friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/dirserv3.htm

200 lines
6.7 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>LDAP Version Support</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>LDAP Version Support</h2>
<p>The LDAP toolkit has been enhanced to support both LDAP Version 2 and LDAP
Version 3 APIs and protocols. The LDAP toolkit APIs and protocols are based on
the Internet Draft, which is classified as a "work in progress."</p>
<p>The LDAP APIs provide typical directory functions such as read, write, and
search. With the advent of support for LDAP Version 3 APIs and protocols, the
following features are also supported:</p>
<ul>
<li>LDAP V3 referrals<br>
<br>
</li>
<li>Improved internationalization with UTF-8 support for Distinguished Names
(DNs) and strings that are passed into, and returned from the LDAP APIs (when
running as an LDAP V3 application and LDAP_OPT_UTF8_IO is set to
LDAP_UTF8_XLATE_OFF). The default, when running as an LDAP V3 or V2
application, for DNs and strings that are passed into or returned from LDAP
APIs is limited to the local codepage character set.
<p>In general, the connection-associated LDAP Version 3 APIs ( APIs that have
<strong>ld</strong> as one of their parameters ) are designed to accept and
return string data in either <strong>UTF-8</strong> encoded format or in the
<strong>local code page</strong> format, depending on the <strong>
LDAP_OPT_UTF8_IO</strong> option value set using the <a href= "ldap_set_option.htm">ldap_set_option()</a> API to <strong>
LDAP_UTF8_XLATE_ON</strong> (the default) or <strong>
LDAP_UTF8_XLATE_OFF</strong>.</p>
<p>The following LDAP APIs (and related APIs) accept and return <strong>
UTF-8</strong> encoded string data when the <strong>LDAP_OPT_UTF8_IO</strong>
option is set to <strong>LDAP_UTF8_XLATE_OFF</strong>. Otherwise, they accept
or return string data in the <strong>local code page</strong> (the
default).</p>
<ul>
<li>ldap_add (and family)</li>
<li>ldap_bind (and family)</li>
<li>ldap_compare (and family)</li>
<li>ldap_delete (and family)</li>
<li>ldap_parse_reference_np</li>
<li>ldap_get_dn</li>
<li>ldap_get_values</li>
<li>ldap_modify (and family)</li>
<li>ldap_parse_result</li>
<li>ldap_rename (and family)</li>
<li>ldap_search (and family)</li>
<li>ldap_url_search (and family)</li>
</ul>
<p>APIs that are <strong>NOT</strong> associated with a connection (APIs that
<strong>do not</strong> have <strong>ld</strong> as one of their parameters),
always expect and return string data (DNs, for example) in local code page.<br>
The following LDAP APIs (and related APIs) will accept and return string data
in the <strong>local code page</strong>.</p>
<ul>
<li>ldap_init</li>
<li>ldap_ssl_init</li>
<li>ldap_explode_dn</li>
<li>ldap_explode_rdn</li>
<li>ldap_server_locate</li>
<li>ldap_server_conf_save</li>
<li>ldap_is_ldap_url</li>
<li>ldap_default_dn_set/get</li>
</ul>
<p>As a non-standard extension to the API set on i5/OS<SUP>(TM)</SUP> only, two APIs have
been added that allow input of string data in UTF8. These are:</p>
<ul>
<li>ldap_explode_dn_utf8</li>
<li>ldap_explode_rdn_utf8</li>
</ul>
</li>
<li>The ability for an application to access schema information published by
LDAP V3 servers (see <a href="#schema">Accessing Schema Information</a>).<br>
<br>
</li>
<li>The ability for certain <strong>LDAP Version 3</strong> operations to be
extended with the use of <strong>controls</strong>. Controls can be sent to a
server, or returned to the client with any LDAP message. This type of control
is called a server control.
<p>The LDAP API also supports a client-side extension mechanism, which can be
used to define client controls. The client-side controls affect the behavior of
the LDAP client library, and are never sent to the server. Note that
client-side controls are not defined for this client library.</p>
<p>A common data structure is used to represent both server-side and
client-side controls:</p>
<pre>
typedef struct ldapcontrol {
char <var>*ldctl_oid</var>;
struct berval <var>ldctl_value</var>;
char <var>ldctl_iscritical</var>;
} <var>LDAPControl, *PLDAPControl</var>;
</pre>
<p>The LDAPControl fields have the following definitions:</p>
<dl>
<dt><strong><var>ldctl_oid</var></strong></dt>
<dd>The control type, represented as a string.</dd>
<dt><strong><var>ldctl_value</var></strong></dt>
<dd>The data associated with the control. The control may not include
data.</dd>
<dt><strong><var>ldctl_iscritical</var></strong></dt>
<dd>Whether the control is <strong>critical</strong> or <strong>not</strong>.
If the field is non-zero, the operation is carried out only if it is recognized
and supported by the server (or the client for client-side controls).</dd>
</dl>
<p>If using any of the ber_xxx functions to set up the berval structure, you
must specify QSYS/QGLDBRDR as one of the the bind service programs when
creating the program.</p>
</li>
</ul>
<p>With this toolkit, an application that uses the <strong>ldap_open</strong>
API defaults to the LDAP V2 protocol. In this way, existing LDAP applications
will continue to work, and can interoperate with both LDAP V2 servers and LDAP
V3 servers.</p>
<p>An application that uses the <strong>ldap_init</strong> API defaults to the
LDAP V3 protocol (with optional bind). An LDAP V3 application will not
necessarily interoperate with an LDAP server that supports only LDAP V2
protocols.</p>
<p>An application can use the <strong>ldap_set_option API</strong> to change
its LDAP protocol version. This should be done after using <strong>
ldap_open</strong> or <strong>ldap_init</strong> but before issuing a bind or
other operation that results in contacting the server.</p>
<br>
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center">
<a href="#Top_Of_Page">Top</a> |
<a href="dirserv1.htm">Directory Server APIs</a> |
<a href="aplist.htm">APIs by
category</a></td>
</tr>
</table>
</center>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink