LDAP Tutorial: OpenLDAP Software development C programming SDK man pages, RFC's and Links

LDAP programmers API - (Manual section 3)

• ldap - LDAP Programming/Developer synopsis

Establish/Terminate LDAP connection:

• ldap_open / ldap_init - Initialize the LDAP library and open a connection to an LDAP server
• cldap_close - (OpenLDAP Version 1 only) Dispose of Connectionless LDAP Pointer
• cldap_open - (OpenLDAP Version 1 only) Prepare for Connectionless LDAP Communication
• ldap_bind / ldap_bind_s - LDAP bind routines
  • ldap_simple_bind / ldap_simple_bind_s
  • ldap_kerberos_bind_s
  • ldap_kerberos_bind1 / ldap_kerberos_bind1_s / ldap_kerberos_bind2 / ldap_kerberos_bind2_s
  • ldap_unbind / ldap_unbind_s
  • ldap_set_rebind_proc

Interaction with LDAP server:

• cldap_search_s - (OpenLDAP Version 1 only) Connectionless LDAP Search
• cldap_setretryinfo - (OpenLDAP Version 1 only) Set Connectionless LDAP Request Retransmission Parameters
• lber-decode - Basic Encoding Rules library routines for decoding
• lber-encode - Basic Encoding Rules library routines for encoding
• ldap_abandon - Abandon an LDAP operation in progress
• ldap_add / ldap_add_s - Perform an LDAP add operation
• ldap_build_filter - LDAP filter generating routines
• ldap_cache - LDAP client caching routines
  • ldap_enable_cache
  • ldap_disable_cache
  • ldap_destroy_cache
  • ldap_flush_cache
  • ldap_uncache_entry
  • ldap_uncache_request
  • ldap_set_cache_options
• ldap_charset - (OpenLDAP Version 1 Only) LDAP character set translation routines
  • ldap_set_string_translators
  • ldap_t61_to_8859
  • ldap_8859_to_t61
  • ldap_translate_from_t61
  • ldap_translate_to_t61
  • ldap_enable_translation
• ldap_compare /ldap_compare_s - Perform an LDAP compare operation
• ldap_delete / ldap_delete_s - Perform an LDAP delete operation
• ldap_disptmpl - LDAP display template routines
  • ldap_init_templates
  • ldap_init_templates_buf
  • ldap_free_templates
  • ldap_first_disptmpl
  • ldap_next_disptmpl
  • ldap_oc2template
  • ldap_tmplattrs
  • ldap_first_tmplrow
  • ldap_next_tmplrow
  • ldap_first_tmplcol
  • ldap_next_tmplcol
• ldap_entry2text - LDAP entry display routines
  • ldap_entry2text_search
  • ldap_vals2text
  • ldap_entry2html
  • ldap_entry2html_search
  • ldap_vals2html
• ldap_friendly - LDAP unfriendly to friendly name mapping routine
  • ldap_friendly_name
  • ldap_free_friendlymap
• ldap_getfilter - LDAP filter generating routines
  • ldap_init_getfilter
  • ldap_init_getfilter_buf
  • ldap_getfilter_free
  • ldap_getfirstfilter
  • ldap_getnextfilter
  • ldap_build_filter
  • ldap_setfilteraffixes
• ldap_modify / ldap_modify_s / ldap_mods_free - Perform an LDAP modify operation
• ldap_modrdn -
  • ldap_modrdn_s
  • ldap_modrdn2
  • ldap_modrdn2_s
• ldap_result / ldap_msgfree - Wait for the result of an LDAP operation
• ldap_search - Perform an LDAP search operation
  • ldap_search_s
  • ldap_search_st
• ldap_searchprefs - LDAP search preference configuration routines
  • ldap_init_searchprefs_buf
  • ldap_free_searchprefs
  • ldap_first_searchobj
  • ldap_next_searchobj
• ldap_ufn - Perform an LDAP user friendly search operation
  • ldap_ufn_search_s
  • ldap_ufn_search_c
  • ldap_ufn_search_ct
  • ldap_ufn_setfilter
  • ldap_ufn_setfilter
  • ldap_ufn_setprefix
  • ldap_ufn_timeout
• ldap_url - LDAP Uniform Resource Locator routines
  • ldap_is_ldap_url
  • ldap_url_parse
  • ldap_free_urldesc
  • ldap_url_search
  • ldap_url_search_s
  • ldap_url_search_st

Handling Results:

• ldap_sort - LDAP sorting routines
  • ldap_sort_entries
  • ldap_sort_values
  • ldap_sort_strcasecmp
• ldap_first_attribute / ldap_next_attribute - step through LDAP entry attributes
• ldap_count_entries / ldap_first_entry / ldap_next_entry - LDAP result entry parsing and counting routines
• ldap_count_values - LDAP attribute value handling routines
  • ldap_get_values
  • ldap_get_values_len
  • ldap_value_free
  • ldap_value_free_len
• ldap_dn2ufn - LDAP DN handling routines
  • ldap_get_dn
  • ldap_explode_dn
  • ldap_is_dns_dn
  • ldap_explode_dns

Error Handling:

• ldap_error - LDAP protocol error handling routines
  • ldap_perror
  • ld_errno
  • ldap_result2error
  • ldap_errlist
  • ldap_err2string

Internet Draft (Obsoletes RFC 1823) - The LDAP Application Program Interface (API) for software developers

• 1274 - The COSINE and Internet X.500 Directory Schema (Naming Architecture)
• 1275 - Replication Requirements to provide an Internet Directory using X.500
• 1279 - X.500 and Domains
• 1308 - Introduction to Directory Services Using the X.500 Protocol
• 1309 - Overview of Directory Services Using the X.500 Protocol
• 1430 - Plan for Deploying an Internet X.500 Directory Service
• 1558 - String Representation of LDAP Search Filters
• 1617 - Naming and Structuring Guidelines for X.500 Directory Pilots
• 1777 - Lightweight Directory Access Protocol
• 1778 - The String Representation of Standard Attribute Syntaxes (Replaced by RFC 2559)
• 1779 - A String Representation of Distinguished Names (dn) (Replaced by RFC 2253)
• 1781 - Using the OSI Directory to Achieve User Friendly Naming
• 1798 - Connection-less Lightweight Directory Access Protocol
• 1823 - The LDAP Application Program Interface (API) for software developers. (See new internet draft)
• 1959 - An LDAP URL Format (Replaced by RFC 2255)
• 1960 - A String Representation of LDAP Search Filters (Replaced by RFC 2254)
• 2044 - UTF-8, a transformation format of Unicode and ISO 10646
• 2164 - Use of an X.500/LDAP directory to support MIXER address mapping
• 2218 - A Common Schema for the Internet White Pages Service
• 2247 - Using Domains in LDAP/X.500 Distinguished Names
• LDAP V3 (most pertinent)
  • 2251 - Lightweight Directory Access Protocol (v3)
  • 2252 - Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
  • 2253 - Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
  • 2254 - The String Representation of LDAP Search Filters
  • 2255 - The LDAP URL Format
  • 2256 - A Summary of the X.500(96) User Schema for use with LDAPv3
• 2279 - UTF-8, a transformation format of ISO 10646
• 2293 - Representing Tables and Subtrees in the X.500 Directory
• 2294 - Representing the O/R Address hierarchy in the X.500 Directory Information Tree
• 2307 - An Approach for Using LDAP as a Network Information Service
• 2377 - Naming Plan for Internet Directory-Enabled Application

• 2559 - Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2
• 2586 - Internet X.509 Public Key Infrastructure LDAPv2 Schema
• 2596 - Use of Language Codes in LDAP
• 2649 - An LDAP Control and Schema for Holding Operation Signatures
• 2657 - LDAPv2 Client vs. the Index Mesh
• 2696 - LDAP Control Extension for Simple Paged Results Manipulation
• 2713 - Schema for Representing Java(tm) Objects in an LDAP Directory
• 2714 - Schema for Representing CORBA Object References in an LDAP Directory
• 2739 - Calendar Attributes for vCard and LDAP
• 2798 - Definition of the inetOrgPerson LDAP Object Class (Netscape Messenger Address Book)
• 2820 - Access Control Requirements for LDAP
• 2829 - Authentication Methods for LDAP
• 2849 - The LDAP Data Interchange Format (LDIF) - Technical Specification
• 2891 - LDAP Control Extension for Server Side Sorting of Search Results
• 2926 - Conversion of LDAP Schemas to and from SLP Templates
• 2927 - MIME Directory Profile for LDAP Schema
• 3045 - Storing Vendor Information in the LDAP root DSE
• 3062 - LDAP Password Modify Extended Operation
• 3088 - OpenLDAP Root Service An experimental LDAP referral service
• rfc4515: String Representation of LDAP Search Filters
• rfc4517: LDAP Syntaxes and Matching Rules

System pre-requisites:

Install the following packages with apt-get install package-name
(Example for Ubuntu hardy 8.04)

• OpenLDAP dependancies:
  • libdb4.3
  • libdb4.3-dev
  • openssl
• GNU development tools:
  • build-essentials
  • make
  • gcc
  • autoconf
  • automake
  • texinfo
  • libtool

Compiling OpenLDAP:

Download tarball from http://www.openldap.org/software/download/

• Untar: tar xzf openldap-VERSION.tgz
• cd openldap-VERSION
• Test and configure development environment: ./configure --prefix=/opt
• Generate dependancies: make depend
• Compile and link: make
• Optional: make test
• Install: sudo make install

This should create the executables and libraries provided by the packages slapd, ldap-utils, libldap and libldap2-dev

Running your custom compiled ldap server:

/opt/libexec/slapd -f /opt/etc/ldap/slapd.conf -u openldap -g openldap -d 32768 &

[Potential Pitfall]: The fix for the following error:

checking for db.h... no
configure: error: BDB: BerkeleyDB not available

is to install the package libdb4.3-dev.

• Open LDAP: Programming
• SourceForge: Python-LDAP
• SourceForge: PERL-LDAP
• Internet Assignment Number Authority (IANA) - OID assignment
• A Layman's Guide to a Subset of OSI's Abstract Syntax Notation One (ASN.1), Basic Encoding Rules (BER), and Distinguished Encoding Rules (DER)
• Perldap - LDAP-PERL relationship, PERL SDK
• Perl-LDAP Home page
• DSML: Markup language for directories
• Javasoft API for LDAP: javax.naming.ldap

• OpenLDAP Tutorial main page: Installation, configuration, examples and links
• OpenLdap 2.x - SLAPD and LDIF configuration
• OpenLdap 1.2 - SLAPD and LDIF configuration
• LDAP Authentication and user passwords - Adding password protection.
• OpenLdap 1.2 Group security example - SLAPD and LDIF configuration
• Create a new custom object by extending the inetOrgPerson schema
• OpenLDAP 2.x Schema Extension to support MS/Outlook, Netscape 4.5+, PAM,.. (GILSE)
• LDAP admin support scripts and code snippets
• LDAP Software development SDK man pages, RFC's and Links
• aWebDap - A simple, flexible web front end supporting multiple domains designed for the non-technical user. My favorite, but hey, I wrote it!!

	"Understanding And Deploying LDAP Directory Services", by Timothy A. Howes,Phd, Mark C. Smith and Gordon S. Good, ISBN 0672323168, Addison-Wesley Pub Co Second edition. It is general in nature but complete in that it covers all concepts in depth. It is a good book for those wanting to understand everything about LDAP, schema development and its' capabilities.
	"Understanding And Deploying LDAP Directory Services", by Timothy A. Howes,Phd, Mark C. Smith and Gordon S. Good, ISBN 1-57870-070-1, MacMillan Technical Publishing This is the largest LDAP book I own. It is general in nature but complete in that it covers all concepts in depth. It is NOT a good programmers reference but it is good for those wanting to understand everything about LDAP and its' capabilities.
	"Programming Directory-Enabled Applications with Lightweight Directory Access Protocol" by Timothy A. Howes,Phd and Mark C. Smith ISBN 1-57870-000-0, MacMillan Technical Publishing Excellent programmers reference for those using the LDAP C language API. Also covers search filters and LDAP URL's. The OpenLDAP source code is so poorly commented that I found this book often was the only source for an explainion of what was happinging in the code.
	"Implementing LDAP", Mark Wilcok ISBN 1-861002-21-1, WROK Press This book covers all aspects of LDAP from LDIF to the LDAP SDK in C, PERL and JAVA. It has a strong Netscape Directory server bias.
	"LDAP System Administration", Gerald Carter ISBN 1565924916, O'Reilly & Associates This book covers the use of OpenLDAP and the integration of services.
	"LDAP Programming, Management and Integration", Clayton Donley ISBN 1930110405, Manning Publications; 1st edition This book covers LDAP administration as well as introductory information. It covers the directory services markup language (DSML), PERL LDAP module as well as JAVA JNDI.
	"Understanding LDAP - Design and Implementation" - IBM-Redbooks Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis, Johan Westman IBM Redbook #SG24-4986-00 A reference to ldap, available as PDF as well. This book has a bias towards IBM's E-network LDAP Directory server. Tight, terse, but covers everything.
	"LDAP Implementation and Practical Use" IBM Redbook #SG24-6193-00