1. Index
  2. Shell
  3. C
  4. POSIX
  5. JavaScript

Lightweight Directory Access Protocol

LDAP definiert eine Schnittstelle für den Zugriff auf hierarchisch organisierte und verteilt gespeicherte Verzeichnisse. Häufig werden dort Benutzerdaten abgelegt, zum Beispiel in Microsofts Active Directory.

Beispiel

Anmelden und wieder abmelden

#include <ldap.h>

int
main (int argc, char * argv[])
{
	char        * user = "cn=admin";
	char        * pass = "secret";
	LDAP        * conn = NULL;
	struct berval cred = { .bv_val = (char *) pass,
	                       .bv_len = strlen  (pass) };
	ldap_initialize  (&conn, "ldap://localhost");
	ldap_sasl_bind_s (conn, user, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
	/* … */
	ldap_unbind_ext_s (conn, NULL, NULL);
	return 0;
}

Bibliothek installieren

apt install libldap2-dev

Übersetzen und binden mit:

gcc -g -Wall -lldap -o ldap ldap.c

API-Referenz

char * ldap_strdup (const char * p)
void * ldap_memalloc (ber_len_t s)
void * ldap_memcalloc (ber_len_t n, ber_len_t s)
void * ldap_memrealloc (void * p, ber_len_t s)
void ldap_memfree (void * p)
void ldap_memvfree (void ** v)
struct ldap_url_desc
char * lud_scheme ldap Schema
char * lud_host durmstrang Hostname
int lud_port 384 Portnummer
char * lud_dn dc=illusioni,dc=de Suchbasis
char ** lud_attrs NULL Attribute
int lud_scope NULL LDAP_SCOPE_…
char * lud_filter NULL Suchfilter
char ** lud_exts NULL Erweiterungen
int lud_crit_exts false Kritische Erweiterung
int ldap_is_ldap_url (const char * url)
int ldap_url_parse (const char * url,
LDAPURLDesc ** lud)
void ldap_free_urldesc (LDAPURLDesc * lud)
struct ldapmsg
char * ldap_get_dn (LDAP * ld, LDAPMessage * entry)
int ldap_str2dn (const char * str,
LDAPDN * dn, unsigned flags)
void ldap_dnfree (LDAPDN dn)
int ldap_dn2str (LDAPDN dn,
char ** str, unsigned flags)
char ** ldap_explode_dn (const char * dn, int notypes)
char ** ldap_explode_rdn (const char * rdn, int notypes)
char * ldap_dn2ufn (const char * dn)
char * ldap_dn2dcedn (const char * dn)
char * ldap_dcedn2dn (const char * dn)
char * ldap_dn2ad_canonical (const char * dn)
char * ldap_err2string (int err)
struct ldapcontrol
char * ldctl_oid
struct berval ldctl_value
char ldctl_iscritical
int ldap_result (LDAP * ld, int msgid, int all,
struct timeval * timeout,
LDAPMessage ** result)
int ldap_abandon_ext (LDAP * ld, int msgid,
LDAPControl ** sctrls,
LDAPControl ** cctrls)

Mit Server verbinden

int ldap_initialize (LDAP ** ld, char * uri)
int ldap_simple_bind_s (LDAP * ld, const char * who, const char * passwd)
int ldap_sasl_bind (LDAP * ld, const char * dn, const char * mechanism,
struct berval * cred,
LDAPControl * sctrls[],
LDAPControl * cctrls[], int * msgid)
int ldap_sasl_bind_s (LDAP * ld, const char * dn, const char * mechanism,
struct berval * cred,
LDAPControl * sctrls[],
LDAPControl * cctrls[],
struct berval ** servercred)
int ldap_sasl_interactive_bind_s (LDAP * ld, const char * dn, const char * mechs,
LDAPControl * sctrls[],
LDAPControl * cctrls[],
unsigned flags,
LDAP_SASL_INTERACT_PROC * interact,
void * defaults)
int ldap_sasl_interactive_bind (LDAP * ld, const char * dn, const char * mechs,
LDAPControl * sctrls[],
LDAPControl * cctrls[],
unsigned flags,
LDAP_SASL_INTERACT_PROC * interact,
void * defaults,
LDAPMessage * result,
const char ** rmech, int * msgid)
int ldap_parse_sasl_bind_result (LDAP * ld, LDAPMessage * res,
struct berval ** servercred, int freeit)
int (LDAP_SASL_INTERACT_PROC) (LDAP * ld, unsigned flags, void * defaults, void * sasl_interact)
int ldap_unbind (LDAP * ld)
int ldap_unbind_s (LDAP * ld)
int ldap_unbind_ext (LDAP * ld,
LDAPControl * sctrls[],
LDAPControl * cctrls[])
int ldap_unbind_ext_s (LDAP * ld,
LDAPControl * sctrls[],
LDAPControl * cctrls[])

