ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/ldap_set_option.htm

722 lines
21 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>ldap_set_option() -- Set LDAP Options</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- Direct1 SCRIPT J converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
<!-- File Edited April 2001 -->
<!-- This file has undergone html cleanup on 2/19/02 by JET -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!-- Java sync-link -->
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
</script>
<a name="Top_Of_Page"></a>
<h2>ldap_set_option() -- Set LDAP Options</h2>
<div class="box" style="width: 70%;">
<br>
&nbsp;&nbsp;Syntax<br>
<pre>
#include &lt;ldap.h&gt;
int ldap_set_option(
LDAP *<em>ld</em>,
int <em>optionToSet</em>,
const void *<em>optionValue</em> )
</pre>
<br>
&nbsp;&nbsp;Library Name/Service Program: QSYS/QGLDCLNT<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The <strong>ldap_set_option()</strong> function is used to set options for
the specified LDAP connection.</p>
<br>
<h3>Authorities and Locks</h3>
<p>No i5/OS authority is required.</p>
<br>
<h3>Parameters</h3>
<dl>
<dt><strong><em>ld</em></strong></dt>
<dd>(Input) An LDAP pointer returned by a previous call to
<a href="ldap_init.htm">ldap_init()</a>,
<a href="ldap_ssl_init.htm">ldap_ssl_init()</a>, or
<a href="ldap_open.htm">ldap_open()</a>.
If a NULL <em>ld</em> is passed in, the default option value is set. Later calls to
<a href="ldap_init.htm">ldap_init()</a>,
<a href="ldap_ssl_init.htm">ldap_ssl_init()</a>, or
<a href="ldap_open.htm">ldap_open()</a>
will use the set value as the default for the option.<br>
<br>
</dd>
<dt><strong><em>optionToSet</em></strong></dt>
<dd>(Input) The option value to be set. See below for the list of supported
options.<br>
<br>
</dd>
<dt><strong><em>optionValue</em></strong></dt>
<dd>(Input) The address of the value. For LDAP V3 client options, <em>
optionValue</em> is the actual value to be set.</dd>
</dl>
<p>The following session settings can be set using the <strong>
ldap_set_option()</strong> API:</p>
<table cellpadding="5">
<!-- cols="35 65" -->
<tr>
<td align="left" valign="top"><em>LDAP_OPT_SIZELIMIT</em></td>
<td align="left" valign="top">Mmaximum number of entries that can be returned
on a search operation</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_TIMELIMIT</em></td>
<td align="left" valign="top">Maximum number of seconds to wait for search
results</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_REFHOPLIMIT</em></td>
<td align="left" valign="top">Maximum number of referrals in a sequence that
the client can follow</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_DEREF</em></td>
<td align="left" valign="top">Rules for following aliases at the server</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_REFERRALS</em></td>
<td align="left" valign="top">Whether referrals should be followed by the
client</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_DEBUG</em></td>
<td align="left" valign="top">Client debug options</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_SSL_CIPHER</em></td>
<td align="left" valign="top">SSL ciphers to use</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_SSL_TIMEOUT</em></td>
<td align="left" valign="top">SSL timeout for refreshing session keys</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_REBIND_FN</em></td>
<td align="left" valign="top">Address of application's setrebindproc
procedure</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_PROTOCOL_VERSION</em></td>
