1#@!#!123s

: / proc / thread-self / root / home / vblioqus / karachi777.vip / images / 494334 / 65412 /
Filename : man.zip
back
PK������Ec\&
fE��E����man1/nosetests.1nu��[�����������.\" Man page generated from reStructuredText.
.
.TH "NOSETESTS" "1" "April 04, 2015" "1.3" "nose"
.SH NAME
nosetests \- Nicer testing for Python
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH NICER TESTING FOR PYTHON
.SS SYNOPSIS
.INDENT 0.0
.INDENT 3.5
nosetests [options] [names]
.UNINDENT
.UNINDENT
.SS DESCRIPTION
.sp
nose collects tests automatically from python source files,
directories and packages found in its working directory (which
defaults to the current working directory). Any python source file,
directory or package that matches the testMatch regular expression
(by default: \fI(?:^|[b_.\-])[Tt]est)\fP will be collected as a test (or
source for collection of tests). In addition, all other packages
found in the working directory will be examined for python source files
or directories that match testMatch. Package discovery descends all
the way down the tree, so package.tests and package.sub.tests and
package.sub.sub2.tests will all be collected.
.sp
Within a test directory or package, any python source file matching
testMatch will be examined for test cases. Within a test module,
functions and classes whose names match testMatch and TestCase
subclasses with any name will be loaded and executed as tests. Tests
may use the assert keyword or raise AssertionErrors to indicate test
failure. TestCase subclasses may do the same or use the various
TestCase methods available.
.sp
\fBIt is important to note that the default behavior of nose is to
not include tests from files which are executable.\fP  To include
tests from such files, remove their executable bit or use
the \-\-exe flag (see \(aqOptions\(aq section below).
.SS Selecting Tests
.sp
To specify which tests to run, pass test names on the command line:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nosetests only_test_this.py
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
Test names specified may be file or module names, and may optionally
indicate the test case to run by separating the module or file name
from the test case name with a colon. Filenames may be relative or
absolute. Examples:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nosetests test.module
nosetests another.test:TestCase.test_method
nosetests a.test:TestCase
nosetests /path/to/test/file.py:test_function
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
You may also change the working directory where nose looks for tests
by using the \-w switch:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nosetests \-w /path/to/tests
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
Note, however, that support for multiple \-w arguments is now deprecated
and will be removed in a future release. As of nose 0.10, you can get
the same behavior by specifying the target directories \fIwithout\fP
the \-w switch:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nosetests /path/to/tests /another/path/to/tests
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
Further customization of test selection and loading is possible
through the use of plugins.
.sp
Test result output is identical to that of unittest, except for
the additional features (error classes, and plugin\-supplied
features such as output capture and assert introspection) detailed
in the options below.
.SS Configuration
.sp
In addition to passing command\-line options, you may also put
configuration options in your project\(aqs \fIsetup.cfg\fP file, or a .noserc
or nose.cfg file in your home directory. In any of these standard
ini\-style config files, you put your nosetests configuration in a
\fB[nosetests]\fP section. Options are the same as on the command line,
with the \-\- prefix removed. For options that are simple switches, you
must supply a value:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[nosetests]
verbosity=3
with\-doctest=1
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
All configuration files that are found will be loaded and their
options combined. You can override the standard config file loading
with the \fB\-c\fP option.
.SS Using Plugins
.sp
There are numerous nose plugins available via easy_install and
elsewhere. To use a plugin, just install it. The plugin will add
command line options to nosetests. To verify that the plugin is installed,
run:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nosetests \-\-plugins
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
You can add \-v or \-vv to that command to show more information
about each plugin.
.sp
If you are running nose.main() or nose.run() from a script, you
can specify a list of plugins to use by passing a list of plugins
with the plugins keyword argument.
.SS 0.9 plugins
.sp
nose 1.0 can use SOME plugins that were written for nose 0.9. The
default plugin manager inserts a compatibility wrapper around 0.9
plugins that adapts the changed plugin api calls. However, plugins
that access nose internals are likely to fail, especially if they
attempt to access test case or test suite classes. For example,
plugins that try to determine if a test passed to startTest is an
individual test or a suite will fail, partly because suites are no
longer passed to startTest and partly because it\(aqs likely that the
plugin is trying to find out if the test is an instance of a class
that no longer exists.
.SS 0.10 and 0.11 plugins
.sp
All plugins written for nose 0.10 and 0.11 should work with nose 1.0.
.SS Options
.INDENT 0.0
.TP
.B \-V, \-\-version
Output nose version and exit
.UNINDENT
.INDENT 0.0
.TP
.B \-p, \-\-plugins
Output list of available plugins and exit. Combine with higher verbosity for greater detail
.UNINDENT
.INDENT 0.0
.TP
.B \-v=DEFAULT, \-\-verbose=DEFAULT
Be more verbose. [NOSE_VERBOSE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-verbosity=VERBOSITY
Set verbosity; \-\-verbosity=2 is the same as \-v
.UNINDENT
.INDENT 0.0
.TP
.B \-q=DEFAULT, \-\-quiet=DEFAULT
Be less verbose
.UNINDENT
.INDENT 0.0
.TP
.B \-c=FILES, \-\-config=FILES
Load configuration from config file(s). May be specified multiple times; in that case, all config files will be loaded and combined
.UNINDENT
.INDENT 0.0
.TP
.B \-w=WHERE, \-\-where=WHERE
Look for tests in this directory. May be specified multiple times. The first directory passed will be used as the working directory, in place of the current working directory, which is the default. Others will be added to the list of tests to execute. [NOSE_WHERE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-py3where=PY3WHERE
Look for tests in this directory under Python 3.x. Functions the same as \(aqwhere\(aq, but only applies if running under Python 3.x or above.  Note that, if present under 3.x, this option completely replaces any directories specified with \(aqwhere\(aq, so the \(aqwhere\(aq option becomes ineffective. [NOSE_PY3WHERE]
.UNINDENT
.INDENT 0.0
.TP
.B \-m=REGEX, \-\-match=REGEX, \-\-testmatch=REGEX
Files, directories, function names, and class names that match this regular expression are considered tests.  Default: (?:^|[b_./\-])[Tt]est [NOSE_TESTMATCH]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-tests=NAMES
Run these tests (comma\-separated list). This argument is useful mainly from configuration files; on the command line, just pass the tests to run as additional arguments with no switch.
.UNINDENT
.INDENT 0.0
.TP
.B \-l=DEFAULT, \-\-debug=DEFAULT
Activate debug logging for one or more systems. Available debug loggers: nose, nose.importer, nose.inspector, nose.plugins, nose.result and nose.selector. Separate multiple names with a comma.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-debug\-log=FILE
Log debug messages to this file (default: sys.stderr)
.UNINDENT
.INDENT 0.0
.TP
.B \-\-logging\-config=FILE, \-\-log\-config=FILE
Load logging config from this file \-\- bypasses all other logging config settings.
.UNINDENT
.INDENT 0.0
.TP
.B \-I=REGEX, \-\-ignore\-files=REGEX
Completely ignore any file that matches this regular expression. Takes precedence over any other settings or plugins. Specifying this option will replace the default setting. Specify this option multiple times to add more regular expressions [NOSE_IGNORE_FILES]
.UNINDENT
.INDENT 0.0
.TP
.B \-e=REGEX, \-\-exclude=REGEX
Don\(aqt run tests that match regular expression [NOSE_EXCLUDE]
.UNINDENT
.INDENT 0.0
.TP
.B \-i=REGEX, \-\-include=REGEX
This regular expression will be applied to files, directories, function names, and class names for a chance to include additional tests that do not match TESTMATCH.  Specify this option multiple times to add more regular expressions [NOSE_INCLUDE]
.UNINDENT
.INDENT 0.0
.TP
.B \-x, \-\-stop
Stop running tests after the first error or failure
.UNINDENT
.INDENT 0.0
.TP
.B \-P, \-\-no\-path\-adjustment
Don\(aqt make any changes to sys.path when loading tests [NOSE_NOPATH]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-exe
Look for tests in python modules that are executable. Normal behavior is to exclude executable modules, since they may not be import\-safe [NOSE_INCLUDE_EXE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-noexe
DO NOT look for tests in python modules that are executable. (The default on the windows platform is to do so.)
.UNINDENT
.INDENT 0.0
.TP
.B \-\-traverse\-namespace
Traverse through all path entries of a namespace package
.UNINDENT
.INDENT 0.0
.TP
.B \-\-first\-package\-wins, \-\-first\-pkg\-wins, \-\-1st\-pkg\-wins
nose\(aqs importer will normally evict a package from sys.modules if it sees a package with the same name in a different location. Set this option to disable that behavior.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-byte\-compile
Prevent nose from byte\-compiling the source into .pyc files while nose is scanning for and running tests.
.UNINDENT
.INDENT 0.0
.TP
.B \-a=ATTR, \-\-attr=ATTR
Run only tests that have attributes specified by ATTR [NOSE_ATTR]
.UNINDENT
.INDENT 0.0
.TP
.B \-A=EXPR, \-\-eval\-attr=EXPR
Run only tests for whose attributes the Python expression EXPR evaluates to True [NOSE_EVAL_ATTR]
.UNINDENT
.INDENT 0.0
.TP
.B \-s, \-\-nocapture
Don\(aqt capture stdout (any stdout output will be printed immediately) [NOSE_NOCAPTURE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-nologcapture
Disable logging capture plugin. Logging configuration will be left intact. [NOSE_NOLOGCAPTURE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-logging\-format=FORMAT
Specify custom format to print statements. Uses the same format as used by standard logging handlers. [NOSE_LOGFORMAT]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-logging\-datefmt=FORMAT
Specify custom date/time format to print statements. Uses the same format as used by standard logging handlers. [NOSE_LOGDATEFMT]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-logging\-filter=FILTER
Specify which statements to filter in/out. By default, everything is captured. If the output is too verbose,
use this option to filter out needless output.
Example: filter=foo will capture statements issued ONLY to
 foo or foo.what.ever.sub but not foobar or other logger.
Specify multiple loggers with comma: filter=foo,bar,baz.
If any logger name is prefixed with a minus, eg filter=\-foo,
it will be excluded rather than included. Default: exclude logging messages from nose itself (\-nose). [NOSE_LOGFILTER]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-logging\-clear\-handlers
Clear all other logging handlers
.UNINDENT
.INDENT 0.0
.TP
.B \-\-logging\-level=DEFAULT
Set the log level to capture
.UNINDENT
.INDENT 0.0
.TP
.B \-\-with\-coverage
Enable plugin Coverage: 
Activate a coverage report using Ned Batchelder\(aqs coverage module.