Das Hilfsprogramm ldapsearch sucht und filtert Einträge. Die C-Schnittstelle verpackt Einträge in denopalen Datentyp LDAPMessage und bietet Iteratoren über die Attribute und die Werte innerhalb eines Attributs.

int ldap_search_ext (LDAP * ld, char * base, int scope,
char * filter,
char * attrs[],
int attrsonly,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
struct timeval * timeout,
int sizelimit,
int * msgid)
int ldap_search_ext_s (LDAP * ld, char * base, int scope,
char * filter,
char * attrs[],
int attrsonly,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
struct timeval * timeout,
int sizelimit,
LDAPMessage ** res)
int ldap_count_entries (LDAP * ld, LDAPMessage * result)
LDAPMessage * ldap_first_entry (LDAP * ld, LDAPMessage * result)
LDAPMessage * ldap_next_entry (LDAP * ld, LDAPMessage * entry)
char * ldap_first_attribute (LDAP * ld, LDAPMessage * entry, BerElement ** ber)
char * ldap_next_attribute (LDAP * ld, LDAPMessage * entry, BerElement * ber)
int ldap_count_values (char ** vals)
int ldap_count_values_len (struct berval ** vals)
void ldap_value_free (char ** vals)
void ldap_value_free_len (struct berval ** vals)
char ** ldap_get_values (LDAP * ld, LDAPMessage * entry, char * attr)
struct berval ** ldap_get_values_len (LDAP * ld, LDAPMessage * entry, char * attr)
int ldap_msgfree (LDAPMessage * msg)
int ldap_msgtype (LDAPMessage * msg)
int ldap_msgid (LDAPMessage * msg)

Einträge modifizieren

Das Hilfsprogramm ldapmodify verarbeitet Dateien im LDIF-Format, um Einträge zu modifizieren.

dn: Dn
changetype: modify
delete: Type
-
add: Type
Type: Value
-
replace: Type
Type: Value

Die C-Schnittstelle verwendet dazu eine verkettete Liste von Modifikator-Objekten.

struct ldapmod
int mod_op
char * mod_type
struct ldapmod * mod_next
union mod_vals
char ** modv_strvals
struct berval **modv_bvals
int ldap_add_ext (LDAP * ld, const char * dn,
LDAPMod ** attrs,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
int * msgid)
int ldap_add_ext_s (LDAP * ld, const char * dn,
LDAPMod ** attrs,
LDAPControl * sctrls,
LDAPControl * cctrls)
int ldap_modify_ext (LDAP * ld, char * dn,
LDAPMod * mods[],
LDAPControl ** sctrls,
LDAPControl ** cctrls,
int * msgid)
int ldap_modify_ext_s (LDAP * ld, char * dn,
LDAPMod * mods[],
LDAPControl ** sctrls,
LDAPControl ** cctrls)
void ldap_mods_free (LDAPMod ** mods,
int freemods)
int ldap_delete (LDAP * ld, char * dn)
int ldap_delete_s (LDAP * ld, char * dn)
int ldap_delete_ext (LDAP * ld, char * dn,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
int * msgid)
int ldap_delete_ext_s (LDAP * ld, char * dn,
LDAPControl ** sctrls,
LDAPControl ** cctrls)
int ldap_rename (LDAP * ld, const char * dn,
const char * newrdn,
const char * newparent,
int deleteoldrdn,
LDAPControl * sctrls[],
LDAPControl * cctrls[],
int * msgid)
int ldap_rename_s (LDAP * ld, const char * dn,
const char * newrdn,
const char * newparent,
int deleteoldrdn,
LDAPControl * sctrls[],
LDAPControl * cctrls[])
int ldap_compare_ext (LDAP * ld, char * dn, char * attr,
const struct berval * bvalue,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
int * msgid)
int ldap_compare_ext_s (LDAP * ld, char * dn, char * attr,
const struct berval * bvalue,
LDAPControl ** sctrls,
LDAPControl ** cctrls)
int ldap_extended_operation (LDAP * ld, const char * requestoid,
const struct berval * requestdata,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
int * msgid)
int ldap_extended_operation_s (LDAP * ld, const char * requestoid,
const struct berval * requestdata,
LDAPControl ** sctrls,
LDAPControl ** cctrls,
char ** retoid,
struct berval ** retdata)
LDAP_MOD_ADD Hinzufügen
LDAP_MOD_REPLACE Ändern
LDAP_MOD_DELETE Löschen

