| LDAP(3LDAP) | LDAP Library Functions | LDAP(3LDAP) |
ldap - Lightweight Directory Access Protocol package
cc[ flag... ] file... -lldap[ library... ] #include <lber.h> #include <ldap.h>
The Lightweight Directory Access Protocol ("LDAP") package includes various command line LDAP clients and a LDAP client library to provide programmatic access to the LDAP protocol. This man page gives an overview of the LDAP client library functions.
An application might use the LDAP client library functions as follows. The application would initialize a LDAP session with a LDAP server by calling ldap_init(3LDAP). Next, it authenticates to the LDAP server by calling ldap_sasl_bind(3LDAP) and friends. It may perform some LDAP operations and obtain results by calling ldap_search(3LDAP) and friends. To parse the results returned from these functions, it calls ldap_parse_result(3LDAP), ldap_next_entry(3LDAP), and ldap_first_entry(3LDAP) and others. It closes the LDAP session by calling ldap_unbind(3LDAP).
LDAP operations can be either synchronous or asynchronous. By convention, the names of the synchronous functions end with "_s." For example, a synchronous binding to the LDAP server can be performed by calling ldap_sasl_bind_s(3LDAP). Complete an asynchronous binding with ldap_sasl_bind(3LDAP). All synchronous functions return the actual outcome of the operation, either LDAP_SUCCESS or an error code. Asynchronous routines provide an invocation identifier which can be used to obtain the result of a specific operation by passing it to the ldap_result(3LDAP) function.
Initializing a LDAP session involves calling the ldap_init(3LDAP) function. However, the call does not actually open a connection to the LDAP server. It merely initializes a LDAP structure that represents the session. The connection is opened when the first operation is attempted. Unlike ldap_init(), ldap_open(3LDAP) attempts to open a connection with the LDAP server. However, the use of ldap_open() is deprecated.
The ldap_sasl_bind(3LDAP) and ldap_sasl_bind_s(3LDAP) functions provide general and extensible authentication for an LDAP client to a LDAP server. Both use the Simple Authentication Security Layer (SASL). Simplified routines ldap_simple_bind(3LDAP) and ldap_simple_bind_s(3LDAP) use cleartext passwords to bind to the LDAP server. Use of ldap_bind(3LDAP) and ldap_bind_s(3LDAP)(3LDAP) is deprecated.
Search for an entry in a LDAP directory by calling the ldap_search_ext(3LDAP) or the ldap_search_ext_s(3LDAP) functions. These functions support LDAPv3 server controls, client controls and variable size and time limits as arguments for each search operation. ldap_search(3LDAP) and ldap_search_s(3LDAP) are identical functions but do not support the controls and limits as arguments to the call.
Use ldap_add_ext(3LDAP) and ldap_delete_ext(3LDAP) to add or delete entries in a LDAP directory server. The synchronous counterparts to these functions are ldap_add_ext_s(3LDAP) and ldap_delete_ext_s(3LDAP). The ldap_add(3LDAP), ldap_add_s(3LDAP), ldap_delete(3LDAP), and ldap_delete_s(3LDAP) provide identical functionality to add and to delete entries, but they do not support LDAP v3 server and client controls.
Use ldap_modify_ext(3LDAP) and ldap_modify_ext_s(3LDAP) to modify an existing entry in a LDAP server that supports for LDAPv3 server and client controls. Similarly, use ldap_rename(3LDAP) and ldap_rename_s(3LDAP) to change the name of an LDAP entry. The ldap_modrdn(3LDAP), ldap_modrdn2(3LDAP), ldap_modrdn_s(3LDAP) and ldap_modrdn2_s(3LDAP) interfaces are deprecated.
Use ldap_result(3LDAP) to obtain the results of a previous asynchronous operation. For all LDAP operations other than search, only one message is returned. For the search operation, a list of result messages can be returned.
Use the ldap_parse_result(3LDAP), ldap_parse_sasl_bind_result(3LDAP), and the ldap_parse_extended_result(3LDAP) functions to extract required information from results and to handle the returned errors. To convert a numeric error code into a null-terminated character string message describing the error, use ldap_err2string(3LDAP). The ldap_result2error(3LDAP) and ldap_perror(3LDAP) functions are deprecated. To step through the list of messages in a result returned by ldap_result(), use ldap_first_message(3LDAP) and ldap_next_message(3LDAP). ldap_count_messages(3LDAP) returns the number of messages contained in the list.
You can use ldap_first_entry(3LDAP) and ldap_next_entry(3LDAP) to step through and obtain a list of entries from a list of messages returned by a search result. ldap_count_entries(3LDAP) returns the number of entries contained in a list of messages. Call either ldap_first_attribute(3LDAP) and ldap_next_attribute(3LDAP) to step through a list of attributes associated with an entry. Retrieve the values of a given attribute by calling ldap_get_values(3LDAP) and ldap_get_values_len(3LDAP). Count the number of values returned by using ldap_count_values(3LDAP) and ldap_count_values_len(3LDAP).
Use the ldap_get_lang_values(3LDAP) and ldap_get_lang_values_len(3LDAP) to return an attribute's values that matches a specified language subtype. The ldap_get_lang_values() function returns an array of an attribute's string values that matches a specified language subtype. To retrieve the binary data from an attribute, call the ldap_get_lang_values_len() function instead.
You can use the ldap_url(3LDAP)functions to test a URL to verify that it is an LDAP URL, to parse LDAP URLs into their component pieces, to initiate searches directly using an LDAP URL, and to retrieve the URL associated with a DNS domain name or a distinguished name.
The ldap_ufn(3LDAP) functions implement a user friendly naming scheme by means of LDAP. This scheme allows you to look up entries using fuzzy, untyped names like "mark smith, umich, us".
The ldap_memcache(3LDAP) functions provide an in-memory client side cache to store search requests. Caching improves performance and reduces network bandwidth when a client makes repeated requests.
There are also various utility functions. You can use the ldap_sort(3LDAP) functions are used to sort the entries and values returned by means of the ldap search functions. The ldap_friendly(3LDAP) functions will map from short two letter country codes or other strings to longer "friendlier" names. Use the ldap_charset(3LDAP) functions to translate to and from the T.61 character set that is used for many character strings in the LDAP protocol.
Make calls to ldap_init_getfilter(3LDAP) and ldap_search(3LDAP) to generate filters to be used in ldap_search(3LDAP) and ldap_search_s(3LDAP). ldap_init_getfilter() reads ldapfilter.conf(5), the LDAP configuration file, while ldap_init_getfilter_buf() reads the configuration information from buf of length buflen. ldap_getfilter_free(3LDAP) frees memory that has been allocated by means of ldap_init_getfilter().
The LDAP package includes a set of lightweight Basic Encoding Rules ("BER)" functions. The LDAP library functions use the BER functions to encode and decode LDAP protocol elements through the slightly simplified BER defined by LDAP. They are not normally used directly by an LDAP application program will not normally use the BER functions directly. Instead, these functions provide a printf() and scanf()-like interface, as well as lower-level access.
ldap_init_templates_buf(3LDAP)
ldap_init_getfilter_buf(3LDAP)
ldap_parse_extended_result(3LDAP)
ldap_parse_sasl_bind_result(3LDAP)
ldap_init_searchprefs_buf(3LDAP)
ldap_set_string_translators(3LDAP)
ldap_translate_from_t61(3LDAP)
ldap_enable_translation(3LDAP)
ldap_get_lang_values_len(3LDAP)
ldap_get_entry_controls(3LDAP)
See attributes(7) for a description of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Stability Level | Evolving |
| March 10, 2023 | OmniOS |