 [NOSE_WITH_COVERAGE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-package=PACKAGE
Restrict coverage output to selected packages [NOSE_COVER_PACKAGE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-erase
Erase previously collected coverage statistics before run
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-tests
Include test modules in coverage report [NOSE_COVER_TESTS]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-min\-percentage=DEFAULT
Minimum percentage of coverage for tests to pass [NOSE_COVER_MIN_PERCENTAGE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-inclusive
Include all python files under working directory in coverage report.  Useful for discovering holes in test coverage if not all files are imported by the test suite. [NOSE_COVER_INCLUSIVE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-html
Produce HTML coverage information
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-html\-dir=DIR
Produce HTML coverage information in dir
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-branches
Include branch coverage in coverage report [NOSE_COVER_BRANCHES]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-xml
Produce XML coverage information
.UNINDENT
.INDENT 0.0
.TP
.B \-\-cover\-xml\-file=FILE
Produce XML coverage information in file
.UNINDENT
.INDENT 0.0
.TP
.B \-\-pdb
Drop into debugger on failures or errors
.UNINDENT
.INDENT 0.0
.TP
.B \-\-pdb\-failures
Drop into debugger on failures
.UNINDENT
.INDENT 0.0
.TP
.B \-\-pdb\-errors
Drop into debugger on errors
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-deprecated
Disable special handling of DeprecatedTest exceptions.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-with\-doctest
Enable plugin Doctest: 
Activate doctest plugin to find and run doctests in non\-test modules.
 [NOSE_WITH_DOCTEST]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-doctest\-tests
Also look for doctests in test modules. Note that classes, methods and functions should have either doctests or non\-doctest tests, not both. [NOSE_DOCTEST_TESTS]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-doctest\-extension=EXT
Also look for doctests in files with this extension [NOSE_DOCTEST_EXTENSION]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-doctest\-result\-variable=VAR
Change the variable name set to the result of the last interpreter command from the default \(aq_\(aq. Can be used to avoid conflicts with the _() function used for text translation. [NOSE_DOCTEST_RESULT_VAR]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-doctest\-fixtures=SUFFIX
Find fixtures for a doctest file in module with this name appended to the base name of the doctest file
.UNINDENT
.INDENT 0.0
.TP
.B \-\-doctest\-options=OPTIONS
Specify options to pass to doctest. Eg. \(aq+ELLIPSIS,+NORMALIZE_WHITESPACE\(aq
.UNINDENT
.INDENT 0.0
.TP
.B \-\-with\-isolation
Enable plugin IsolationPlugin: 
Activate the isolation plugin to isolate changes to external
modules to a single test module or package. The isolation plugin
resets the contents of sys.modules after each test module or
package runs to its state before the test. PLEASE NOTE that this
plugin should not be used with the coverage plugin, or in any other case
where module reloading may produce undesirable side\-effects.
 [NOSE_WITH_ISOLATION]
.UNINDENT
.INDENT 0.0
.TP
.B \-d, \-\-detailed\-errors, \-\-failure\-detail
Add detail to error output by attempting to evaluate failed asserts [NOSE_DETAILED_ERRORS]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-with\-profile
Enable plugin Profile: 
Use this plugin to run tests using the hotshot profiler. 
 [NOSE_WITH_PROFILE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-profile\-sort=SORT
Set sort order for profiler output
.UNINDENT
.INDENT 0.0
.TP
.B \-\-profile\-stats\-file=FILE
Profiler stats file; default is a new temp file on each run
.UNINDENT
.INDENT 0.0
.TP
.B \-\-profile\-restrict=RESTRICT
Restrict profiler output. See help for pstats.Stats for details
.UNINDENT
.INDENT 0.0
.TP
.B \-\-no\-skip
Disable special handling of SkipTest exceptions.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-with\-id
Enable plugin TestId: 
Activate to add a test id (like #1) to each test name output. Activate
with \-\-failed to rerun failing tests only.
 [NOSE_WITH_ID]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-id\-file=FILE
Store test ids found in test runs in this file. Default is the file .noseids in the working directory.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-failed
Run the tests that failed in the last test run.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-processes=NUM
Spread test run among this many processes. Set a number equal to the number of processors or cores in your machine for best results. Pass a negative number to have the number of processes automatically set to the number of cores. Passing 0 means to disable parallel testing. Default is 0 unless NOSE_PROCESSES is set. [NOSE_PROCESSES]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-process\-timeout=SECONDS
Set timeout for return of results from each test runner process. Default is 10. [NOSE_PROCESS_TIMEOUT]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-process\-restartworker
If set, will restart each worker process once their tests are done, this helps control memory leaks from killing the system. [NOSE_PROCESS_RESTARTWORKER]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-with\-xunit
Enable plugin Xunit: This plugin provides test results in the standard XUnit XML format. [NOSE_WITH_XUNIT]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-xunit\-file=FILE
Path to xml file to store the xunit report in. Default is nosetests.xml in the working directory [NOSE_XUNIT_FILE]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-xunit\-testsuite\-name=PACKAGE
Name of the testsuite in the xunit xml, generated by plugin. Default test suite name is nosetests.
.UNINDENT
.INDENT 0.0
.TP
.B \-\-all\-modules
Enable plugin AllModules: Collect tests from all python modules.
 [NOSE_ALL_MODULES]
.UNINDENT
.INDENT 0.0
.TP
.B \-\-collect\-only
Enable collect\-only: 
Collect and output test names only, don\(aqt run any tests.
 [COLLECT_ONLY]
.UNINDENT
.SH AUTHOR
Nose developers
.SH COPYRIGHT
2009, Jason Pellerin
.\" Generated by docutils manpage writer.
.
PK�����f\�/f��������man7/kerberos.7nu��[�����������.\" Man page generated from reStructuredText.
.
.TH "KERBEROS" "7" " " "1.17" "MIT Kerberos"
.SH NAME
kerberos \- Overview of using Kerberos
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH DESCRIPTION
.sp
The Kerberos system authenticates individual users in a network
environment.  After authenticating yourself to Kerberos, you can use
Kerberos\-enabled programs without having to present passwords or
certificates to those programs.
.sp
If you receive the following response from kinit(1):
.sp
kinit: Client not found in Kerberos database while getting initial
credentials
.sp
you haven\(aqt been registered as a Kerberos user.  See your system
administrator.
.sp
A Kerberos name usually contains three parts.  The first is the
\fBprimary\fP, which is usually a user\(aqs or service\(aqs name.  The second
is the \fBinstance\fP, which in the case of a user is usually null.
Some users may have privileged instances, however, such as \fBroot\fP or
\fBadmin\fP\&.  In the case of a service, the instance is the fully
qualified name of the machine on which it runs; i.e. there can be an
ssh service running on the machine ABC (\fI\%ssh/ABC@REALM\fP), which is
different from the ssh service running on the machine XYZ
(\fI\%ssh/XYZ@REALM\fP).  The third part of a Kerberos name is the \fBrealm\fP\&.
The realm corresponds to the Kerberos service providing authentication
for the principal.  Realms are conventionally all\-uppercase, and often
match the end of hostnames in the realm (for instance, host01.example.com
might be in realm EXAMPLE.COM).
.sp
When writing a Kerberos name, the principal name is separated from the
instance (if not null) by a slash, and the realm (if not the local
realm) follows, preceded by an "@" sign.  The following are examples
of valid Kerberos names:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
david
jennifer/admin
joeuser@BLEEP.COM
cbrown/root@FUBAR.ORG
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
When you authenticate yourself with Kerberos you get an initial
Kerberos \fBticket\fP\&.  (A Kerberos ticket is an encrypted protocol
message that provides authentication.)  Kerberos uses this ticket for
network utilities such as ssh.  The ticket transactions are done
transparently, so you don\(aqt have to worry about their management.
.sp
Note, however, that tickets expire.  Administrators may configure more
privileged tickets, such as those with service or instance of \fBroot\fP
or \fBadmin\fP, to expire in a few minutes, while tickets that carry
more ordinary privileges may be good for several hours or a day.  If
your login session extends beyond the time limit, you will have to
re\-authenticate yourself to Kerberos to get new tickets using the
kinit(1) command.
.sp
Some tickets are \fBrenewable\fP beyond their initial lifetime.  This
means that \fBkinit \-R\fP can extend their lifetime without requiring
you to re\-authenticate.
.sp
If you wish to delete your local tickets, use the kdestroy(1)
command.
.sp
Kerberos tickets can be forwarded.  In order to forward tickets, you
must request \fBforwardable\fP tickets when you kinit.  Once you have
forwardable tickets, most Kerberos programs have a command line option
to forward them to the remote host.  This can be useful for, e.g.,
running kinit on your local machine and then sshing into another to do
work.  Note that this should not be done on untrusted machines since
they will then have your tickets.
.SH ENVIRONMENT VARIABLES
.sp
Several environment variables affect the operation of Kerberos\-enabled
programs.  These include:
.INDENT 0.0
.TP
\fBKRB5CCNAME\fP
Default name for the credentials cache file, in the form
\fITYPE\fP:\fIresidual\fP\&.  The type of the default cache may determine
the availability of a cache collection.  \fBFILE\fP is not a
collection type; \fBKEYRING\fP, \fBDIR\fP, and \fBKCM\fP are.
.sp
If not set, the value of \fBdefault_ccache_name\fP from
configuration files (see \fBKRB5_CONFIG\fP) will be used.  If that
is also not set, the default \fItype\fP is \fBFILE\fP, and the
\fIresidual\fP is the path /tmp/krb5cc_*uid*, where \fIuid\fP is the
decimal user ID of the user.
.TP
\fBKRB5_KTNAME\fP
Specifies the location of the default keytab file, in the form
\fITYPE\fP:\fIresidual\fP\&.  If no \fItype\fP is present, the \fBFILE\fP type is
assumed and \fIresidual\fP is the pathname of the keytab file.  If
unset, \fBFILE:/etc/krb5.keytab\fP will be used.
.TP
\fBKRB5_CONFIG\fP
Specifies the location of the Kerberos configuration file.  The
default is \fB/etc\fP\fB/krb5.conf\fP\&.  Multiple filenames can
be specified, separated by a colon; all files which are present
will be read.
.TP
\fBKRB5_KDC_PROFILE\fP
Specifies the location of the KDC configuration file, which
contains additional configuration directives for the Key
Distribution Center daemon and associated programs.  The default
is \fB/opt/alt/krb5/usr/var\fP\fB/krb5kdc\fP\fB/kdc.conf\fP\&.
.TP
\fBKRB5RCACHETYPE\fP
Specifies the default type of replay cache to use for servers.
Valid types include \fBdfl\fP for the normal file type and \fBnone\fP
for no replay cache.  The default is \fBdfl\fP\&.
.TP
\fBKRB5RCACHEDIR\fP
Specifies the default directory for replay caches used by servers.
