ldap_get_option()--Retrieve LDAP Options

 #include <ldap.h>

 int ldap_get_option(
                LDAP  *ld,
                int   optionToGet,
                void  *optionValue)

The ldap_get_option() function is used to query settings associated with the specified LDAP connection.

Authorities and Locks

No i5/OS authority is required.

Parameters

ld

(Input) The LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open(). If a NULL ld is passed in, the default value for the option is retrieved.

optionToGet

(Input) The option value that is to be queried on the ldap_get_option() call. See below for the list of supported options.

optionValue

(Input) The address of the storage in which to return the queried value using ldap_get_option().

The following session settings can be get using the ldap_get_option() API:

Additional details on specific options for ldap_get_option() are provided in the following sections.

LDAP_OPT_SIZELIMIT

Specifies the maximum number of entries that can be returned on a search operation. Note: the actual size limit for operations is also bounded by the maximum number of entries that the server is configured to return. Thus, the actual size limit will be the lesser of the value specified on this option and the value configured in the LDAP server. The default sizelimit is unlimited, specified with a value of zero (thus deferring to the sizelimit setting of the LDAP server).

Examples:

  sizevalue=50;
  ldap_set_option( ld, LDAP_OPT_SIZELIMIT, &sizevalue);
  ldap_get_option( ld, LDAP_OPT_SIZELIMIT, &sizevalue );

LDAP_OPT_TIMELIMIT

Specifies the number of seconds to wait for search results. Note: the actual time limit for operations is also bounded by the maximum time that the server is configured to allow. Thus, the actual time limit will be the lesser of the value specified on this option and the value configured in the LDAP server. The default is unlimited (specified with a value of zero).

Examples:

  timevalue=50;
  ldap_set_option( ld, LDAP_OPT_TIMELIMIT, &timevalue);
  ldap_get_option( ld, LDAP_OPT_TIMELIMIT, &timevalue );

LDAP_OPT_REFHOPLIMIT

Specifies the maximum number of hops that the client library will take when chasing referrals. The default is 5.

Examples:

  hoplimit=7;
  ldap_set_option( ld, LDAP_OPT_REFHOPLIMIT, &hoplimit);
  ldap_get_option( ld, LDAP_OPT_REFHOPLIMIT, &hoplimit);

LDAP_OPT_DEREF

Specifies alternative rules for following aliases at the server. The default is LDAP_DEREF_NEVER.

Supported values:

Examples:

  int deref = LDAP_DEREF_NEVER;
  ldap_set_option( ld, LDAP_OPT_DEREF, &deref);
  ldap_get_option( ld, LDAP_OPT_DEREF, &deref);

LDAP_OPT_REFERRALS

Specifies whether the LDAP library will automatically follow referrals returned by LDAP servers or not. It can be set to one of the constants LDAP_OPT_ON or LDAP_OPT_OFF. By default, the LDAP client will follow referrals.

Examples:

  int value;
  ldap_set_option( ld, LDAP_OPT_REFFERALS, (void *)LDAP_OPT_ON);
  ldap_get_option( ld, LDAP_OPT_REFFERALS, &value);

LDAP_OPT_DEBUG

Specifies a bit-map that indicates the level of debug trace for the LDAP library.

Supported values:

Examples:

  int value;
  int debugvalue= LDAP_DEBUG_TRACE | LDAP_DEBUG_PACKETS;
  ldap_set_option( ld, LDAP_OPT_DEBUG, &debugvalue);
  ldap_get_option( ld, LDAP_OPT_DEBUG, &value );

LDAP_OPT_SSL_CIPHER

Specifies a set of one or more ciphers to be used when negotiating the cipher algorithm with the LDAP server. The first cipher in the list that is common with the list of ciphers supported by the server is chosen. For the export version of the library, the value used is "0306". For the domestic version of the library, the default value is "05040A090306". Note that the cipher string supported by the export version of the LDAP client library is fixed and cannot be modified.

Supported ciphers:

Examples:

  char *setcipher = "2F090A";
  char *getcipher;
  ldap_set_option( ld, LDAP_OPT_SSL_CIPHER, setcipher);
  ldap_get_option( ld, LDAP_OPT_SSL_CIPHER, &getcipher );

Use ldap_memfree() to free the memory returned by the call to ldap_get_option().

LDAP_OPT_SSL_TIMEOUT

Specifies in seconds the SSL inactivity timer. After the specified seconds, in which no SSL activity has occurred, the SSL connection will be refreshed with new session keys. A smaller value may help increase security, but will have a small impact on performance. The default SSL timeout value is 43200 seconds.

Examples:

  value = 100;
  ldap_set_option( ld, LDAP_OPT_SSL_TIMEOUT, &value );
  ldap_get_option( ld, LDAP_OPT_SSL_TIMEOUT, &value)

LDAP_OPT_REBIND_FN

Specifies the address of a routine to be called by the LDAP library when the need arises to authenticate a connection with another LDAP server. This can occur, for example, when the LDAP library is chasing a referral. If a routine is not defined, referrals will always be chased using the anonymous identity. A default routine is not defined.

Examples:

  extern LDAPRebindProc proc_address;
  LDAPRebindProc value;
  ldap_set_option( ld, LDAP_OPT_REBIND_FN, &proc_address);
  ldap_get_option( ld, LDAP_OPT_REBIND_FN, &value);

LDAP_OPT_PROTOCOL_VERSION

Specifies the LDAP protocol to be used by the LDAP client library when connecting to an LDAP server. Also used to determine which LDAP protocol is being used for the connection. For an application that uses ldap_init() to create the LDAP connection the default value of this option will be LDAP_VERSION3 for communicating with the LDAP server. The default value of this option will be LDAP_VERSION2 if the application uses the deprecated ldap_open() API. In either case, the LDAP_OPT_PROTOCOL_VERSION option can be used with ldap_set_option() to change the default. The LDAP protocol version should be reset prior to issuing the bind (or any operation that causes an implicit bind).