<td align="left" valign="top">LDAP protocol version to use (V2 or V3)</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_SERVER_CONTROLS</em></td>
<td align="left" valign="top">Default server controls.</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_CLIENT_CONTROLS</em></td>
<td align="left" valign="top">Default client library controls</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_OPT_UTF8_IO</em></td>
<td align="left" valign="top">String Data type UTF-8 option</td>
</tr>
</table>
<p>The value returned by <a href="ldap_get_option.htm">ldap_get_option()</a>
when <strong>LDAP_OPT_PROTOCOL_VERSION</strong> is specified can be used to
determine how parameters should be passed to the <strong>
ldap_set_option()</strong> call. The easiest way to work with this
compatibility feature is to guarantee that calls to <strong>
ldap_set_option()</strong> are all performed while the <strong>
LDAP_OPT_PROTOCOL_VERSION</strong> is set to the same value. If this cannot be
guaranteed by the application, then follow the format of the example below when
coding the call to <strong>ldap_set_option()</strong>:</p>
<pre>
int sizeLimit=100;
int protocolVersion;
ldap_get_option( ld, LDAP_OPT_PROTOCOL_VERSION, &amp;protocolVersion );
if ( protocolVersion == LDAP_VERSION2 ) {
ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *)sizeLimit );
} else { /* the protocol version is LDAP_VERSION3 */
ldap_set_option( ld, LDAP_OPT_SIZELIMIT, &amp;sizeLimit );
}
</pre>
<p>Additional details on specific options for <strong>
ldap_set_option()</strong> are provided in the following sections.</p>
<br>
<h3><a name="sizelimit"></a>LDAP_OPT_SIZELIMIT</h3>
<p>Specifies the maximum number of entries that can be returned on a search
operation. Note: the actual size limit for operations is also bounded by the
maximum number of entries that the server is configured to return. Thus, the
actual size limit will be the lesser of the value specified on this option and
the value configured in the LDAP server. The default sizelimit is unlimited,
specified with a value of zero (thus deferring to the sizelimit setting of the
LDAP server).</p>
<p><strong>Examples:</strong></p>
<pre>
sizevalue=50;
ldap_set_option( ld, LDAP_OPT_SIZELIMIT, &amp;sizevalue);
ldap_get_option( ld, LDAP_OPT_SIZELIMIT, &amp;sizevalue);
</pre>
<br>
<h3><a name="timelimit"></a>LDAP_OPT_TIMELIMIT</h3>
<p>Specifies the number of seconds to wait for search results. Note: the actual
time limit for operations is also bounded by the maximum time that the server
is configured to allow. Thus, the actual time limit will be the lesser of the
value specified on this option and the value configured in the LDAP server. The
default is unlimited (specified with a value of zero).</p>
<p><strong>Examples:</strong></p>
<pre>
timevalue=50;
ldap_set_option( ld, LDAP_OPT_TIMELIMIT, &amp;timevalue);
ldap_get_option( ld, LDAP_OPT_TIMELIMIT, &amp;timevalue);
</pre>
<br>
<h3><a name="refhoplimit"></a>LDAP_OPT_REFHOPLIMIT</h3>
<p>Specifies the maximum number of hops that the client library will take when
chasing referrals. The default is 5.</p>
<p><strong>Examples:</strong></p>
<pre>
hoplimit=7;
ldap_set_option( ld, LDAP_OPT_REFHOPLIMIT, &amp;hoplimit);
ldap_get_option( ld, LDAP_OPT_REFHOPLIMIT, &amp;hoplimit);
</pre>
<br>
<h3><a name="deref"></a>LDAP_OPT_DEREF</h3>
<p>Specifies alternative rules for following aliases at the server. The default
is LDAP_DEREF_NEVER.</p>
<p>Supported values:</p>
<table cellpadding="5">
<!-- cols="5 95" -->
<tr>
<td align="left" valign="top"><em>0</em></td>
<td align="left" valign="top">LDAP_DEREF_NEVER</td>
</tr>
<tr>
<td align="left" valign="top"><em>1</em></td>
<td align="left" valign="top">LDAP_DEREF_SEARCHING</td>