The default is the value of the \fBTMPDIR\fP environment variable,
or \fB/var/tmp\fP if \fBTMPDIR\fP is not set.
.TP
\fBKRB5_TRACE\fP
Specifies a filename to write trace log output to.  Trace logs can
help illuminate decisions made internally by the Kerberos
libraries.  For example, \fBenv KRB5_TRACE=/dev/stderr kinit\fP
would send tracing information for kinit(1) to
\fB/dev/stderr\fP\&.  The default is not to write trace log output
anywhere.
.TP
\fBKRB5_CLIENT_KTNAME\fP
Default client keytab file name.  If unset, \fBFILE:/opt/alt/krb5/usr/var/krb5/user/%{euid}/client.keytab\fP will be
used).
.TP
\fBKPROP_PORT\fP
kprop(8) port to use.  Defaults to 754.
.UNINDENT
.sp
Most environment variables are disabled for certain programs, such as
login system programs and setuid programs, which are designed to be
secure when run within an untrusted process environment.
.SH SEE ALSO
.sp
kdestroy(1), kinit(1), klist(1),
kswitch(1), kpasswd(1), ksu(1),
krb5.conf(5), kdc.conf(5), kadmin(1),
kadmind(8), kdb5_util(8), krb5kdc(8)
.SH BUGS
.SH AUTHORS
.nf
Steve Miller, MIT Project Athena/Digital Equipment Corporation
Clifford Neuman, MIT Project Athena
Greg Hudson, MIT Kerberos Consortium
Robbie Harwood, Red Hat, Inc.
.fi
.sp
.SH HISTORY
.sp
The MIT Kerberos 5 implementation was developed at MIT, with
contributions from many outside parties.  It is currently maintained
by the MIT Kerberos Consortium.
.SH RESTRICTIONS
.sp
Copyright 1985, 1986, 1989\-1996, 2002, 2011, 2018 Masachusetts
Institute of Technology
.SH AUTHOR
MIT
.SH COPYRIGHT
1985-2019, MIT
.\" Generated by docutils manpage writer.
.
PK�����f\3��d������man5/k5login.5nu��[�����������.\" Man page generated from reStructuredText.
.
.TH "K5LOGIN" "5" " " "1.17" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH DESCRIPTION
.sp
The .k5login file, which resides in a user\(aqs home directory, contains
a list of the Kerberos principals.  Anyone with valid tickets for a
principal in the file is allowed host access with the UID of the user
in whose home directory the file resides.  One common use is to place
a .k5login file in root\(aqs home directory, thereby granting system
administrators remote root access to the host via Kerberos.
.SH EXAMPLES
.sp
Suppose the user \fBalice\fP had a .k5login file in her home directory
containing just the following line:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
bob@FOOBAR.ORG
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
This would allow \fBbob\fP to use Kerberos network applications, such as
ssh(1), to access \fBalice\fP\(aqs account, using \fBbob\fP\(aqs Kerberos
tickets.  In a default configuration (with \fBk5login_authoritative\fP set
to true in krb5.conf(5)), this .k5login file would not let
\fBalice\fP use those network applications to access her account, since
she is not listed!  With no .k5login file, or with \fBk5login_authoritative\fP
set to false, a default rule would permit the principal \fBalice\fP in the
machine\(aqs default realm to access the \fBalice\fP account.
.sp
Let us further suppose that \fBalice\fP is a system administrator.
Alice and the other system administrators would have their principals
in root\(aqs .k5login file on each host:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
alice@BLEEP.COM

joeadmin/root@BLEEP.COM
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
This would allow either system administrator to log in to these hosts
using their Kerberos tickets instead of having to type the root
password.  Note that because \fBbob\fP retains the Kerberos tickets for
his own principal, \fBbob@FOOBAR.ORG\fP, he would not have any of the
privileges that require \fBalice\fP\(aqs tickets, such as root access to
any of the site\(aqs hosts, or the ability to change \fBalice\fP\(aqs
password.
.SH SEE ALSO
.sp
kerberos(1)
.SH AUTHOR
MIT
.SH COPYRIGHT
1985-2019, MIT
.\" Generated by docutils manpage writer.
.
PK�����f\�ք��������man5/k5identity.5nu��[�����������.\" Man page generated from reStructuredText.
.
.TH "K5IDENTITY" "5" " " "1.17" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH DESCRIPTION
.sp
The .k5identity file, which resides in a user\(aqs home directory,
contains a list of rules for selecting a client principals based on
the server being accessed.  These rules are used to choose a
credential cache within the cache collection when possible.
.sp
Blank lines and lines beginning with \fB#\fP are ignored.  Each line has
the form:
.INDENT 0.0
.INDENT 3.5
\fIprincipal\fP \fIfield\fP=\fIvalue\fP ...
.UNINDENT
.UNINDENT
.sp
If the server principal meets all of the field constraints, then
principal is chosen as the client principal.  The following fields are
recognized:
.INDENT 0.0
.TP
\fBrealm\fP
If the realm of the server principal is known, it is matched
against \fIvalue\fP, which may be a pattern using shell wildcards.
For host\-based server principals, the realm will generally only be
known if there is a domain_realm section in
krb5.conf(5) with a mapping for the hostname.
.TP
\fBservice\fP
If the server principal is a host\-based principal, its service
component is matched against \fIvalue\fP, which may be a pattern using
shell wildcards.
.TP
\fBhost\fP
If the server principal is a host\-based principal, its hostname
component is converted to lower case and matched against \fIvalue\fP,
which may be a pattern using shell wildcards.
.sp
If the server principal matches the constraints of multiple lines
in the .k5identity file, the principal from the first matching
line is used.  If no line matches, credentials will be selected
some other way, such as the realm heuristic or the current primary
cache.
.UNINDENT
.SH EXAMPLE
.sp
The following example .k5identity file selects the client principal
\fBalice@KRBTEST.COM\fP if the server principal is within that realm,
the principal \fBalice/root@EXAMPLE.COM\fP if the server host is within
a servers subdomain, and the principal \fBalice/mail@EXAMPLE.COM\fP when
accessing the IMAP service on \fBmail.example.com\fP:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
alice@KRBTEST.COM       realm=KRBTEST.COM
alice/root@EXAMPLE.COM  host=*.servers.example.com
alice/mail@EXAMPLE.COM  host=mail.example.com service=imap
.ft P
.fi
.UNINDENT
.UNINDENT
.SH SEE ALSO
.sp
kerberos(1), krb5.conf(5)
.SH AUTHOR
MIT
.SH COPYRIGHT
1985-2019, MIT
.\" Generated by docutils manpage writer.
.
PK�����f\F�~����������man5/krb5.conf.5nu��[�����������.\" Man page generated from reStructuredText.
.
.TH "KRB5.CONF" "5" " " "1.17" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.sp
The krb5.conf file contains Kerberos configuration information,
including the locations of KDCs and admin servers for the Kerberos
realms of interest, defaults for the current realm and for Kerberos
applications, and mappings of hostnames onto Kerberos realms.
Normally, you should install your krb5.conf file in the directory
\fB/etc\fP\&.  You can override the default location by setting the
environment variable \fBKRB5_CONFIG\fP\&.  Multiple colon\-separated
filenames may be specified in \fBKRB5_CONFIG\fP; all files which are
present will be read.  Starting in release 1.14, directory names can
also be specified in \fBKRB5_CONFIG\fP; all files within the directory
whose names consist solely of alphanumeric characters, dashes, or
underscores will be read.
.SH STRUCTURE
.sp
The krb5.conf file is set up in the style of a Windows INI file.
Lines beginning with \(aq#\(aq or \(aq;\(aq (possibly after initial whitespace)
are ignored as comments.  Sections are headed by the section name, in
square brackets.  Each section may contain zero or more relations, of
the form:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
foo = bar
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
or:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
fubar = {
    foo = bar
    baz = quux
}
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
Placing a \(aq*\(aq at the end of a line indicates that this is the \fIfinal\fP
value for the tag.  This means that neither the remainder of this
configuration file nor any other configuration file will be checked
for any other values for this tag.
.sp
For example, if you have the following lines:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
foo = bar*
foo = baz
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
then the second value of \fBfoo\fP (\fBbaz\fP) would never be read.
.sp
The krb5.conf file can include other files using either of the
following directives at the beginning of a line:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
include FILENAME
includedir DIRNAME
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
\fIFILENAME\fP or \fIDIRNAME\fP should be an absolute path. The named file or
directory must exist and be readable.  Including a directory includes
all files within the directory whose names consist solely of
alphanumeric characters, dashes, or underscores.  Starting in release
1.15, files with names ending in ".conf" are also included, unless the
name begins with ".".  Included profile files are syntactically
independent of their parents, so each included file must begin with a
section header.  Starting in release 1.17, files are read in
alphanumeric order; in previous releases, they may be read in any
order.
.sp
The krb5.conf file can specify that configuration should be obtained
from a loadable module, rather than the file itself, using the
following directive at the beginning of a line before any section
headers:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
module MODULEPATH:RESIDUAL
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
\fIMODULEPATH\fP may be relative to the library path of the krb5
installation, or it may be an absolute path.  \fIRESIDUAL\fP is provided
to the module at initialization time.  If krb5.conf uses a module
directive, kdc.conf(5) should also use one if it exists.
.SH SECTIONS
.sp
The krb5.conf file may contain the following sections:
.TS
center;
|l|l|.
_
T{
\fI\%[libdefaults]\fP
T}	T{
Settings used by the Kerberos V5 library
T}
_
T{
\fI\%[realms]\fP
T}	T{
Realm\-specific contact information and settings
T}
_
T{
\fI\%[domain_realm]\fP
T}	T{
Maps server hostnames to Kerberos realms
T}
_
T{
\fI\%[capaths]\fP
T}	T{
Authentication paths for non\-hierarchical cross\-realm
T}
_
T{
\fI\%[appdefaults]\fP
T}	T{
Settings used by some Kerberos V5 applications
T}
_
T{
\fI\%[plugins]\fP
T}	T{
Controls plugin module registration
T}
_
.TE
.sp
Additionally, krb5.conf may include any of the relations described in
kdc.conf(5), but it is not a recommended practice.
.SS [libdefaults]
.sp
The libdefaults section may contain any of the following relations:
.INDENT 0.0
.TP
\fBallow_weak_crypto\fP
If this flag is set to false, then weak encryption types (as noted
in Encryption_types in kdc.conf(5)) will be filtered
out of the lists \fBdefault_tgs_enctypes\fP,
\fBdefault_tkt_enctypes\fP, and \fBpermitted_enctypes\fP\&.  The default
value for this tag is false, which may cause authentication
failures in existing Kerberos infrastructures that do not support
strong crypto.  Users in affected environments should set this tag
to true until their infrastructure adopts stronger ciphers.
