtype along with lengths.

ldap_get_entry_controls(3LDAP)

Get the LDAP controls included with a directory entry in a set of search results.

ldap_get_option(3LDAP)

Get session preferences in an LDAP structure.

ldap_set_option(3LDAP)

Set session preferences in an LDAP structure.

ldap_memfree(3LDAP)

Free memory allocated by LDAP API functions.

ATTRIBUTES

See attributes(7) for a description of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Stability Level	Evolving