</tr>
<tr>
<td align="left" valign="top"><em>2</em></td>
<td align="left" valign="top">LDAP_DEREF_FINDING</td>
</tr>
<tr>
<td align="left" valign="top"><em>3</em></td>
<td align="left" valign="top">LDAP_DEREF_ALWAYS</td>
</tr>
</table>
<p><strong>Examples:</strong></p>
<pre>
int deref = LDAP_DEREF_NEVER;
ldap_set_option( ld, LDAP_OPT_DEREF,&amp;deref);
ldap_get_option( ld, LDAP_OPT_DEREF, &amp;deref);
</pre>
<br>
<h3><a name="referrals"></a>LDAP_OPT_REFERRALS</h3>
<p>Specifies whether the LDAP library will automatically follow referrals
returned by LDAP servers or not. It can be set to one of the constants <strong>
LDAP_OPT_ON</strong> or <strong>LDAP_OPT_OFF</strong>. By default, the LDAP
client will follow referrals.</p>
<p><strong>Examples:</strong></p>
<pre>
int value;
ldap_set_option( ld, LDAP_OPT_REFFERALS, (void *)LDAP_OPT_ON);
ldap_get_option( ld, LDAP_OPT_REFFERALS, &amp;value);
</pre>
<br>
<h3><a name="debug"></a>LDAP_OPT_DEBUG</h3>
<p>Specifies a bit-map that indicates the level of debug trace for the LDAP
library.</p>
<p>Supported values:</p>
<table cellpadding="5">
<!-- cols="30 70" -->
<tr>
<th align="left" valign="top" colspan="2">/* Debug levels */</th>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_OFF</em></td>
<td align="left" valign="top">0x000</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_TRACE</em></td>
<td align="left" valign="top">0x001</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_PACKETS</em></td>
<td align="left" valign="top">0x002</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_ARGS</em></td>
<td align="left" valign="top">0x004</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_CONNS</em></td>
<td align="left" valign="top">0x008</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_BER</em></td>
<td align="left" valign="top">0x010</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_FILTER</em></td>
<td align="left" valign="top">0x020</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_CONFIG</em></td>
<td align="left" valign="top">0x040</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_ACL</em></td>
<td align="left" valign="top">0x080</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_STATS</em></td>
<td align="left" valign="top">0x100</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_STATS2</em></td>
<td align="left" valign="top">0x200</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_SHELL</em></td>
<td align="left" valign="top">0x400</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_PARSE</em></td>
<td align="left" valign="top">0x800</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_DEBUG_ANY</em></td>
<td align="left" valign="top">0xffff</td>
</tr>
</table>
<p><strong>Examples:</strong></p>
<pre>
int value;
int debugvalue= LDAP_DEBUG_TRACE | LDAP_DEBUG_PACKETS;
ldap_set_option( ld, LDAP_OPT_DEBUG, &amp;debugvalue);
ldap_get_option( ld, LDAP_OPT_DEBUG, &amp;value );
</pre>
<p>An alternative way to set the debug level is to set the LDAP_DEBUG
environment variable in the job that the client application will run in. The
environment variable is set to the same numerical value that the value variable
would be set to if <strong>ldap_set_option()</strong> was used. An example of
enabling client trace for an application using the LDAP_DEBUG environment
variable:</p>
<pre>
ADDENVVAR ENVVAR(LDAP_DEBUG) VALUE(0X0003)
</pre>
<p>After the client application has run, use</p>
<pre>
DMPUSRTRC jobnumber-of-the-client-job
</pre>
<p>Then, to display the trace information interactively, use</p>
<pre>
DSPPFM QAP0ZDMP QP0Znnnnnn -- where nnnnnn is the job number.
