ldap(3)
LDAP(3) C LIBRARY FUNCTIONS LDAP(3)
NAME
ldap - OpenLDAP Lightweight Directory Access Protocol API
LIBRARY
OpenLDAP LDAP (libldap, -lldap)
SYNOPSIS
#include <ldap.h>
DESCRIPTION
The Lightweight Directory Access Protocol (LDAP) (RFC 3377)
provides access to X.500 directory services. These services
may be stand-alone or part of a distributed directory ser-
vice. This client API supports LDAP over TCP (RFC2251),
LDAP over TLS/SSL, and LDAP over IPC (UNIX domain sockets).
This API supports SASL (RFC2829) and Start TLS (RFC2830) as
well as a number of protocol extensions. This API is
loosely based upon IETF/LDAPEXT C LDAP API draft specifica-
tion, a (orphaned) work in progress.
The OpenLDAP Software package includes a stand-alone server
in slapd(8), various LDAP clients, and an LDAP client
library used to provide programmatic access to the LDAP pro-
tocol. This man page gives an overview of the LDAP library
routines.
Both synchronous and asynchronous APIs are provided. Also
included are various routines to parse the results returned
from these routines. These routines are found in the -lldap
library.
The basic interaction is as follows. A session handle is
created using ldap_initialize(3) and set the protocol ver-
sion to 3 by calling ldap_set_option(3). The underlying
session is established first operation is issued. This
would generally be a Start TLS or Bind operation. A Start
TLS operation is performed by calling ldap_start_tls_s(3).
A LDAP bind operation is performed by calling
ldap_sasl_bind(3) or one of its friends. Subsequently,
other operations are performed by calling one of the syn-
chronous or asynchronous routines (e.g.,
ldap_search_ext_s(3) or ldap_search_ext(3) followed by
ldap_result(3)). Results returned from these routines are
interpreted by calling the LDAP parsing routines such as
ldap_parse_result(3). The LDAP association and underlying
connection is terminated by calling ldap_unbind_ext(3).
Errors can be interpreted by calling ldap_err2string(3).
LDAP versions
This library supports version 3 of the Lightweight Directory
Access Protocol (LDAPv3) as defined in RFC 3377. It also
supports a varient of version 2 of LDAP as defined by U-Mich
OpenLDAP LDVERSION Last change: RELEASEDATE 1
LDAP(3) C LIBRARY FUNCTIONS LDAP(3)
LDAP and, to some degree, RFC 1777. Version 2 (all
varients) should be viewed as obsolete. Version 3 should be
used instead.
For backwards compatibility reasons, the library defaults to
version 2. Hence, all new applications (and all actively
maintained applications) should use ldap_set_option(3) to
select version 3. The library manual pages assume version 3
has been selected.
INPUT and OUTPUT PARAMETERS
All character string input/output is expected to be/is UTF-8
encoded Unicode (version 3.2).
Distinguished names (DN) (and relative distinguished names
(RDN) to be passed to the LDAP routines should conform to
RFC 2253. The ldap_explode_dn(3) routines can be used to
work with DNs.
Search filters to be passed to the search routines are to be
constructed by hand and should conform to RFC 2254.
LDAP URL are to be passed to routines are expected to con-
form to RFC 2255. The ldap_url(3) routines can be used to
work with LDAP URLs.
DISPLAYING RESULTS
Results obtained from the search routines can be output by
hand, by calling ldap_first_entry(3) and ldap_next_entry(3)
to step through the entries returned,
ldap_first_attribute(3) and ldap_next_attribute(3) to step
through an entry's attributes, and ldap_get_values(3) to
retrieve a given attribute's values. Attribute values may
or may not be displayable.
UTILITY ROUTINES
Also provided are various utility routines. The
ldap_sort(3) routines are used to sort the entries and
values returned via the ldap search routines.
BER LIBRARY
Also included in the distribution is a set of lightweight
Basic Encoding Rules routines. These routines are used by
the LDAP library routines to encode and decode LDAP protocol
elements using the (slightly simplified) Basic Encoding
Rules defined by LDAP. They are not normally used directly
by an LDAP application program except in the handling of
controls and extended operations. The routines provide a
printf and scanf-like interface, as well as lower-level
access. These routines are discussed in lber-decode(3),
lber-encode(3), lber-memory(3), and lber-types(3).