.TP
\fBap_req_checksum_type\fP
An integer which specifies the type of AP\-REQ checksum to use in
authenticators.  This variable should be unset so the appropriate
checksum for the encryption key in use will be used.  This can be
set if backward compatibility requires a specific checksum type.
See the \fBkdc_req_checksum_type\fP configuration option for the
possible values and their meanings.
.TP
\fBcanonicalize\fP
If this flag is set to true, initial ticket requests to the KDC
will request canonicalization of the client principal name, and
answers with different client principals than the requested
principal will be accepted.  The default value is false.
.TP
\fBccache_type\fP
This parameter determines the format of credential cache types
created by kinit(1) or other programs.  The default value
is 4, which represents the most current format.  Smaller values
can be used for compatibility with very old implementations of
Kerberos which interact with credential caches on the same host.
.TP
\fBclockskew\fP
Sets the maximum allowable amount of clockskew in seconds that the
library will tolerate before assuming that a Kerberos message is
invalid.  The default value is 300 seconds, or five minutes.
.sp
The clockskew setting is also used when evaluating ticket start
and expiration times.  For example, tickets that have reached
their expiration time can still be used (and renewed if they are
renewable tickets) if they have been expired for a shorter
duration than the \fBclockskew\fP setting.
.TP
\fBdefault_ccache_name\fP
This relation specifies the name of the default credential cache.
The default is \fBFILE:/tmp/krb5cc_%{uid}\fP\&.  This relation is subject to parameter
expansion (see below).  New in release 1.11.
.TP
\fBdefault_client_keytab_name\fP
This relation specifies the name of the default keytab for
obtaining client credentials.  The default is \fBFILE:/opt/alt/krb5/usr/var/krb5/user/%{euid}/client.keytab\fP\&.  This
relation is subject to parameter expansion (see below).
New in release 1.11.
.TP
\fBdefault_keytab_name\fP
This relation specifies the default keytab name to be used by
application servers such as sshd.  The default is \fBFILE:/etc/krb5.keytab\fP\&.  This
relation is subject to parameter expansion (see below).
.TP
\fBdefault_realm\fP
Identifies the default Kerberos realm for the client.  Set its
value to your Kerberos realm.  If this value is not set, then a
realm must be specified with every Kerberos principal when
invoking programs such as kinit(1)\&.
.TP
\fBdefault_tgs_enctypes\fP
Identifies the supported list of session key encryption types that
the client should request when making a TGS\-REQ, in order of
preference from highest to lowest.  The list may be delimited with
commas or whitespace.  See Encryption_types in
kdc.conf(5) for a list of the accepted values for this tag.
The default value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types
will be implicitly removed from this list if the value of
\fBallow_weak_crypto\fP is false.
.sp
Do not set this unless required for specific backward
compatibility purposes; stale values of this setting can prevent
clients from taking advantage of new stronger enctypes when the
libraries are upgraded.
.TP
\fBdefault_tkt_enctypes\fP
Identifies the supported list of session key encryption types that
the client should request when making an AS\-REQ, in order of
preference from highest to lowest.  The format is the same as for
default_tgs_enctypes.  The default value for this tag is
\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
removed from this list if the value of \fBallow_weak_crypto\fP is
false.
.sp
Do not set this unless required for specific backward
compatibility purposes; stale values of this setting can prevent
clients from taking advantage of new stronger enctypes when the
libraries are upgraded.
.TP
\fBdns_canonicalize_hostname\fP
Indicate whether name lookups will be used to canonicalize
hostnames for use in service principal names.  Setting this flag
to false can improve security by reducing reliance on DNS, but
means that short hostnames will not be canonicalized to
fully\-qualified hostnames.  The default value is true.
.TP
\fBdns_lookup_kdc\fP
Indicate whether DNS SRV records should be used to locate the KDCs
and other servers for a realm, if they are not listed in the
krb5.conf information for the realm.  (Note that the admin_server
entry must be in the krb5.conf realm information in order to
contact kadmind, because the DNS implementation for kadmin is
incomplete.)
.sp
Enabling this option does open up a type of denial\-of\-service
attack, if someone spoofs the DNS records and redirects you to
another server.  However, it\(aqs no worse than a denial of service,
because that fake KDC will be unable to decode anything you send
it (besides the initial ticket request, which has no encrypted
data), and anything the fake KDC sends will not be trusted without
verification using some secret that it won\(aqt know.
.TP
\fBdns_uri_lookup\fP
Indicate whether DNS URI records should be used to locate the KDCs
and other servers for a realm, if they are not listed in the
krb5.conf information for the realm.  SRV records are used as a
fallback if no URI records were found.  The default value is true.
New in release 1.15.
.TP
\fBerr_fmt\fP
This relation allows for custom error message formatting.  If a
value is set, error messages will be formatted by substituting a
normal error message for %M and an error code for %C in the value.
.TP
\fBextra_addresses\fP
This allows a computer to use multiple local addresses, in order
to allow Kerberos to work in a network that uses NATs while still
using address\-restricted tickets.  The addresses should be in a
comma\-separated list.  This option has no effect if
\fBnoaddresses\fP is true.
.TP
\fBforwardable\fP
If this flag is true, initial tickets will be forwardable by
default, if allowed by the KDC.  The default value is false.
.TP
\fBignore_acceptor_hostname\fP
When accepting GSSAPI or krb5 security contexts for host\-based
service principals, ignore any hostname passed by the calling
application, and allow clients to authenticate to any service
principal in the keytab matching the service name and realm name
(if given).  This option can improve the administrative
flexibility of server applications on multihomed hosts, but could
compromise the security of virtual hosting environments.  The
default value is false.  New in release 1.10.
.TP
\fBk5login_authoritative\fP
If this flag is true, principals must be listed in a local user\(aqs
k5login file to be granted login access, if a \&.k5login(5)
file exists.  If this flag is false, a principal may still be
granted login access through other mechanisms even if a k5login
file exists but does not list the principal.  The default value is
true.
.TP
\fBk5login_directory\fP
If set, the library will look for a local user\(aqs k5login file
within the named directory, with a filename corresponding to the
local username.  If not set, the library will look for k5login
files in the user\(aqs home directory, with the filename .k5login.
For security reasons, .k5login files must be owned by
the local user or by root.
.TP
\fBkcm_mach_service\fP
On macOS only, determines the name of the bootstrap service used to
contact the KCM daemon for the KCM credential cache type.  If the
value is \fB\-\fP, Mach RPC will not be used to contact the KCM
daemon.  The default value is \fBorg.h5l.kcm\fP\&.
.TP
\fBkcm_socket\fP
Determines the path to the Unix domain socket used to access the
KCM daemon for the KCM credential cache type.  If the value is
\fB\-\fP, Unix domain sockets will not be used to contact the KCM
daemon.  The default value is
\fB/var/run/.heim_org.h5l.kcm\-socket\fP\&.
.TP
\fBkdc_default_options\fP
Default KDC options (Xored for multiple values) when requesting
initial tickets.  By default it is set to 0x00000010
(KDC_OPT_RENEWABLE_OK).
.TP
\fBkdc_timesync\fP
Accepted values for this relation are 1 or 0.  If it is nonzero,
client machines will compute the difference between their time and
the time returned by the KDC in the timestamps in the tickets and
use this value to correct for an inaccurate system clock when
requesting service tickets or authenticating to services.  This
corrective factor is only used by the Kerberos library; it is not
used to change the system clock.  The default value is 1.
.TP
\fBkdc_req_checksum_type\fP
An integer which specifies the type of checksum to use for the KDC
requests, for compatibility with very old KDC implementations.
This value is only used for DES keys; other keys use the preferred
checksum type for those keys.
.sp
The possible values and their meanings are as follows.
.TS
center;
|l|l|.
_
T{
1
T}	T{
CRC32
T}
_
T{
2
T}	T{
RSA MD4
T}
_
T{
3
T}	T{
RSA MD4 DES
T}
_
T{
4
T}	T{
DES CBC
T}
_
T{
7
T}	T{
RSA MD5
T}
_
T{
8
T}	T{
RSA MD5 DES
T}
_
T{
9
T}	T{
NIST SHA
T}
_
T{
12
T}	T{
HMAC SHA1 DES3
T}
_
T{
\-138
T}	T{
Microsoft MD5 HMAC checksum type
T}
_
.TE
.TP
\fBnoaddresses\fP
If this flag is true, requests for initial tickets will not be
made with address restrictions set, allowing the tickets to be
used across NATs.  The default value is true.
.TP
\fBpermitted_enctypes\fP
Identifies all encryption types that are permitted for use in
session key encryption.  The default value for this tag is
\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac des\-cbc\-crc des\-cbc\-md5 des\-cbc\-md4\fP, but single\-DES encryption types will be implicitly
removed from this list if the value of \fBallow_weak_crypto\fP is
false.
.TP
\fBplugin_base_dir\fP
If set, determines the base directory where krb5 plugins are
located.  The default value is the \fBkrb5/plugins\fP subdirectory
of the krb5 library directory.  This relation is subject to
parameter expansion (see below) in release 1.17 and later.
.TP
\fBpreferred_preauth_types\fP
This allows you to set the preferred preauthentication types which
the client will attempt before others which may be advertised by a
KDC.  The default value for this setting is "17, 16, 15, 14",
which forces libkrb5 to attempt to use PKINIT if it is supported.
.TP
\fBproxiable\fP
If this flag is true, initial tickets will be proxiable by
default, if allowed by the KDC.  The default value is false.
.TP
\fBrdns\fP
If this flag is true, reverse name lookup will be used in addition
to forward name lookup to canonicalizing hostnames for use in
service principal names.  If \fBdns_canonicalize_hostname\fP is set
to false, this flag has no effect.  The default value is true.
.TP
\fBrealm_try_domains\fP
Indicate whether a host\(aqs domain components should be used to
determine the Kerberos realm of the host.  The value of this
variable is an integer: \-1 means not to search, 0 means to try the
host\(aqs domain itself, 1 means to also try the domain\(aqs immediate
parent, and so forth.  The library\(aqs usual mechanism for locating
Kerberos realms is used to determine whether a domain is a valid
realm, which may involve consulting DNS if \fBdns_lookup_kdc\fP is
set.  The default is not to search domain components.
.TP
\fBrenew_lifetime\fP
(duration string.)  Sets the default renewable lifetime
for initial ticket requests.  The default value is 0.
.TP
\fBsafe_checksum_type\fP
An integer which specifies the type of checksum to use for the
KRB\-SAFE requests.  By default it is set to 8 (RSA MD5 DES).  For
compatibility with applications linked against DCE version 1.1 or
earlier Kerberos libraries, use a value of 3 to use the RSA MD4
DES instead.  This field is ignored when its value is incompatible
with the session key type.  See the \fBkdc_req_checksum_type\fP
configuration option for the possible values and their meanings.