</pre>
<br>
<h3><a name="cipher"></a>LDAP_OPT_SSL_CIPHER</h3>
<p>Specifies a set of one or more ciphers to be used when negotiating the
cipher algorithm with the LDAP server. The first cipher in the list that is
common with the list of ciphers supported by the server is chosen. For the
export version of the library, the value used is &quot;0306&quot;. For the domestic
version of the library, the default value is &quot;05040A090306&quot;. Note that the
cipher string supported by the export version of the LDAP client library is
fixed and cannot be modified.</p>
<p>Supported ciphers:</p>
<table cellpadding="5">
<!-- cols="30 70" -->
<tr>
<td align="left" valign="top"><em>LDAP_SSL_RC4_MD5_EX</em></td>
<td align="left" valign="top">03</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_SSL_RC2_MD5_EX</em></td>
<td align="left" valign="top">05 (Non-export only)</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_SSL_RC4_SHA_US</em></td>
<td align="left" valign="top">04 (Non-export only)</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_SSL_RC4_MD5_US</em></td>
<td align="left" valign="top">06</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_SSL_DES_SHA_US</em></td>
<td align="left" valign="top">09 (Non-export only)</td>
</tr>
<tr>
<td align="left" valign="top"><em>LDAP_SSL_3DES_SHA_US</em></td>
<td align="left" valign="top">0A (Non-export only)</td>
</tr>
<tr>
<td align="left" valign="top">
<em>LDAP_SSL_AES_SHA_US</em></td>
<td align="left" valign="top">2F (Non-export only)</td>
</tr>
</table>
<p><strong>Examples:</strong></p>
<pre>
char *setcipher = &quot;2F090A&quot;;
char *getcipher;
ldap_set_option( ld, LDAP_OPT_SSL_CIPHER, setcipher);
ldap_get_option( ld, LDAP_OPT_SSL_CIPHER, &amp;getcipher );
</pre>
<br>
<h3><a name="timeout"></a>LDAP_OPT_SSL_TIMEOUT</h3>
<p>Specifies in seconds the SSL inactivity timer. After the specified seconds,
in which no SSL activity has occurred, the SSL connection will be refreshed
with new session keys. A smaller value may help increase security, but will
have a small impact on performance. The default SSL timeout value is 43200
seconds.</p>
<p><strong>Examples:</strong></p>
<pre>
value = 100;
ldap_set_option( ld, LDAP_OPT_SSL_TIMEOUT, &amp;value );
ldap_get_option( ld, LDAP_OPT_SSL_TIMEOUT, &amp;value );
</pre>
<br>
<h3><a name="rebind_fn"></a>LDAP_OPT_REBIND_FN</h3>
<p>Specifies the address of a routine to be called by the LDAP library when the
need arises to authenticate a connection with another LDAP server. This can
occur, for example, when the LDAP library is chasing a referral. If a routine
is not defined, referrals will always be chased using the anonymous identity. A
default routine is not defined.</p>
<p><strong>Examples:</strong></p>
<pre>
extern LDAPRebindProc proc_address;
LDAPRebindProc value;
ldap_set_option( ld, LDAP_OPT_REBIND_FN, &amp;proc_address);
ldap_get_option( ld, LDAP_OPT_REBIND_FN, &amp;value);
</pre>
<br>
<h3><a name="version"></a>LDAP_OPT_PROTOCOL_VERSION</h3>
<p>Specifies the LDAP protocol to be used by the LDAP client library when
connecting to an LDAP server. Also used to determine which LDAP protocol is
being used for the connection. For an application that uses <a href=
"ldap_init.htm">ldap_init()</a> to create the LDAP connection the default value
of this option will be LDAP_VERSION3 for communicating with the LDAP server.
The default value of this option will be LDAP_VERSION2 if the application uses
the deprecated <a href="ldap_open.htm">ldap_open()</a> API. In either case, the
<strong>LDAP_OPT_PROTOCOL_VERSION</strong> option can be used with <strong>
ldap_set_option()</strong> to change the default. The LDAP protocol version
should be reset prior to issuing the bind (or any operation that causes an
implicit bind).</p>
<p><strong>Examples:</strong></p>
<pre>
version2 = LDAP_VERSION2;
version3 = LDAP_VERSION3;
/* Example for Version 3 application setting version to version 2 */
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &amp;version2);
/* Example of Version 2 application setting version to version 3 */
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &amp;version3);
ldap_get_option( ld, LDAP_OPT_PROTOCOL_VERSION, &amp;value);
</pre>
<br>
<h3><a name="server_controls"></a>LDAP_OPT_SERVER_CONTROLS</h3>
<p>Specifies a default list of server controls to be sent with each request.
