LDAP(3) LDAP(3)
NAME
ldap - OpenLDAP Lightweight Directory Access Protocol API
LLIIBBRRAARRYY
OpenLDAP LDAP (libldap, -lldap)
SYNOPSIS
##iinncclluuddee <>
DESCRIPTION
The Lightweight Directory Access Protocol (LDAP) (RFC 3377) provides
access to X.500 directory services. These services may be stand-alone
or part of a distributed directory service. This client API supports
LDAP over TCP (RFC2251), LDAP over TLS/SSL, and LDAP over IPC (UNIX
domain sockets). This API supports SASL (RFC2829) and Start TLS
(RFC2830) as well as a number of protocol extensions. This API is
loosely based upon IETF/LDAPEXT C LDAP API draft specification, a
(orphaned) work in progress.
The OpenLDAP Software package includes a stand-alone server in
ssllaappdd(8), various LDAP clients, and an LDAP client library used to pro-
vide programmatic access to the LDAP protocol. This man page gives an
overview of the LDAP library routines.
Both synchronous and asynchronous APIs are provided. Also included are
various routines to parse the results returned from these routines.
These routines are found in the -lldap library.
The basic interaction is as follows. A session handle is created using
llddaappiinniittiiaalliizzee(3) and set the protocol version to 3 by calling
llddaappsseettooppttiioonn(3). The underlying session is established first opera-
tion is issued. This would generally be a Start TLS or Bind operation.
A Start TLS operation is performed by calling llddaappssttaarrttttllssss(3). A
LDAP bind operation is performed by calling llddaappssaassllbbiinndd(3) or one of
its friends. Subsequently, other operations are performed by calling
one of the synchronous or asynchronous routines (e.g.,
llddaappsseeaarrcchheexxttss(3) or llddaappsseeaarrcchheexxtt(3) followed by llddaapprreessuulltt(3)).
Results returned from these routines are interpreted by calling the
LDAP parsing routines such as llddaappppaarrsseerreessuulltt(3). The LDAP associa-
tion and underlying connection is terminated by calling
llddaappuunnbbiinnddeexxtt(3). Errors can be interpreted by calling
llddaappeerrrr22ssttrriinngg(3).
LLDDAAPP vveerrssiioonnss
This library supports version 3 of the Lightweight Directory Access
Protocol (LDAPv3) as defined in RFC 3377. It also supports a varient
of version 2 of LDAP as defined by U-Mich LDAP and, to some degree, RFC
1777. Version 2 (all varients) should be viewed as obsolete. Version
3 should be used instead.
For backwards compatibility reasons, the library defaults to version 2.
Hence, all new applications (and all actively maintained applications)
should use llddaappsseettooppttiioonn(3) to select version 3. The library manual
pages assume version 3 has been selected.
IINNPPUUTT aanndd OOUUTTPPUUTT PPAARRAAMMEETTEERRSS
All character string input/output is expected to be/is UTF-8 encoded
Unicode (version 3.2).
Distinguished names (DN) (and relative distinguished names (RDN) to be
passed to the LDAP routines should conform to RFC 2253. The
llddaappeexxppllooddeeddnn(3) routines can be used to work with DNs.
Search filters to be passed to the search routines are to be con-
structed by hand and should conform to RFC 2254.
LDAP URL are to be passed to routines are expected to conform to RFC
2255. The llddaappuurrll(3) routines can be used to work with LDAP URLs.
DDIISSPPLLAAYYIINNGG RREESSUULLTTSS
Results obtained from the search routines can be output by hand, by
calling llddaappffiirrsstteennttrryy(3) and llddaappnneexxtteennttrryy(3) to step through the
entries returned, llddaappffiirrssttaattttrriibbuuttee(3) and llddaappnneexxttaattttrriibbuuttee(3) to
step through an entry's attributes, and llddaappggeettvvaalluueess(3) to retrieve
a given attribute's values. Attribute values may or may not be dis-
playable.
UUTTIILLIITTYY RROOUUTTIINNEESS
Also provided are various utility routines. The llddaappssoorrtt(3) routines
are used to sort the entries and values returned via the ldap search
routines.