.TP
\fBspake_preauth_groups\fP
A whitespace or comma\-separated list of words which specifies the
groups allowed for SPAKE preauthentication.  The possible values
are:
.TS
center;
|l|l|.
_
T{
edwards25519
T}	T{
Edwards25519 curve (\fI\%RFC 7748\fP)
T}
_
T{
P\-256
T}	T{
NIST P\-256 curve (\fI\%RFC 5480\fP)
T}
_
T{
P\-384
T}	T{
NIST P\-384 curve (\fI\%RFC 5480\fP)
T}
_
T{
P\-521
T}	T{
NIST P\-521 curve (\fI\%RFC 5480\fP)
T}
_
.TE
.sp
The default value for the client is \fBedwards25519\fP\&.  The default
value for the KDC is empty.  New in release 1.17.
.TP
\fBticket_lifetime\fP
(duration string.)  Sets the default lifetime for initial
ticket requests.  The default value is 1 day.
.TP
\fBudp_preference_limit\fP
When sending a message to the KDC, the library will try using TCP
before UDP if the size of the message is above
\fBudp_preference_limit\fP\&.  If the message is smaller than
\fBudp_preference_limit\fP, then UDP will be tried before TCP.
Regardless of the size, both protocols will be tried if the first
attempt fails.
.TP
\fBverify_ap_req_nofail\fP
If this flag is true, then an attempt to verify initial
credentials will fail if the client machine does not have a
keytab.  The default value is false.
.UNINDENT
.SS [realms]
.sp
Each tag in the [realms] section of the file is the name of a Kerberos
realm.  The value of the tag is a subsection with relations that
define the properties of that particular realm.  For each realm, the
following tags may be specified in the realm\(aqs subsection:
.INDENT 0.0
.TP
\fBadmin_server\fP
Identifies the host where the administration server is running.
Typically, this is the master Kerberos server.  This tag must be
given a value in order to communicate with the kadmind(8)
server for the realm.
.TP
\fBauth_to_local\fP
This tag allows you to set a general rule for mapping principal
names to local user names.  It will be used if there is not an
explicit mapping for the principal name that is being
translated. The possible values are:
.INDENT 7.0
.TP
\fBRULE:\fP\fIexp\fP
The local name will be formulated from \fIexp\fP\&.
.sp
The format for \fIexp\fP is \fB[\fP\fIn\fP\fB:\fP\fIstring\fP\fB](\fP\fIregexp\fP\fB)s/\fP\fIpattern\fP\fB/\fP\fIreplacement\fP\fB/g\fP\&.
The integer \fIn\fP indicates how many components the target
principal should have.  If this matches, then a string will be
formed from \fIstring\fP, substituting the realm of the principal
for \fB$0\fP and the \fIn\fP\(aqth component of the principal for
\fB$n\fP (e.g., if the principal was \fBjohndoe/admin\fP then
\fB[2:$2$1foo]\fP would result in the string
\fBadminjohndoefoo\fP).  If this string matches \fIregexp\fP, then
the \fBs//[g]\fP substitution command will be run over the
string.  The optional \fBg\fP will cause the substitution to be
global over the \fIstring\fP, instead of replacing only the first
match in the \fIstring\fP\&.
.TP
\fBDEFAULT\fP
The principal name will be used as the local user name.  If
the principal has more than one component or is not in the
default realm, this rule is not applicable and the conversion
will fail.
.UNINDENT
.sp
For example:
.INDENT 7.0
.INDENT 3.5
.sp
.nf
.ft C
[realms]
    ATHENA.MIT.EDU = {
        auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/
        auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$//
        auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/
        auth_to_local = DEFAULT
    }
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
would result in any principal without \fBroot\fP or \fBadmin\fP as the
second component to be translated with the default rule.  A
principal with a second component of \fBadmin\fP will become its
first component.  \fBroot\fP will be used as the local name for any
principal with a second component of \fBroot\fP\&.  The exception to
these two rules are any principals \fBjohndoe/*\fP, which will
always get the local name \fBguest\fP\&.
.TP
\fBauth_to_local_names\fP
This subsection allows you to set explicit mappings from principal
names to local user names.  The tag is the mapping name, and the
value is the corresponding local user name.
.TP
\fBdefault_domain\fP
This tag specifies the domain used to expand hostnames when
translating Kerberos 4 service principals to Kerberos 5 principals
(for example, when converting \fBrcmd.hostname\fP to
\fBhost/hostname.domain\fP).
.TP
\fBdisable_encrypted_timestamp\fP
If this flag is true, the client will not perform encrypted
timestamp preauthentication if requested by the KDC.  Setting this
flag can help to prevent dictionary attacks by active attackers,
if the realm\(aqs KDCs support SPAKE preauthentication or if initial
authentication always uses another mechanism or always uses FAST.
This flag persists across client referrals during initial
authentication.  This flag does not prevent the KDC from offering
encrypted timestamp.  New in release 1.17.
.TP
\fBhttp_anchors\fP
When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag
can be used to specify the location of the CA certificate which should be
trusted to issue the certificate for a proxy server.  If left unspecified,
the system\-wide default set of CA certificates is used.
.sp
The syntax for values is similar to that of values for the
\fBpkinit_anchors\fP tag:
.sp
\fBFILE:\fP \fIfilename\fP
.sp
\fIfilename\fP is assumed to be the name of an OpenSSL\-style ca\-bundle file.
.sp
\fBDIR:\fP \fIdirname\fP
.sp
\fIdirname\fP is assumed to be an directory which contains CA certificates.
All files in the directory will be examined; if they contain certificates
(in PEM format), they will be used.
.sp
\fBENV:\fP \fIenvvar\fP
.sp
\fIenvvar\fP specifies the name of an environment variable which has been set
to a value conforming to one of the previous values.  For example,
\fBENV:X509_PROXY_CA\fP, where environment variable \fBX509_PROXY_CA\fP has
been set to \fBFILE:/tmp/my_proxy.pem\fP\&.
.TP
\fBkdc\fP
The name or address of a host running a KDC for that realm.  An
optional port number, separated from the hostname by a colon, may
be included.  If the name or address contains colons (for example,
if it is an IPv6 address), enclose it in square brackets to
distinguish the colon from a port separator.  For your computer to
be able to communicate with the KDC for each realm, this tag must
be given a value in each realm subsection in the configuration
file, or there must be DNS SRV records specifying the KDCs.
.TP
\fBkpasswd_server\fP
Points to the server where all the password changes are performed.
If there is no such entry, DNS will be queried (unless forbidden
by \fBdns_lookup_kdc\fP).  Finally, port 464 on the \fBadmin_server\fP
host will be tried.
.TP
\fBmaster_kdc\fP
Identifies the master KDC(s).  Currently, this tag is used in only
one case: If an attempt to get credentials fails because of an
invalid password, the client software will attempt to contact the
master KDC, in case the user\(aqs password has just been changed, and
the updated database has not been propagated to the replica
servers yet.
.TP
\fBv4_instance_convert\fP
This subsection allows the administrator to configure exceptions
to the \fBdefault_domain\fP mapping rule.  It contains V4 instances
(the tag name) which should be translated to some specific
hostname (the tag value) as the second component in a Kerberos V5
principal name.
.TP
\fBv4_realm\fP
This relation is used by the krb524 library routines when
converting a V5 principal name to a V4 principal name.  It is used
when the V4 realm name and the V5 realm name are not the same, but
still share the same principal names and passwords. The tag value
is the Kerberos V4 realm name.
.UNINDENT
.SS [domain_realm]
.sp
The [domain_realm] section provides a translation from a domain name
or hostname to a Kerberos realm name.  The tag name can be a host name
or domain name, where domain names are indicated by a prefix of a
period (\fB\&.\fP).  The value of the relation is the Kerberos realm name
for that particular host or domain.  A host name relation implicitly
provides the corresponding domain name relation, unless an explicit domain
name relation is provided.  The Kerberos realm may be
identified either in the \fI\%realms\fP section or using DNS SRV records.
Host names and domain names should be in lower case.  For example:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[domain_realm]
    crash.mit.edu = TEST.ATHENA.MIT.EDU
    .dev.mit.edu = TEST.ATHENA.MIT.EDU
    mit.edu = ATHENA.MIT.EDU
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
maps the host with the name \fBcrash.mit.edu\fP into the
\fBTEST.ATHENA.MIT.EDU\fP realm.  The second entry maps all hosts under the
domain \fBdev.mit.edu\fP into the \fBTEST.ATHENA.MIT.EDU\fP realm, but not
the host with the name \fBdev.mit.edu\fP\&.  That host is matched
by the third entry, which maps the host \fBmit.edu\fP and all hosts
under the domain \fBmit.edu\fP that do not match a preceding rule
into the realm \fBATHENA.MIT.EDU\fP\&.
.sp
If no translation entry applies to a hostname used for a service
principal for a service ticket request, the library will try to get a
referral to the appropriate realm from the client realm\(aqs KDC.  If
that does not succeed, the host\(aqs realm is considered to be the
hostname\(aqs domain portion converted to uppercase, unless the
\fBrealm_try_domains\fP setting in [libdefaults] causes a different
parent domain to be used.
.SS [capaths]
.sp
In order to perform direct (non\-hierarchical) cross\-realm
authentication, configuration is needed to determine the
authentication paths between realms.
.sp
A client will use this section to find the authentication path between
its realm and the realm of the server.  The server will use this
section to verify the authentication path used by the client, by
checking the transited field of the received ticket.
.sp
There is a tag for each participating client realm, and each tag has
subtags for each of the server realms.  The value of the subtags is an
intermediate realm which may participate in the cross\-realm
authentication.  The subtags may be repeated if there is more then one
intermediate realm.  A value of "." means that the two realms share
keys directly, and no intermediate realms should be allowed to
participate.
.sp
Only those entries which will be needed on the client or the server
need to be present.  A client needs a tag for its local realm with
subtags for all the realms of servers it will need to authenticate to.
A server needs a tag for each realm of the clients it will serve, with
a subtag of the server realm.
.sp
For example, \fBANL.GOV\fP, \fBPNL.GOV\fP, and \fBNERSC.GOV\fP all wish to
use the \fBES.NET\fP realm as an intermediate realm.  ANL has a sub
realm of \fBTEST.ANL.GOV\fP which will authenticate with \fBNERSC.GOV\fP
but not \fBPNL.GOV\fP\&.  The [capaths] section for \fBANL.GOV\fP systems
would look like this:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[capaths]
    ANL.GOV = {
        TEST.ANL.GOV = .
        PNL.GOV = ES.NET
        NERSC.GOV = ES.NET
        ES.NET = .
    }
    TEST.ANL.GOV = {
        ANL.GOV = .
