1LDAP(3) Library Functions Manual LDAP(3)
2
6 ldap - OpenLDAP Lightweight Directory Access Protocol API
7
9 OpenLDAP LDAP (libldap, -lldap)
10
12 #include <ldap.h>
13
15 The Lightweight Directory Access Protocol (LDAP) (RFC 3377) provides
16 access to X.500 directory services. These services may be stand-alone
17 or part of a distributed directory service. This client API supports
18 LDAP over TCP (RFC2251), LDAP over TLS/SSL, and LDAP over IPC (UNIX
19 domain sockets). This API supports SASL (RFC2829) and Start TLS
20 (RFC2830) as well as a number of protocol extensions. This API is
21 loosely based upon IETF/LDAPEXT C LDAP API draft specification, a
22 (orphaned) work in progress.
23 The OpenLDAP Software package includes a stand-alone server in
25 slapd(8), various LDAP clients, and an LDAP client library used to pro‐
26 vide programmatic access to the LDAP protocol. This man page gives an
27 overview of the LDAP library routines.
28 Both synchronous and asynchronous APIs are provided. Also included are
30 various routines to parse the results returned from these routines.
31 These routines are found in the -lldap library.
32 The basic interaction is as follows. A session handle is created using
34 ldap_initialize(3) and set the protocol version to 3 by calling
35 ldap_set_option(3). The underlying session is established first opera‐
36 tion is issued. This would generally be a Start TLS or Bind operation.
37 A Start TLS operation is performed by calling ldap_start_tls_s(3). A
38 LDAP bind operation is performed by calling ldap_sasl_bind(3) or one of
39 its friends. Subsequently, other operations are performed by calling
40 one of the synchronous or asynchronous routines (e.g.,
41 ldap_search_ext_s(3) or ldap_search_ext(3) followed by ldap_result(3)).
42 Results returned from these routines are interpreted by calling the
43 LDAP parsing routines such as ldap_parse_result(3). The LDAP associa‐
44 tion and underlying connection is terminated by calling
45 ldap_unbind_ext(3). Errors can be interpreted by calling
46 ldap_err2string(3).
47
49 This library supports version 3 of the Lightweight Directory Access
50 Protocol (LDAPv3) as defined in RFC 3377. It also supports a variant
51 of version 2 of LDAP as defined by U-Mich LDAP and, to some degree, RFC
52 1777. Version 2 (all variants) should be viewed as obsolete. Version
53 3 should be used instead.
54 For backwards compatibility reasons, the library defaults to version 2.
56 Hence, all new applications (and all actively maintained applications)
57 should use ldap_set_option(3) to select version 3. The library manual
58 pages assume version 3 has been selected.
59
61 All character string input/output is expected to be/is UTF-8 encoded
62 Unicode (version 3.2).
63 Distinguished names (DN) (and relative distinguished names (RDN) to be
65 passed to the LDAP routines should conform to RFC 2253 UTF-8 string
66 representation.
67 Search filters to be passed to the search routines are to be con‐
69 structed by hand and should conform to RFC 2254 UTF-8 string represen‐
70 tation.
71 LDAP URL are to be passed to routines are expected to conform to RFC
73 2255 syntax. The ldap_url(3) routines can be used to work with LDAP
74 URLs.
75
77 Results obtained from the search routines can be output by hand, by
78 calling ldap_first_entry(3) and ldap_next_entry(3) to step through the
79 entries returned, ldap_first_attribute(3) and ldap_next_attribute(3) to
80 step through an entry's attributes, and ldap_get_values(3) to retrieve
81 a given attribute's values. Attribute values may or may not be dis‐
82 playable.
83
85 Also provided are various utility routines. The ldap_sort(3) routines
86 are used to sort the entries and values returned via the ldap search
87 routines.