BBEERR LLIIBBRRAARRYY
Also included in the distribution is a set of lightweight Basic Encod-
ing Rules routines. These routines are used by the LDAP library rou-
tines to encode and decode LDAP protocol elements using the (slightly
simplified) Basic Encoding Rules defined by LDAP. They are not nor-
mally used directly by an LDAP application program except in the han-
dling of controls and extended operations. The routines provide a
printf and scanf-like interface, as well as lower-level access. These
routines are discussed in llbbeerr-ddeeccooddee(3), llbbeerr-eennccooddee(3), llbbeerr-mmeemm-
oorryy(3), and llbbeerr-ttyyppeess(3).
IINNDDEEXX
ldapinitialize(3) initialize the LDAP library without opening a con-
nection to a server
ldapresult(3) wait for the result from an asynchronous operation
ldapabandonext(3) abandon (abort) an asynchronous operation
ldapaddext(3) asynchronously add an entry
ldapaddexts(3) synchronously add an entry
ldapsaslbind(3) asynchronously bind to the directory
ldapsaslbinds(3) synchronously bind to the directory
ldapunbindext(3) synchronously unbind from the LDAP server and close
the connection
ldapunbindexts(3)
equivalent to llddaappuunnbbiinnddeexxtt(3)
ldapmemfree(3) dispose of memory allocated by LDAP routines.
ldapcompareext(3) asynchronously compare to a directory entry
ldapcompareexts(3)
synchronously compare to a directory entry
ldapdeleteext(3) asynchronously delete an entry
ldapdeleteexts(3)
synchronously delete an entry
lderrno(3) LDAP error indication
ldaperrlist(3) list of LDAP errors and their meanings
ldaperr2string(3) convert LDAP error indication to a string
ldapfirstattribute(3)
return first attribute name in an entry
ldapnextattribute(3)
return next attribute name in an entry
ldapfirstentry(3) return first entry in a chain of search results
ldapnextentry(3) return next entry in a chain of search results
ldapcountentries(3)
return number of entries in a search result
ldapgetdn(3) extract the DN from an entry
ldapexplodedn(3) convert a DN into its component parts (deprecated)
ldapexploderdn(3) convert an RDN into its component parts (depre-
cated)
ldapgetvalueslen(3)
return an attribute's values with lengths
ldapvaluefreelen(3)
free memory allocated by ldapgetvalueslen(3)
ldapcountvalueslen(3)
return number of values
ldapmodifyext(3) asynchronously modify an entry
ldapmodifyexts(3)
synchronously modify an entry
ldapmodsfree(3) free array of pointers to mod structures used by
ldapmodifyext(3)
ldaprename(3) asynchronously rename an entry
ldaprenames(3) synchronously rename an entry
ldapmsgfree(3) free results allocated by ldapresult(3)
ldapmsgtype(3) return the message type of a message from
ldapresult(3)
ldapmsgid(3) return the message id of a message from
ldapresult(3)
ldapsearchext(3) asynchronously search the directory
ldapsearchexts(3)
synchronously search the directory
ldapisldapurl(3) check a URL string to see if it is an LDAP URL
ldapurlparse(3) break up an LDAP URL string into its components
ldapsortentries(3)
sort a list of search results
ldapsortvalues(3) sort a list of attribute values
ldapsortstrcasecmp(3)
case insensitive string comparison
SEE ALSO
llddaapp..ccoonnff(5), ssllaappdd(8), ddrraafftt-iieettff-llddaappeexxtt-llddaapp-cc-aappii-
xxxx..ttxxtt
AACCKKNNOOWWLLEEDDGGEEMMEENNTTSS
OOppeennLLDDAAPP is developed and maintained by The OpenLDAP Project
(http://www.openldap.org/). OOppeennLLDDAAPP is derived from University of
Michigan LDAP 3.3 Release.
These API manual pages are loosely based upon descriptions provided in
the IETF/LDAPEXT C LDAP API Internet Draft, a (orphaned) work in
progress.
OpenLDAP 2.2.19 2004/11/26 LDAP(3)