    }
    PNL.GOV = {
        ANL.GOV = ES.NET
    }
    NERSC.GOV = {
        ANL.GOV = ES.NET
    }
    ES.NET = {
        ANL.GOV = .
    }
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
The [capaths] section of the configuration file used on \fBNERSC.GOV\fP
systems would look like this:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[capaths]
    NERSC.GOV = {
        ANL.GOV = ES.NET
        TEST.ANL.GOV = ES.NET
        TEST.ANL.GOV = ANL.GOV
        PNL.GOV = ES.NET
        ES.NET = .
    }
    ANL.GOV = {
        NERSC.GOV = ES.NET
    }
    PNL.GOV = {
        NERSC.GOV = ES.NET
    }
    ES.NET = {
        NERSC.GOV = .
    }
    TEST.ANL.GOV = {
        NERSC.GOV = ANL.GOV
        NERSC.GOV = ES.NET
    }
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
When a subtag is used more than once within a tag, clients will use
the order of values to determine the path.  The order of values is not
important to servers.
.SS [appdefaults]
.sp
Each tag in the [appdefaults] section names a Kerberos V5 application
or an option that is used by some Kerberos V5 application[s].  The
value of the tag defines the default behaviors for that application.
.sp
For example:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[appdefaults]
    telnet = {
        ATHENA.MIT.EDU = {
            option1 = false
        }
    }
    telnet = {
        option1 = true
        option2 = true
    }
    ATHENA.MIT.EDU = {
        option2 = false
    }
    option2 = true
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
The above four ways of specifying the value of an option are shown in
order of decreasing precedence. In this example, if telnet is running
in the realm EXAMPLE.COM, it should, by default, have option1 and
option2 set to true.  However, a telnet program in the realm
\fBATHENA.MIT.EDU\fP should have \fBoption1\fP set to false and
\fBoption2\fP set to true.  Any other programs in ATHENA.MIT.EDU should
have \fBoption2\fP set to false by default.  Any programs running in
other realms should have \fBoption2\fP set to true.
.sp
The list of specifiable options for each application may be found in
that application\(aqs man pages.  The application defaults specified here
are overridden by those specified in the \fI\%realms\fP section.
.SS [plugins]
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.IP \(bu 2
\fI\%pwqual\fP interface
.IP \(bu 2
\fI\%kadm5_hook\fP interface
.IP \(bu 2
\fI\%clpreauth\fP and \fI\%kdcpreauth\fP interfaces
.UNINDENT
.UNINDENT
.UNINDENT
.sp
Tags in the [plugins] section can be used to register dynamic plugin
modules and to turn modules on and off.  Not every krb5 pluggable
interface uses the [plugins] section; the ones that do are documented
here.
.sp
New in release 1.9.
.sp
Each pluggable interface corresponds to a subsection of [plugins].
All subsections support the same tags:
.INDENT 0.0
.TP
\fBdisable\fP
This tag may have multiple values. If there are values for this
tag, then the named modules will be disabled for the pluggable
interface.
.TP
\fBenable_only\fP
This tag may have multiple values. If there are values for this
tag, then only the named modules will be enabled for the pluggable
interface.
.TP
\fBmodule\fP
This tag may have multiple values.  Each value is a string of the
form \fBmodulename:pathname\fP, which causes the shared object
located at \fIpathname\fP to be registered as a dynamic module named
\fImodulename\fP for the pluggable interface.  If \fIpathname\fP is not an
absolute path, it will be treated as relative to the
\fBplugin_base_dir\fP value from \fI\%[libdefaults]\fP\&.
.UNINDENT
.sp
For pluggable interfaces where module order matters, modules
registered with a \fBmodule\fP tag normally come first, in the order
they are registered, followed by built\-in modules in the order they
are documented below.  If \fBenable_only\fP tags are used, then the
order of those tags overrides the normal module order.
.sp
The following subsections are currently supported within the [plugins]
section:
.SS ccselect interface
.sp
The ccselect subsection controls modules for credential cache
selection within a cache collection.  In addition to any registered
dynamic modules, the following built\-in modules exist (and may be
disabled with the disable tag):
.INDENT 0.0
.TP
\fBk5identity\fP
Uses a .k5identity file in the user\(aqs home directory to select a
client principal
.TP
\fBrealm\fP
Uses the service realm to guess an appropriate cache from the
collection
.TP
\fBhostname\fP
If the service principal is host\-based, uses the service hostname
to guess an appropriate cache from the collection
.UNINDENT
.SS pwqual interface
.sp
The pwqual subsection controls modules for the password quality
interface, which is used to reject weak passwords when passwords are
changed.  The following built\-in modules exist for this interface:
.INDENT 0.0
.TP
\fBdict\fP
Checks against the realm dictionary file
.TP
\fBempty\fP
Rejects empty passwords
.TP
\fBhesiod\fP
Checks against user information stored in Hesiod (only if Kerberos
was built with Hesiod support)
.TP
\fBprinc\fP
Checks against components of the principal name
.UNINDENT
.SS kadm5_hook interface
.sp
The kadm5_hook interface provides plugins with information on
principal creation, modification, password changes and deletion.  This
interface can be used to write a plugin to synchronize MIT Kerberos
with another database such as Active Directory.  No plugins are built
in for this interface.
.SS kadm5_auth interface
.sp
The kadm5_auth section (introduced in release 1.16) controls modules
for the kadmin authorization interface, which determines whether a
client principal is allowed to perform a kadmin operation.  The
following built\-in modules exist for this interface:
.INDENT 0.0
.TP
\fBacl\fP
This module reads the kadm5.acl(5) file, and authorizes
operations which are allowed according to the rules in the file.
.TP
\fBself\fP
This module authorizes self\-service operations including password
changes, creation of new random keys, fetching the client\(aqs
principal record or string attributes, and fetching the policy
record associated with the client principal.
.UNINDENT
.SS clpreauth and kdcpreauth interfaces
.sp
The clpreauth and kdcpreauth interfaces allow plugin modules to
provide client and KDC preauthentication mechanisms.  The following
built\-in modules exist for these interfaces:
.INDENT 0.0
.TP
\fBpkinit\fP
This module implements the PKINIT preauthentication mechanism.
.TP
\fBencrypted_challenge\fP
This module implements the encrypted challenge FAST factor.
.TP
\fBencrypted_timestamp\fP
This module implements the encrypted timestamp mechanism.
.UNINDENT
.SS hostrealm interface
.sp
The hostrealm section (introduced in release 1.12) controls modules
for the host\-to\-realm interface, which affects the local mapping of
hostnames to realm names and the choice of default realm.  The following
built\-in modules exist for this interface:
.INDENT 0.0
.TP
\fBprofile\fP
This module consults the [domain_realm] section of the profile for
authoritative host\-to\-realm mappings, and the \fBdefault_realm\fP
variable for the default realm.
.TP
\fBdns\fP
This module looks for DNS records for fallback host\-to\-realm
mappings and the default realm.  It only operates if the
\fBdns_lookup_realm\fP variable is set to true.
.TP
\fBdomain\fP
This module applies heuristics for fallback host\-to\-realm
mappings.  It implements the \fBrealm_try_domains\fP variable, and
uses the uppercased parent domain of the hostname if that does not
produce a result.
.UNINDENT
.SS localauth interface
.sp
The localauth section (introduced in release 1.12) controls modules
for the local authorization interface, which affects the relationship
between Kerberos principals and local system accounts.  The following
built\-in modules exist for this interface:
.INDENT 0.0
.TP
\fBdefault\fP
This module implements the \fBDEFAULT\fP type for \fBauth_to_local\fP
values.
.TP
\fBrule\fP
This module implements the \fBRULE\fP type for \fBauth_to_local\fP
values.
.TP
\fBnames\fP
This module looks for an \fBauth_to_local_names\fP mapping for the
principal name.
.TP
\fBauth_to_local\fP
This module processes \fBauth_to_local\fP values in the default
realm\(aqs section, and applies the default method if no
\fBauth_to_local\fP values exist.
.TP
\fBk5login\fP
This module authorizes a principal to a local account according to
the account\(aqs \&.k5login(5) file.
.TP
\fBan2ln\fP
This module authorizes a principal to a local account if the
principal name maps to the local account name.
.UNINDENT
.SS certauth interface
.sp
The certauth section (introduced in release 1.16) controls modules for
the certificate authorization interface, which determines whether a
certificate is allowed to preauthenticate a user via PKINIT.  The
following built\-in modules exist for this interface:
.INDENT 0.0
.TP
\fBpkinit_san\fP
This module authorizes the certificate if it contains a PKINIT
Subject Alternative Name for the requested client principal, or a
Microsoft UPN SAN matching the principal if \fBpkinit_allow_upn\fP
is set to true for the realm.
.TP
\fBpkinit_eku\fP
This module rejects the certificate if it does not contain an
Extended Key Usage attribute consistent with the
\fBpkinit_eku_checking\fP value for the realm.
.TP
\fBdbmatch\fP
This module authorizes or rejects the certificate according to
whether it matches the \fBpkinit_cert_match\fP string attribute on
the client principal, if that attribute is present.
.UNINDENT
.SH PKINIT OPTIONS
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
The following are PKINIT\-specific options.  These values may
be specified in [libdefaults] as global defaults, or within
a realm\-specific subsection of [libdefaults], or may be
specified as realm\-specific values in the [realms] section.
A realm\-specific value overrides, not adds to, a generic
[libdefaults] specification.  The search order is:
.UNINDENT
.UNINDENT
.INDENT 0.0
.IP 1. 3
realm\-specific subsection of [libdefaults]:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
[libdefaults]
    EXAMPLE.COM = {
        pkinit_anchors = FILE:/usr/local/example.com.crt
    }
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 2. 3
realm\-specific value in the [realms] section:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
[realms]
    OTHERREALM.ORG = {
        pkinit_anchors = FILE:/usr/local/otherrealm.org.crt
    }
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 3. 3
generic value in the [libdefaults] section:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
[libdefaults]
    pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.SS Specifying PKINIT identity information
.sp
The syntax for specifying Public Key identity, trust, and revocation
information for PKINIT is as follows:
.INDENT 0.0
.TP
\fBFILE:\fP\fIfilename\fP[\fB,\fP\fIkeyfilename\fP]
This option has context\-specific behavior.
.sp
In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIfilename\fP
specifies the name of a PEM\-format file containing the user\(aqs
certificate.  If \fIkeyfilename\fP is not specified, the user\(aqs
private key is expected to be in \fIfilename\fP as well.  Otherwise,
\fIkeyfilename\fP is the name of the file containing the private key.
.sp
In \fBpkinit_anchors\fP or \fBpkinit_pool\fP, \fIfilename\fP is assumed to
be the name of an OpenSSL\-style ca\-bundle file.