Examples:

   version2 = LDAP_VERSION2;
   version3 = LDAP_VERSION3;
   /* Example for Version 3 application setting version to version 2 */
   ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version2);
   /* Example of Version 2 application setting version to version 3 */
   ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version3);
   ldap_get_option( ld, LDAP_OPT_PROTOCOL_VERSION, &value);

The value returned by ldap_get_option() when LDAP_OPT_PROTOCOL_VERSION is specified can be used to determine how parameters should be passed to the ldap_set_option() call. The easiest way to work with this compatibility feature is to guarantee that calls to ldap_set_option() are all performed while LDAP_OPT_PROTOCOL_VERSION is set to the same value. If this cannot be guaranteed by the application, then follow the format of the example below when coding the call to ldap_set_option():

Examples:

  int sizeLimit=100;

  int protocolVersion;

  ldap_get_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocolVersion );

  if ( protocolVersion == LDAP_VERSION2 ) {
   ldap_set_option( ld, LDAP_OPT_SIZELIMIT, (void *)sizeLimit );
  } else { /* the protocol version is LDAP_VERSION3 */
   ldap_set_option( ld, LDAP_OPT_SIZELIMIT, &sizeLimit );
  }

LDAP_OPT_SERVER_CONTROLS

Specifies a default list of server controls to be sent with each request. The default list can be overridden by specifying a server control, or list of server controls, on specific APIs. By default, there are no settings for Server Controls.

Example:

  ldap_set_option( ld, LDAP_OPT_SERVER_CONTROLS, &ctrlp);

LDAP_OPT_CLIENT_CONTROLS

Specifies a default list of client controls to be processed by the client library with each request. Since client controls are not defined for this version of the library, the ldap_set_option() API can be used to define a set of default, non-critical client controls. If one or more client controls in the set is critical, the entire list is rejected with a return code of LDAP_UNAVAILABLE_CRITICAL_EXTENSION.

LDAP_OPT_UTF8_IO

Specifies whether the LDAP library will automatically convert string data to and from the local code page. It can be set to one of the constants LDAP_UTF8_XLATE_ON or LDAP_UTF8_XLATE_OFF. By default, the LDAP library will convert string data.

When conversion is disabled, the LDAP library assumes that data received from the application by LDAP APIs is already represented in UTF-8. Similarly, the LDAP library assumes that the application is prepared to receive string data from the LDAP library represented in UTF-8 (or as binary).

When LDAP_UTF8_XLATE_ON is set (the default), the LDAP library assumes that string data received from the application by LDAP APIs is in the default (or explicitly designated) code page. Similarly, all string data returned from the LDAP library (back to the application) is converted to the designated local code page.

Notes:

1. Only string data supplied on connection-based APIs will be translated (that is, only those APIs that include an ld will be subject to translation).
2. Translation of strings from a UTF-8 encoding to local code page may result in loss of data when one or more characters in the UTF-8 encoding cannot be represented in the local code page. When this occurs, a substitution character replaces any UTF-8 characters that cannot be converted to the local code page.

Example:

  int value;
  ldap_get_option( ld, LDAP_OPT_UTF8_IO, &value);

LDAP_OPT_HOST_NAME

This is a read-only option that returns a pointer to the hostname for the original connection (as specified on ldap_init(), ldap_open(), or ldap_ssl_init()).

Example:

  char *hostname;
  ldap_get_option( ld, LDAP_OPT_HOST_NAME, &hostname);

Use ldap_memfree() to free the memory returned by the call to ldap_get_option().

LDAP_OPT_ERROR_NUMBER

This is a read-only option that returns the error code associated with the most recent LDAP error that occurred for the specified LDAP connection.

Example:

  int error;
  ldap_get_option( ld, LDAP_OPT_ERROR_NUMBER, &error);

LDAP_OPT_ERROR_STRING

This is a read-only option that returns the text message associated with the most recent LDAP error that occurred for the specified LDAP connection.

Example:

  char *error_string;
  ldap_get_option( ld, LDAP_OPT_ERROR_STRING, &error_string);

Use ldap_memfree() to free memory returned by the call to ldap_get_option().

LDAP_OPT_EXT_ERROR

This is a read-only option that returns the extended error code. For example, if an SSL error occurred when attempting to call an ldap_search_s() API, the actual SSL error can be obtained by using LDAP_OPT_EXT_ERROR.

Example:

  int exterror;
  ldap_get_option( ld, LDAP_OPT_EXT_ERROR, &exterror);

Returns errors reported by the SSL library.

LDAP_OPT_EXT_GSS_ERR

This is a read-only option that returns the extended error code from SASL binds using the GSSAPI mechanism.

Example:

  int gsserror;
  ldap_get_option( ld, LDAP_OPT_EXT_GSS_ERR, &gsserror);

Return Value

LDAP_SUCCESS

if the request was successful.

another LDAP error code

if the request was not successful.

Error Conditions

The ldap_get_option() API will return an LDAP error code if not successful. See LDAP Client API Error Conditions for possible values for LDAP error codes.

Error Messages

The following message may be sent from this function.

Related Information

• ldap_init() -- Initializes a session with an LDAP server.
• ldap_set_option() -- Set an option associated with an LDAP descriptor.
• ldap_version() -- Obtain LDAP version and SSL cipher information.