88
90 Also included in the distribution is a set of lightweight Basic Encod‐
91 ing Rules routines. These routines are used by the LDAP library rou‐
92 tines to encode and decode LDAP protocol elements using the (slightly
93 simplified) Basic Encoding Rules defined by LDAP. They are not nor‐
94 mally used directly by an LDAP application program except in the han‐
95 dling of controls and extended operations. The routines provide a
96 printf and scanf-like interface, as well as lower-level access. These
97 routines are discussed in lber-decode(3), lber-encode(3), lber-mem‐
98 ory(3), and lber-types(3).
99
101 ldap_initialize(3) initialize the LDAP library without opening a con‐
102 nection to a server
103 ldap_result(3) wait for the result from an asynchronous operation
105 ldap_abandon_ext(3) abandon (abort) an asynchronous operation
107 ldap_add_ext(3) asynchronously add an entry
109 ldap_add_ext_s(3) synchronously add an entry
111 ldap_sasl_bind(3) asynchronously bind to the directory
113 ldap_sasl_bind_s(3) synchronously bind to the directory
115 ldap_unbind_ext(3) synchronously unbind from the LDAP server and close
117 the connection
118 ldap_unbind(3) and ldap_unbind_s(3) are
120 equivalent to ldap_unbind_ext(3)
121 ldap_memfree(3) dispose of memory allocated by LDAP routines.
123 ldap_compare_ext(3) asynchronously compare to a directory entry
125 ldap_compare_ext_s(3)
127 synchronously compare to a directory entry
128 ldap_delete_ext(3) asynchronously delete an entry
130 ldap_delete_ext_s(3)
132 synchronously delete an entry
133 ld_errno(3) LDAP error indication
135 ldap_errlist(3) list of LDAP errors and their meanings
137 ldap_err2string(3) convert LDAP error indication to a string
139 ldap_first_attribute(3)
141 return first attribute name in an entry
142 ldap_next_attribute(3)
144 return next attribute name in an entry
145 ldap_first_entry(3) return first entry in a chain of search results
147 ldap_next_entry(3) return next entry in a chain of search results
149 ldap_count_entries(3)
151 return number of entries in a search result
152 ldap_get_dn(3) extract the DN from an entry
154 ldap_get_values_len(3)
156 return an attribute's values with lengths
157 ldap_value_free_len(3)
159 free memory allocated by ldap_get_values_len(3)
160 ldap_count_values_len(3)
162 return number of values
163 ldap_modify_ext(3) asynchronously modify an entry
165 ldap_modify_ext_s(3)
167 synchronously modify an entry
168 ldap_mods_free(3) free array of pointers to mod structures used by
170 ldap_modify_ext(3)
171 ldap_rename(3) asynchronously rename an entry
173 ldap_rename_s(3) synchronously rename an entry
175 ldap_msgfree(3) free results allocated by ldap_result(3)
177 ldap_msgtype(3) return the message type of a message from
179 ldap_result(3)
180 ldap_msgid(3) return the message id of a message from
182 ldap_result(3)
183 ldap_search_ext(3) asynchronously search the directory
185 ldap_search_ext_s(3)
187 synchronously search the directory
188 ldap_is_ldap_url(3) check a URL string to see if it is an LDAP URL
190 ldap_url_parse(3) break up an LDAP URL string into its components
192 ldap_sort_entries(3)
194 sort a list of search results
195 ldap_sort_values(3) sort a list of attribute values
197 ldap_sort_strcasecmp(3)
199 case insensitive string comparison
200
202 ldap.conf(5), slapd(8), draft-ietf-ldapext-ldap-c-api-
203 xx.txt <http://www.ietf.org>
204
206 OpenLDAP is developed and maintained by The OpenLDAP Project
207 (http://www.openldap.org/). OpenLDAP is derived from University of
208 Michigan LDAP 3.3 Release.
209 These API manual pages are loosely based upon descriptions provided in
211 the IETF/LDAPEXT C LDAP API Internet Draft, a (orphaned) work in
212 progress.
213OpenLDAP 2.3.34 2007/2/16 LDAP(3)