1 / 13

Lightweight Directory Access Protocol Client API

Lightweight Directory Access Protocol Client API. LDAP Client API Capabilities. Allows you to communicate with an LDAP-capable, X.500 directory server with minimum effort Allows you, if properly authenticated, to Add a directory entry Delete a directory entry

kaylee
Download Presentation

Lightweight Directory Access Protocol Client API

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lightweight Directory Access Protocol Client API

  2. LDAP Client API Capabilities • Allows you to communicate with an LDAP-capable, X.500 directory server with minimum effort • Allows you, if properly authenticated, to • Add a directory entry • Delete a directory entry • Add, delete or modify the attributes of a directory entry • Search and retrieve entries with specified attributes from a directory server • A “filter string” may be specified for advanced search – see RFC 2254 • Reclaim memory used during retrieval

  3. LDAP Server Basics • An LDAP server contains entries, and each entry's type is defined by an object class • An object class defines required and optional attributes of entries in that class • Attributes consist of strings containing a type (or name) and one or more values: typedef struct { char *type; /* Attribute type or name */ char **values; /* Attribute values */ } ds_attr_t; • Each entry is uniquely identified by a distinguished name, or DN • DNs are hierarchical: each consists of an entry name plus a path of names tracing the entry back to the root • By convention, LDAP runs on port 389.

  4. LDAP Authentication • To request retrieval or a change to a directory entry, you must be authorized • LDAP Client API functions require authentication data in the form of • the DN of a user with sufficient authority for the operation and • a password for that user

  5. Adding an Attribute to an Entity int ds_add_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entry to which attribute is being added • attr – attribute name/values structure • Returns LDAP_SUCCESS or a passed through error code

  6. Deleting an Attribute from an Entity int ds_delete_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr_type ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entity from which attribute is being removed • Attr_type – attribute name • Returns LDAP_SUCCESS or a passed through error code

  7. Modifying an Attribute int ds_modify_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entry to which attribute being modified belongs • attr – modified attribute name/values structure • Returns LDAP_SUCCESS or a passed through error code

  8. Adding a New Directory Entry int ds_add_service (char *dn_user, char *pw, char *dn_obj, ds_attr_t **attr ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of new entry • attr – array of pointers to attribute name/value structures; last entry = NULL • Returns LDAP_SUCCESS or a passed through error code

  9. Deleting a Directory Entry int ds_delete_service (char *dn_user, char *pw, char *dn_obj ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entry to be deleted • Returns LDAP_SUCCESS or a passed through error code

  10. Search/Retrieval from the Directory ds_search_list_t * ds_search_service (char *dn_user, char *pw, char *attribute, char *value, char *base ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • attribute – name/type of attribute being compared • value – attribute value to locate • Reminder: Advanced search can be performed using a filter string; see RFC 2254 for details • base – distinguished name of starting point entity • Returns pointer to a ds_search_list_t structure

  11. ds_search_list_t/ds_search_res_t • ds_search_list_t typedef struct { int obj_num; /* Number of objects found */ ds_search_res_t **objs; /* Pointer to results list */ } ds_search_list_t; • ds_search_res_t typedef struct { char *dn; /* Distinguished Name */ ds_attr_t **attrs; /* Pointer to attributes list */ } ds_search_res_t;

  12. Cleaning up after a search • To avoid memory leaks after a search, call int ds_free_search_res(ds_search_list_t *srchPtr); • srchPtr is the pointer returned by the search function • This function cleans up all memory artifacts produced by search • Returns 0 for success, nonzero for failure

  13. Thru the teeming Search Results with gun and pseudocode Int i; ds_search_list_t *results; ds_search_res_t *oneResult; ds_attr_t *oneAttribute; Char *oneValue; if ( ( results = ds_search_service() ) == NULL ) { no_results; bail; } else for ( i = 0; i < results -> obj_num; i++ ) { oneResult = objs[i]; oneResult ->dn points to DN of matching object; oneAttribute = oneResult -> attrs; while ( oneAttribute != NULL ) { oneAttribute->type points to the attribute name/type; oneValue = oneAttribute -> values; while ( oneValue != NULL ) { oneValue points to attribute value; oneValue++; } // end while oneAttribute++; } // end while } // end for – all values retrieved

More Related