Lightweight Directory Access Protocol Client API LDAP Client

  • Slides: 13
Download presentation
Lightweight Directory Access Protocol Client API

Lightweight Directory Access Protocol Client API

LDAP Client API Capabilities • Allows you to communicate with an LDAPcapable, X. 500

LDAP Client API Capabilities • Allows you to communicate with an LDAPcapable, X. 500 directory server with minimum effort • Allows you, if properly authenticated, to – – Add a directory entry Delete a directory entry Add, delete or modify the attributes of a directory entry Search and retrieve entries with specified attributes from a directory server • A “filter string” may be specified for advanced search – see RFC 2254 – Reclaim memory used during retrieval

LDAP Server Basics • An LDAP server contains entries, and each entry's type is

LDAP Server Basics • An LDAP server contains entries, and each entry's type is defined by an object class • An object class defines required and optional attributes of entries in that class • Attributes consist of strings containing a type (or name) and one or more values: typedef struct { char *type; char **values; } ds_attr_t; /* Attribute type or name */ /* Attribute values */ • Each entry is uniquely identified by a distinguished name, or DN • DNs are hierarchical: each consists of an entry name plus a path of names tracing the entry back to the root • By convention, LDAP runs on port 389.

LDAP Authentication • To request retrieval or a change to a directory entry, you

LDAP Authentication • To request retrieval or a change to a directory entry, you must be authorized • LDAP Client API functions require authentication data in the form of – the DN of a user with sufficient authority for the operation and – a password for that user

Adding an Attribute to an Entity int ds_add_attr (char *dn_user, char *pw, char *dn_obj,

Adding an Attribute to an Entity int ds_add_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entry to which attribute is being added • attr – attribute name/values structure • Returns LDAP_SUCCESS or a passed through error code

Deleting an Attribute from an Entity int ds_delete_attr (char *dn_user, char *pw, char *dn_obj,

Deleting an Attribute from an Entity int ds_delete_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr_type ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entity from which attribute is being removed • Attr_type – attribute name • Returns LDAP_SUCCESS or a passed through error code

Modifying an Attribute int ds_modify_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr );

Modifying an Attribute int ds_modify_attr (char *dn_user, char *pw, char *dn_obj, ds_attr_t *attr ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entry to which attribute being modified belongs • attr – modified attribute name/values structure • Returns LDAP_SUCCESS or a passed through error code

Adding a New Directory Entry int ds_add_service (char *dn_user, char *pw, char *dn_obj, ds_attr_t

Adding a New Directory Entry int ds_add_service (char *dn_user, char *pw, char *dn_obj, ds_attr_t **attr ); • • dn_user – distinguished name of authorized user pw – authorized user’s password dn_obj – distinguished name of new entry attr – array of pointers to attribute name/value structures; last entry = NULL • Returns LDAP_SUCCESS or a passed through error code

Deleting a Directory Entry int ds_delete_service (char *dn_user, char *pw, char *dn_obj ); •

Deleting a Directory Entry int ds_delete_service (char *dn_user, char *pw, char *dn_obj ); • dn_user – distinguished name of authorized user • pw – authorized user’s password • dn_obj – distinguished name of entry to be deleted • Returns LDAP_SUCCESS or a passed through error code

Search/Retrieval from the Directory ds_search_list_t * ds_search_service (char *dn_user, char *pw, char *attribute, char

Search/Retrieval from the Directory ds_search_list_t * ds_search_service (char *dn_user, char *pw, char *attribute, char *value, char *base ); • • dn_user – distinguished name of authorized user pw – authorized user’s password attribute – name/type of attribute being compared value – attribute value to locate • Reminder: Advanced search can be performed using a filter string; see RFC 2254 for details • base – distinguished name of starting point entity • Returns pointer to a ds_search_list_t structure

ds_search_list_t/ds_search_res_t • ds_search_list_t typedef struct { int obj_num; ds_search_res_t **objs; } ds_search_list_t; /* Number

ds_search_list_t/ds_search_res_t • ds_search_list_t typedef struct { int obj_num; ds_search_res_t **objs; } ds_search_list_t; /* Number of objects found */ /* Pointer to results list */ • ds_search_res_t typedef struct { char *dn; ds_attr_t **attrs; } ds_search_res_t; /* Distinguished Name */ /* Pointer to attributes list */

Cleaning up after a search • To avoid memory leaks after a search, call

Cleaning up after a search • To avoid memory leaks after a search, call int ds_free_search_res(ds_search_list_t *srch. Ptr); – srch. Ptr is the pointer returned by the search function – This function cleans up all memory artifacts produced by search – Returns 0 for success, nonzero for failure

Thru the teeming Search Results with gun and pseudocode Int i; ds_search_list_t *results; ds_search_res_t

Thru the teeming Search Results with gun and pseudocode Int i; ds_search_list_t *results; ds_search_res_t *one. Result; ds_attr_t *one. Attribute; Char *one. Value; if ( ( results = ds_search_service() ) == NULL ) { no_results; bail; } else for ( i = 0; i < results -> obj_num; i++ ) { one. Result = objs[i]; one. Result ->dn points to DN of matching object; one. Attribute = one. Result -> attrs; while ( one. Attribute != NULL ) { one. Attribute->type points to the attribute name/type; one. Value = one. Attribute -> values; while ( one. Value != NULL ) { one. Value points to attribute value; one. Value++; } // end while one. Attribute++; } // end while } // end for – all values retrieved

LDAP Lightweight Directory Access Protocol LDAP LDAP LightweightLDAP Lightweight Directory Access Protocol LDAP LDAP Lightweight
Lightweight Directory Access Protocol LDAP LDAP o DirectoryLightweight Directory Access Protocol LDAP LDAP o Directory
Lightweight Directory Access Protocol LDAP LDAP o DirectoryLightweight Directory Access Protocol LDAP LDAP o Directory
Lightweight Directory Access Protocol LDAP LDAP o DirectoryLightweight Directory Access Protocol LDAP LDAP o Directory
LDAP DHCP LDAP Lightweight Directory Access Protocol ProtokolLDAP DHCP LDAP Lightweight Directory Access Protocol Protokol
LDAP Lightweight Directory Access Protocol tzute Computer CenterLDAP Lightweight Directory Access Protocol tzute Computer Center
LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL LDAP DAMAR APRI SUDARMADILIGHTWEIGHT DIRECTORY ACCESS PROTOCOL LDAP DAMAR APRI SUDARMADI
LDAP Lightweight Directory Access Protocol Computer Center CSLDAP Lightweight Directory Access Protocol Computer Center CS
Lightweight Directory Access Protocol LDAP Vivien Boistuaud UFRLightweight Directory Access Protocol LDAP Vivien Boistuaud UFR
Lightweight Directory Access protocol LDAP Projektovn distribuovanch systmLightweight Directory Access protocol LDAP Projektovn distribuovanch systm
LDAP Lightweight Directory Access Protocol zjlin Computer CenterLDAP Lightweight Directory Access Protocol zjlin Computer Center
LDAP Lightweight Directory Access Protocol Speaker ChangYu WuLDAP Lightweight Directory Access Protocol Speaker ChangYu Wu