1 / 15

LDAP: Bind and Modify

LDAP: Bind and Modify. CNS 4650 Fall 2004 Rev. 2. Source Code. PERL bind.pl Shows how to bind to the LDAP directory modattrs.pl Shows how to modify an object attributes C/C++ bind.c Shows how to bind to the LDAP directory modattrs.c Shows how to modify an objects attributes.

floyd
Download Presentation

LDAP: Bind and Modify

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LDAP: Bind and Modify CNS 4650 Fall 2004 Rev. 2

  2. Source Code • PERL • bind.pl • Shows how to bind to the LDAP directory • modattrs.pl • Shows how to modify an object attributes • C/C++ • bind.c • Shows how to bind to the LDAP directory • modattrs.c • Shows how to modify an objects attributes

  3. Libraries and Includes • Same apply for search • PERL • use Net::LDAP • C/C++ • #include <ldap.h> • Compiler flag for gcc ‘-lldap’

  4. Initialize LDAP Connection • PERL • new Net::LDAP($server, $port); • C/C++ • ldap_init( MY_HOST, MY_PORT )

  5. C/C++ LDAP Options • Call ldap_set_option() prior to ldap_init() • Found in ldap.h • ldap_set_option( LDAP *ld, int option, LDAP_CONST void *invalue); • Options listed in ldap.h (lines 81-157) • #define LDAP_OPT_API_INFO 0x0000 • #define LDAP_OPT_DESC 0x0001 /* deprecated */ • #define LDAP_OPT_DEREF 0x0002 • #define LDAP_OPT_SIZELIMIT 0x0003 • #define LDAP_OPT_TIMELIMIT 0x0004 • #define LDAP_OPT_REFERRALS 0x0008 • #define LDAP_OPT_RESTART 0x0009 • /* 0x0a - 0x10 not defined by current draft */ • #define LDAP_OPT_PROTOCOL_VERSION 0x0011 • #define LDAP_OPT_SERVER_CONTROLS 0x0012 • #define LDAP_OPT_CLIENT_CONTROLS 0x0013 • /* 0x14 not defined by current draft */ • #define LDAP_OPT_API_FEATURE_INFO 0x0015

  6. C/C++ LDAP Options • Most often used • LDAP_OPT_PROTOCOL_VERSION • Used to force LDAPv3 • LDAP_OPT_SIZELIMIT • Used to limit number of returns • Pass NULL in for LDAP handle (first value) • Second Value is constant from ldap.h • Example: LDAP_OPT_PROTOCOL_VERSION • Third is value to set the option • Example: for LDAP_OPT_PROTOCOL_VERSION you would pass in ‘3’

  7. LDAP Bind • PERL • $conn->bind($dn,password=>$pass) • $conn is LDAP handle • C/C++ • ldap_simple_bind_s( ld, ENTRYDN, ENTRYPW ) • “ld” is LDAP handle • Pass in LDAP handle, the DN to be used for the bind, and the DN account password. • The password for simple binds is compared against the “userPassword” attribute • For SASL binds, the creditials are passed in not a “password” • Kerberos Authentication assumes the user already has a TGT

  8. LDAP Unbind • PERL • $conn->unbind; • $conn is the LDAP handle • C/C++ • ldap_unbind( ld ); • “ld” is the LDAP handle

  9. Modify an Entry • PERL • $conn->modify($dn, replace => { ”sn" => “doe” } ); • $conn is the LDAP Handle • Call modify() • First value is the DN of the object you wish to modify • Second value is the name of the attribute and the new value

  10. Modify an Entry • Create LDAPMod structure for each attribute (or you can reuse) • Create an Array of LDAPMods’, one greater than you need (the array is zero based) • The final value will be NULL LDAPMod mod0, *mods[ 2 ];

  11. LDAPMod typedef struct ldapmod { int mod_op; #define LDAP_MOD_ADD (0x0000) #define LDAP_MOD_DELETE (0x0001) #define LDAP_MOD_REPLACE (0x0002) #define LDAP_MOD_BVALUES (0x0080) char *mod_type; union mod_vals_u { char **modv_strvals; struct berval **modv_bvals; } mod_vals; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals } LDAPMod;

  12. Modify an Entry • Populate the LDAPMod mod_op • Populate the mod_type with the name of the attribute you wish to modify • Example is “sn” mod0.mod_op = LDAP_MOD_REPLACE; mod0.mod_type = ”sn";

  13. Modify an Entry • Populate the value for the attribute mod0.mod_values = vals;

  14. Modify an Entry • Place the LDAPMod struct in the LDAPMod array • Place a NULL in the last array slot of LDAPMod mods[ 0 ] = &mod0; mods[ 1 ] = NULL;

  15. Modify an Entry • First value “ld” is the LDAP handle • Second value is the DN of the entry • Third value is the LDAPMod array ldap_modify_s( ld, ENTRYDN, mods )

More Related