OpenLDAP LDVERSION Last change: RELEASEDATE 2
LDAP(3) C LIBRARY FUNCTIONS LDAP(3)
INDEX
ldap_initialize(3) initialize the LDAP library without
opening a connection to a server
ldap_result(3) wait for the result from an asynchronous
operation
ldap_abandon_ext(3) abandon (abort) an asynchronous opera-
tion
ldap_add_ext(3) asynchronously add an entry
ldap_add_ext_s(3) synchronously add an entry
ldap_sasl_bind(3) asynchronously bind to the directory
ldap_sasl_bind_s(3) synchronously bind to the directory
ldap_unbind_ext(3) synchronously unbind from the LDAP
server and close the connection
ldap_unbind_ext_s(3)
equivalent to ldap_unbind_ext(3)
ldap_memfree(3) dispose of memory allocated by LDAP rou-
tines.
ldap_compare_ext(3) asynchronously compare to a directory
entry
ldap_compare_ext_s(3)
synchronously compare to a directory
entry
ldap_delete_ext(3) asynchronously delete an entry
ldap_delete_ext_s(3)
synchronously delete an entry
ld_errno(3) LDAP error indication
ldap_errlist(3) list of LDAP errors and their meanings
ldap_err2string(3) convert LDAP error indication to a
string
ldap_first_attribute(3)
return first attribute name in an entry
ldap_next_attribute(3)
return next attribute name in an entry
OpenLDAP LDVERSION Last change: RELEASEDATE 3
LDAP(3) C LIBRARY FUNCTIONS LDAP(3)
ldap_first_entry(3) return first entry in a chain of search
results
ldap_next_entry(3) return next entry in a chain of search
results
ldap_count_entries(3)
return number of entries in a search
result
ldap_get_dn(3) extract the DN from an entry
ldap_explode_dn(3) convert a DN into its component parts
(deprecated)
ldap_explode_rdn(3) convert an RDN into its component parts
(deprecated)
ldap_get_values_len(3)
return an attribute's values with
lengths
ldap_value_free_len(3)
free memory allocated by
ldap_get_values_len(3)
ldap_count_values_len(3)
return number of values
ldap_modify_ext(3) asynchronously modify an entry
ldap_modify_ext_s(3)
synchronously modify an entry
ldap_mods_free(3) free array of pointers to mod structures
used by ldap_modify_ext(3)
ldap_rename(3) asynchronously rename an entry
ldap_rename_s(3) synchronously rename an entry
ldap_msgfree(3) free results allocated by ldap_result(3)
ldap_msgtype(3) return the message type of a message
from ldap_result(3)
ldap_msgid(3) return the message id of a message from
ldap_result(3)
ldap_search_ext(3) asynchronously search the directory
ldap_search_ext_s(3)
OpenLDAP LDVERSION Last change: RELEASEDATE 4
LDAP(3) C LIBRARY FUNCTIONS LDAP(3)
synchronously search the directory
ldap_is_ldap_url(3) check a URL string to see if it is an
LDAP URL
ldap_url_parse(3) break up an LDAP URL string into its
components
ldap_sort_entries(3)
sort a list of search results
ldap_sort_values(3) sort a list of attribute values
ldap_sort_strcasecmp(3)
case insensitive string comparison
SEE ALSO
ldap.conf(5), slapd(8), draft-ietf-ldapext-ldap-c-api-
xx.txt <http://www.ietf.org>
ACKNOWLEDGEMENTS
OpenLDAP is developed and maintained by The OpenLDAP Project
(http://www.openldap.org/). OpenLDAP is derived from
University of Michigan LDAP 3.3 Release.
These API manual pages are loosely based upon descriptions
provided in the IETF/LDAPEXT C LDAP API Internet Draft, a
(orphaned) work in progress.
OpenLDAP LDVERSION Last change: RELEASEDATE 5
Man(1) output converted with
man2html