.TP
\fBDIR:\fP\fIdirname\fP
This option has context\-specific behavior.
.sp
In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIdirname\fP
specifies a directory with files named \fB*.crt\fP and \fB*.key\fP
where the first part of the file name is the same for matching
pairs of certificate and private key files.  When a file with a
name ending with \fB\&.crt\fP is found, a matching file ending with
\fB\&.key\fP is assumed to contain the private key.  If no such file
is found, then the certificate in the \fB\&.crt\fP is not used.
.sp
In \fBpkinit_anchors\fP or \fBpkinit_pool\fP, \fIdirname\fP is assumed to
be an OpenSSL\-style hashed CA directory where each CA cert is
stored in a file named \fBhash\-of\-ca\-cert.#\fP\&.  This infrastructure
is encouraged, but all files in the directory will be examined and
if they contain certificates (in PEM format), they will be used.
.sp
In \fBpkinit_revoke\fP, \fIdirname\fP is assumed to be an OpenSSL\-style
hashed CA directory where each revocation list is stored in a file
named \fBhash\-of\-ca\-cert.r#\fP\&.  This infrastructure is encouraged,
but all files in the directory will be examined and if they
contain a revocation list (in PEM format), they will be used.
.TP
\fBPKCS12:\fP\fIfilename\fP
\fIfilename\fP is the name of a PKCS #12 format file, containing the
user\(aqs certificate and private key.
.TP
\fBPKCS11:\fP[\fBmodule_name=\fP]\fImodname\fP[\fB:slotid=\fP\fIslot\-id\fP][\fB:token=\fP\fItoken\-label\fP][\fB:certid=\fP\fIcert\-id\fP][\fB:certlabel=\fP\fIcert\-label\fP]
All keyword/values are optional.  \fImodname\fP specifies the location
of a library implementing PKCS #11.  If a value is encountered
with no keyword, it is assumed to be the \fImodname\fP\&.  If no
module\-name is specified, the default is \fBopensc\-pkcs11.so\fP\&.
\fBslotid=\fP and/or \fBtoken=\fP may be specified to force the use of
a particular smard card reader or token if there is more than one
available.  \fBcertid=\fP and/or \fBcertlabel=\fP may be specified to
force the selection of a particular certificate on the device.
See the \fBpkinit_cert_match\fP configuration option for more ways
to select a particular certificate to use for PKINIT.
.TP
\fBENV:\fP\fIenvvar\fP
\fIenvvar\fP specifies the name of an environment variable which has
been set to a value conforming to one of the previous values.  For
example, \fBENV:X509_PROXY\fP, where environment variable
\fBX509_PROXY\fP has been set to \fBFILE:/tmp/my_proxy.pem\fP\&.
.UNINDENT
.SS PKINIT krb5.conf options
.INDENT 0.0
.TP
\fBpkinit_anchors\fP
Specifies the location of trusted anchor (root) certificates which
the client trusts to sign KDC certificates.  This option may be
specified multiple times.  These values from the config file are
not used if the user specifies X509_anchors on the command line.
.TP
\fBpkinit_cert_match\fP
Specifies matching rules that the client certificate must match
before it is used to attempt PKINIT authentication.  If a user has
multiple certificates available (on a smart card, or via other
media), there must be exactly one certificate chosen before
attempting PKINIT authentication.  This option may be specified
multiple times.  All the available certificates are checked
against each rule in order until there is a match of exactly one
certificate.
.sp
The Subject and Issuer comparison strings are the \fI\%RFC 2253\fP
string representations from the certificate Subject DN and Issuer
DN values.
.sp
The syntax of the matching rules is:
.INDENT 7.0
.INDENT 3.5
[\fIrelation\-operator\fP]\fIcomponent\-rule\fP ...
.UNINDENT
.UNINDENT
.sp
where:
.INDENT 7.0
.TP
.B \fIrelation\-operator\fP
can be either \fB&&\fP, meaning all component rules must match,
or \fB||\fP, meaning only one component rule must match.  The
default is \fB&&\fP\&.
.TP
.B \fIcomponent\-rule\fP
can be one of the following.  Note that there is no
punctuation or whitespace between component rules.
.INDENT 7.0
.INDENT 3.5
.nf
\fB<SUBJECT>\fP\fIregular\-expression\fP
\fB<ISSUER>\fP\fIregular\-expression\fP
\fB<SAN>\fP\fIregular\-expression\fP
\fB<EKU>\fP\fIextended\-key\-usage\-list\fP
\fB<KU>\fP\fIkey\-usage\-list\fP
.fi
.sp
.UNINDENT
.UNINDENT
.sp
\fIextended\-key\-usage\-list\fP is a comma\-separated list of
required Extended Key Usage values.  All values in the list
must be present in the certificate.  Extended Key Usage values
can be:
.INDENT 7.0
.IP \(bu 2
pkinit
.IP \(bu 2
msScLogin
.IP \(bu 2
clientAuth
.IP \(bu 2
emailProtection
.UNINDENT
.sp
\fIkey\-usage\-list\fP is a comma\-separated list of required Key
Usage values.  All values in the list must be present in the
certificate.  Key Usage values can be:
.INDENT 7.0
.IP \(bu 2
digitalSignature
.IP \(bu 2
keyEncipherment
.UNINDENT
.UNINDENT
.sp
Examples:
.INDENT 7.0
.INDENT 3.5
.sp
.nf
.ft C
pkinit_cert_match = ||<SUBJECT>.*DoE.*<SAN>.*@EXAMPLE.COM
pkinit_cert_match = &&<EKU>msScLogin,clientAuth<ISSUER>.*DoE.*
pkinit_cert_match = <EKU>msScLogin,clientAuth<KU>digitalSignature
.ft P
.fi
.UNINDENT
.UNINDENT
.TP
\fBpkinit_eku_checking\fP
This option specifies what Extended Key Usage value the KDC
certificate presented to the client must contain.  (Note that if
the KDC certificate has the pkinit SubjectAlternativeName encoded
as the Kerberos TGS name, EKU checking is not necessary since the
issuing CA has certified this as a KDC certificate.)  The values
recognized in the krb5.conf file are:
.INDENT 7.0
.TP
\fBkpKDC\fP
This is the default value and specifies that the KDC must have
the id\-pkinit\-KPKdc EKU as defined in \fI\%RFC 4556\fP\&.
.TP
\fBkpServerAuth\fP
If \fBkpServerAuth\fP is specified, a KDC certificate with the
id\-kp\-serverAuth EKU will be accepted.  This key usage value
is used in most commercially issued server certificates.
.TP
\fBnone\fP
If \fBnone\fP is specified, then the KDC certificate will not be
checked to verify it has an acceptable EKU.  The use of this
option is not recommended.
.UNINDENT
.TP
\fBpkinit_dh_min_bits\fP
Specifies the size of the Diffie\-Hellman key the client will
attempt to use.  The acceptable values are 1024, 2048, and 4096.
The default is 2048.
.TP
\fBpkinit_identities\fP
Specifies the location(s) to be used to find the user\(aqs X.509
identity information.  If this option is specified multiple times,
the first valid value is used; this can be used to specify an
environment variable (with \fBENV:\fP\fIenvvar\fP) followed by a
default value.  Note that these values are not used if the user
specifies \fBX509_user_identity\fP on the command line.
.TP
\fBpkinit_kdc_hostname\fP
The presense of this option indicates that the client is willing
to accept a KDC certificate with a dNSName SAN (Subject
Alternative Name) rather than requiring the id\-pkinit\-san as
defined in \fI\%RFC 4556\fP\&.  This option may be specified multiple
times.  Its value should contain the acceptable hostname for the
KDC (as contained in its certificate).
.TP
\fBpkinit_pool\fP
Specifies the location of intermediate certificates which may be
used by the client to complete the trust chain between a KDC
certificate and a trusted anchor.  This option may be specified
multiple times.
.TP
\fBpkinit_require_crl_checking\fP
The default certificate verification process will always check the
available revocation information to see if a certificate has been
revoked.  If a match is found for the certificate in a CRL,
verification fails.  If the certificate being verified is not
listed in a CRL, or there is no CRL present for its issuing CA,
and \fBpkinit_require_crl_checking\fP is false, then verification
succeeds.
.sp
However, if \fBpkinit_require_crl_checking\fP is true and there is
no CRL information available for the issuing CA, then verification
fails.
.sp
\fBpkinit_require_crl_checking\fP should be set to true if the
policy is such that up\-to\-date CRLs must be present for every CA.
.TP
\fBpkinit_revoke\fP
Specifies the location of Certificate Revocation List (CRL)
information to be used by the client when verifying the validity
of the KDC certificate presented.  This option may be specified
multiple times.
.UNINDENT
.SH PARAMETER EXPANSION
.sp
Starting with release 1.11, several variables, such as
\fBdefault_keytab_name\fP, allow parameters to be expanded.
Valid parameters are:
.INDENT 0.0
.INDENT 3.5
.TS
center;
|l|l|.
_
T{
%{TEMP}
T}	T{
Temporary directory
T}
_
T{
%{uid}
T}	T{
Unix real UID or Windows SID
T}
_
T{
%{euid}
T}	T{
Unix effective user ID or Windows SID
T}
_
T{
%{USERID}
T}	T{
Same as %{uid}
T}
_
T{
%{null}
T}	T{
Empty string
T}
_
T{
%{LIBDIR}
T}	T{
Installation library directory
T}
_
T{
%{BINDIR}
T}	T{
Installation binary directory
T}
_
T{
%{SBINDIR}
T}	T{
Installation admin binary directory
T}
_
T{
%{username}
T}	T{
(Unix) Username of effective user ID
T}
_
T{
%{APPDATA}
T}	T{
(Windows) Roaming application data for current user
T}
_
T{
%{COMMON_APPDATA}
T}	T{
(Windows) Application data for all users
T}
_
T{
%{LOCAL_APPDATA}
T}	T{
(Windows) Local application data for current user
T}
_
T{
%{SYSTEM}
T}	T{
(Windows) Windows system folder
T}
_
T{
%{WINDOWS}
T}	T{
(Windows) Windows folder
T}
_
T{
%{USERCONFIG}
T}	T{
(Windows) Per\-user MIT krb5 config file directory
T}
_
T{
%{COMMONCONFIG}
T}	T{
(Windows) Common MIT krb5 config file directory
T}
_
.TE
.UNINDENT
.UNINDENT
.SH SAMPLE KRB5.CONF FILE
.sp
Here is an example of a generic krb5.conf file:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[libdefaults]
    default_realm = ATHENA.MIT.EDU
    dns_lookup_kdc = true
    dns_lookup_realm = false

[realms]
    ATHENA.MIT.EDU = {
        kdc = kerberos.mit.edu
        kdc = kerberos\-1.mit.edu
        kdc = kerberos\-2.mit.edu
        admin_server = kerberos.mit.edu
        master_kdc = kerberos.mit.edu
    }
    EXAMPLE.COM = {
        kdc = kerberos.example.com
        kdc = kerberos\-1.example.com
        admin_server = kerberos.example.com
    }

[domain_realm]
    mit.edu = ATHENA.MIT.EDU

[capaths]
    ATHENA.MIT.EDU = {
           EXAMPLE.COM = .