Binärdaten kodieren

struct berval
ber_len_t bv_len
char * bv_val
void ber_bvfree (struct berval * bv)
void ber_bvecfree (struct berval ** bvec)
void ber_bvecadd (struct berval *** bvec, struct berval * bv)
void ber_bvarray_free (struct berval * bvarray)
void ber_bvarray_add (BerVarray * bvarray, BerValue * bv)
struct berval *ber_bvdup (const struct berval * bv)
struct berval *ber_dupbv (const struct berval * dst, struct berval * src)
struct berval *ber_bvstr (const char * str)
struct berval *ber_bvstrdup (const char * str)
struct berval *ber_str2bv (const char * str, ber_len_t len, int dup, struct berval * bv)
BerElement * ber_alloc_t (int options)
BerElement * ber_init (struct berval * bv)
void ber_init2 (BerElement * ber, struct berval * bv, int options)
void ber_free (BerElement * ber, int freebuf)
Kodierung
int ber_flush (Sockbuf * sb, BerElement * ber, int freeit)
int ber_flush2 (Sockbuf * sb, BerElement * ber, int freeit)
int ber_printf (BerElement * ber, const char * fmt, ...)
int ber_put_int (BerElement * ber, ber_int_t num, ber_tag_t tag)
int ber_put_enum (BerElement * ber, ber_int_t num, ber_tag_t tag)
int ber_put_ostring (BerElement * ber, const char * str, ber_len_t len, ber_tag_t tag)
int ber_put_string (BerElement * ber, const char * str, ber_tag_t tag)
int ber_put_null (BerElement * ber, ber_tag_t tag)
int ber_put_boolean (BerElement * ber, ber_int_t bool, ber_tag_t tag)
int ber_put_bitstring (BerElement * ber, const char * str, ber_len_t blen, ber_tag_t tag)
int ber_start_seq (BerElement * ber, ber_tag_t tag)
int ber_start_set (BerElement * ber, ber_tag_t tag)
int ber_put_seq (BerElement * ber)
Dekodierung
ber_tag_t ber_get_next (Sockbuf * sb, ber_len_t * len, BerElement * ber)
ber_tag_t ber_skip_tag (BerElement * ber, ber_len_t * len)
ber_tag_t ber_peek_tag (BerElement * ber, ber_len_t * len)
ber_tag_t ber_scanf (BerElement * ber, const char * fmt, ...)
ber_tag_t ber_get_int (BerElement * ber, ber_int_t * num)
ber_tag_t ber_get_enum (BerElement * ber, ber_int_t * num)
ber_tag_t ber_get_stringb (BerElement * ber, char * buf, ber_len_t * len)
ber_tag_t ber_get_stringa (BerElement * ber, char ** buf)
ber_tag_t ber_get_stringal (BerElement * ber, struct berval ** bv)
ber_tag_t ber_get_stringbv (BerElement * ber, struct berval * bv, int alloc)
ber_tag_t ber_get_null (BerElement * ber)
ber_tag_t ber_get_boolean (BerElement * ber, ber_int_t * bool)
ber_tag_t ber_get_bitstringa (BerElement * ber, char ** buf, ber_len_t * blen)
ber_tag_t ber_first_element (BerElement * ber, ber_len_t * len, char ** cookie)
ber_tag_t ber_next_element (BerElement * ber, ber_len_t * len, const char * cookie)
OP DESC

Unterbau anbinden

Literatur

  1. OpenLDAP
  2. RFC 4510–4519: LDAP Technical Specification Road Map, 2006