The default list can be overridden by specifying a server control, or list of
server controls, on specific APIs. By default, no server controls will be
sent.</p>
<p><strong>Example:</strong></p>
<pre>
ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &amp;ctrlp);
</pre>
<br>
<h3><a name="client_controls"></a>LDAP_OPT_CLIENT_CONTROLS</h3>
<p>Specifies a default list of client controls to be processed by the client
library with each request. Since client controls are not defined for this
version of the library, the <strong>ldap_set_option()</strong> API can be used
to define a set of default, non-critical client controls. If one or more client
controls in the set is critical, the entire list is rejected with a return code
of <strong>LDAP_UNAVAILABLE_CRITICAL_EXTENSION</strong>.</p>
<br>
<h3><a name="utf8_io"></a>LDAP_OPT_UTF8_IO</h3>
<p>Specifies whether the LDAP library will automatically convert string data to
and from the local code page. It can be set to one of the constants <strong>
LDAP_UTF8_XLATE_ON</strong> or <strong>LDAP_UTF8_XLATE_OFF</strong>. By
default, the LDAP library will convert string data.</p>
<p>When conversion is disabled, the LDAP library assumes that data received
from the application by LDAP APIs is already represented in UTF-8. Similarly,
the LDAP library assumes that the application is prepared to receive string
data from the LDAP library represented in UTF-8 (or as binary).</p>
<p>When <strong>LDAP_UTF8_XLATE_ON</strong> is set (the default), the LDAP
library assumes that string data received from the application by LDAP APIs is
in the default (or explicitly designated) code page. Similarly, all string data
returned from the LDAP library (back to the application) is converted to the
designated local code page.</p>
<p><strong>It is important to note</strong> that only string data supplied on
connection-based APIs will be translated (that is, only those APIs that include an
<strong>ld</strong> will be subject to translation). For example, string values passed in
to <a href="ldap_search.htm">ldap_search()</a> will be converted, but string
values passed in to <a href="ldap_init.htm">ldap_init</a> will not.</p>
<p><strong>It is also important to note</strong> that translation of strings
from a UTF-8 encoding to local code page may result in loss of data when one or
more characters in the UTF-8 encoding cannot be represented in the local code
page. When this occurs, a substitution character replaces any UTF-8 characters
that cannot be converted to the local code page.</p>
<p>For more information on explicitly setting the locale for conversions, see
<a href="ldap_set_locale.htm">ldap_set_locale()</a>.</p>
<p><strong>Examples:</strong></p>
<pre>
int value;
ldap_set_option( ld, LDAP_OPT_UTF8_IO, (void *)LDAP_UTF8_XLATE_ON);
ldap_get_option( ld, LDAP_OPT_UTF8_IO, &amp;value);
</pre>
<br>
<h3>Return Value</h3>
<dl>
<dt><strong>LDAP_SUCCESS</strong></dt>
<dd>if the request was successful.<br>
<br>
</dd>
<dt><strong>another LDAP error code</strong></dt>
<dd>if the request was not successful.</dd>
</dl>
<br>
<h3>Error Conditions</h3>
<p>The <strong>ldap_set_option()</strong> function will return an LDAP error
code if not successful. See <a href="ldap_error_condt.htm">LDAP Client API
Error Conditions</a> for possible LDAP error codes values.</p>
<br>
<h3>Error Messages</h3>
<p>The following message may be sent from this function.</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top" nowrap>Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td align="left" valign="top">CPF3CF2 E</td>
<td align="left" valign="top">Error(s) occurred during running of
ldap_set_option API.</td>
</tr>
</table>
<br>
<br>
<h3>Related Information</h3>
<ul>
<li><a href="ldap_get_option.htm">ldap_get_option()</a> -- Retrieve an option
associated with an LDAP descriptor.</li>
<li><a href="ldap_init.htm">ldap_init()</a> -- Initializes a session with an
LDAP server.</li>
<li><a href="ldap_open.htm">ldap_open()</a> -- Open a connection to an LDAP
server (deprecated).</li>
<li><a href="ldap_set_rebind_proc.htm">ldap_set_rebind_proc()</a> -- Set rebind
procedure</li>
<li><a href="ldap_version.htm">ldap_version()</a> -- Obtain LDAP version and
SSL cipher information.</li>
</ul>
<br>
<hr>
API introduced: V4R5
<hr>
<table align="center" cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"dirserv1.htm">LDAP APIs</a> | <a href="aplist.htm">APIs by
category</a></td>
</tr>
</table>
</body>
</html>