    }
    EXAMPLE.COM = {
           ATHENA.MIT.EDU = .
    }
.ft P
.fi
.UNINDENT
.UNINDENT
.SH FILES
.sp
\fB/etc/krb5.conf\fP
.SH SEE ALSO
.sp
syslog(3)
.SH AUTHOR
MIT
.SH COPYRIGHT
1985-2019, MIT
.\" Generated by docutils manpage writer.
.
PK�����f\��H��������man5/.k5identity.5nu��[�����������.so man5/k5identity.5
PK�����f\tSX���������man5/.k5login.5nu��[�����������.so man5/k5login.5
PK�����[�g\<��z���z�����man1/pcregrep.1nu��[�����������.TH PCREGREP 1 "03 April 2014" "PCRE 8.35"
.SH NAME
pcregrep - a grep with Perl-compatible regular expressions.
.SH SYNOPSIS
.B pcregrep [options] [long options] [pattern] [path1 path2 ...]
.
.SH DESCRIPTION
.rs
.sp
\fBpcregrep\fP searches files for character patterns, in the same way as other
grep commands do, but it uses the PCRE regular expression library to support
patterns that are compatible with the regular expressions of Perl 5. See
.\" HREF
\fBpcresyntax\fP(3)
.\"
for a quick-reference summary of pattern syntax, or
.\" HREF
\fBpcrepattern\fP(3)
.\"
for a full description of the syntax and semantics of the regular expressions
that PCRE supports.
.P
Patterns, whether supplied on the command line or in a separate file, are given
without delimiters. For example:
.sp
  pcregrep Thursday /etc/motd
.sp
If you attempt to use delimiters (for example, by surrounding a pattern with
slashes, as is common in Perl scripts), they are interpreted as part of the
pattern. Quotes can of course be used to delimit patterns on the command line
because they are interpreted by the shell, and indeed quotes are required if a
pattern contains white space or shell metacharacters.
.P
The first argument that follows any option settings is treated as the single
pattern to be matched when neither \fB-e\fP nor \fB-f\fP is present.
Conversely, when one or both of these options are used to specify patterns, all
arguments are treated as path names. At least one of \fB-e\fP, \fB-f\fP, or an
argument pattern must be provided.
.P
If no files are specified, \fBpcregrep\fP reads the standard input. The
standard input can also be referenced by a name consisting of a single hyphen.
For example:
.sp
  pcregrep some-pattern /file1 - /file3
.sp
By default, each line that matches a pattern is copied to the standard
output, and if there is more than one file, the file name is output at the
start of each line, followed by a colon. However, there are options that can
change how \fBpcregrep\fP behaves. In particular, the \fB-M\fP option makes it
possible to search for patterns that span line boundaries. What defines a line
boundary is controlled by the \fB-N\fP (\fB--newline\fP) option.
.P
The amount of memory used for buffering files that are being scanned is
controlled by a parameter that can be set by the \fB--buffer-size\fP option.
The default value for this parameter is specified when \fBpcregrep\fP is built,
with the default default being 20K. A block of memory three times this size is
used (to allow for buffering "before" and "after" lines). An error occurs if a
line overflows the buffer.
.P
Patterns can be no longer than 8K or BUFSIZ bytes, whichever is the greater.
BUFSIZ is defined in \fB<stdio.h>\fP. When there is more than one pattern
(specified by the use of \fB-e\fP and/or \fB-f\fP), each pattern is applied to
each line in the order in which they are defined, except that all the \fB-e\fP
patterns are tried before the \fB-f\fP patterns.
.P
By default, as soon as one pattern matches a line, no further patterns are
considered. However, if \fB--colour\fP (or \fB--color\fP) is used to colour the
matching substrings, or if \fB--only-matching\fP, \fB--file-offsets\fP, or
\fB--line-offsets\fP is used to output only the part of the line that matched
(either shown literally, or as an offset), scanning resumes immediately
following the match, so that further matches on the same line can be found. If
there are multiple patterns, they are all tried on the remainder of the line,
but patterns that follow the one that matched are not tried on the earlier part
of the line.
.P
This behaviour means that the order in which multiple patterns are specified
can affect the output when one of the above options is used. This is no longer
the same behaviour as GNU grep, which now manages to display earlier matches
for later patterns (as long as there is no overlap).
.P
Patterns that can match an empty string are accepted, but empty string
matches are never recognized. An example is the pattern "(super)?(man)?", in
which all components are optional. This pattern finds all occurrences of both
"super" and "man"; the output differs from matching with "super|man" when only
the matching substrings are being shown.
.P
If the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variable is set,
\fBpcregrep\fP uses the value to set a locale when calling the PCRE library.
The \fB--locale\fP option can be used to override this.
.
.
.SH "SUPPORT FOR COMPRESSED FILES"
.rs
.sp
It is possible to compile \fBpcregrep\fP so that it uses \fBlibz\fP or
\fBlibbz2\fP to read files whose names end in \fB.gz\fP or \fB.bz2\fP,
respectively. You can find out whether your binary has support for one or both
of these file types by running it with the \fB--help\fP option. If the
appropriate support is not present, files are treated as plain text. The
standard input is always so treated.
.
.
.SH "BINARY FILES"
.rs
.sp
By default, a file that contains a binary zero byte within the first 1024 bytes
is identified as a binary file, and is processed specially. (GNU grep also
identifies binary files in this manner.) See the \fB--binary-files\fP option
for a means of changing the way binary files are handled.
.
.
.SH OPTIONS
.rs
.sp
The order in which some of the options appear can affect the output. For
example, both the \fB-h\fP and \fB-l\fP options affect the printing of file
names. Whichever comes later in the command line will be the one that takes
effect. Similarly, except where noted below, if an option is given twice, the
later setting is used. Numerical values for options may be followed by K or M,
to signify multiplication by 1024 or 1024*1024 respectively.
.TP 10
\fB--\fP
This terminates the list of options. It is useful if the next item on the
command line starts with a hyphen but is not an option. This allows for the
processing of patterns and filenames that start with hyphens.
.TP
\fB-A\fP \fInumber\fP, \fB--after-context=\fP\fInumber\fP
Output \fInumber\fP lines of context after each matching line. If filenames
and/or line numbers are being output, a hyphen separator is used instead of a
colon for the context lines. A line containing "--" is output between each
group of lines, unless they are in fact contiguous in the input file. The value
of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
guarantees to have up to 8K of following text available for context output.
.TP
\fB-a\fP, \fB--text\fP
Treat binary files as text. This is equivalent to
\fB--binary-files\fP=\fItext\fP.
.TP
\fB-B\fP \fInumber\fP, \fB--before-context=\fP\fInumber\fP
Output \fInumber\fP lines of context before each matching line. If filenames
and/or line numbers are being output, a hyphen separator is used instead of a
colon for the context lines. A line containing "--" is output between each
group of lines, unless they are in fact contiguous in the input file. The value
of \fInumber\fP is expected to be relatively small. However, \fBpcregrep\fP
guarantees to have up to 8K of preceding text available for context output.
.TP
\fB--binary-files=\fP\fIword\fP
Specify how binary files are to be processed. If the word is "binary" (the
default), pattern matching is performed on binary files, but the only output is
"Binary file <name> matches" when a match succeeds. If the word is "text",
which is equivalent to the \fB-a\fP or \fB--text\fP option, binary files are
processed in the same way as any other file. In this case, when a match
succeeds, the output may be binary garbage, which can have nasty effects if
sent to a terminal. If the word is "without-match", which is equivalent to the
\fB-I\fP option, binary files are not processed at all; they are assumed not to
be of interest.
.TP
\fB--buffer-size=\fP\fInumber\fP
Set the parameter that controls how much memory is used for buffering files
that are being scanned.
.TP
\fB-C\fP \fInumber\fP, \fB--context=\fP\fInumber\fP
Output \fInumber\fP lines of context both before and after each matching line.
This is equivalent to setting both \fB-A\fP and \fB-B\fP to the same value.
.TP
\fB-c\fP, \fB--count\fP
Do not output individual lines from the files that are being scanned; instead
output the number of lines that would otherwise have been shown. If no lines
are selected, the number zero is output. If several files are are being
scanned, a count is output for each of them. However, if the
\fB--files-with-matches\fP option is also used, only those files whose counts
are greater than zero are listed. When \fB-c\fP is used, the \fB-A\fP,
\fB-B\fP, and \fB-C\fP options are ignored.
.TP
\fB--colour\fP, \fB--color\fP
If this option is given without any data, it is equivalent to "--colour=auto".
If data is required, it must be given in the same shell item, separated by an
equals sign.
.TP
\fB--colour=\fP\fIvalue\fP, \fB--color=\fP\fIvalue\fP
This option specifies under what circumstances the parts of a line that matched
a pattern should be coloured in the output. By default, the output is not
coloured. The value (which is optional, see above) may be "never", "always", or
"auto". In the latter case, colouring happens only if the standard output is
connected to a terminal. More resources are used when colouring is enabled,
because \fBpcregrep\fP has to search for all possible matches in a line, not
just one, in order to colour them all.
.sp
The colour that is used can be specified by setting the environment variable
PCREGREP_COLOUR or PCREGREP_COLOR. The value of this variable should be a
string of two numbers, separated by a semicolon. They are copied directly into
the control string for setting colour on a terminal, so it is your
responsibility to ensure that they make sense. If neither of the environment
variables is set, the default is "1;31", which gives red.
.TP
\fB-D\fP \fIaction\fP, \fB--devices=\fP\fIaction\fP
If an input path is not a regular file or a directory, "action" specifies how
it is to be processed. Valid values are "read" (the default) or "skip"
(silently skip the path).
.TP
\fB-d\fP \fIaction\fP, \fB--directories=\fP\fIaction\fP
If an input path is a directory, "action" specifies how it is to be processed.
Valid values are "read" (the default in non-Windows environments, for
compatibility with GNU grep), "recurse" (equivalent to the \fB-r\fP option), or
"skip" (silently skip the path, the default in Windows environments). In the
"read" case, directories are read as if they were ordinary files. In some
operating systems the effect of reading a directory like this is an immediate
end-of-file; in others it may provoke an error.
.TP
\fB-e\fP \fIpattern\fP, \fB--regex=\fP\fIpattern\fP, \fB--regexp=\fP\fIpattern\fP
Specify a pattern to be matched. This option can be used multiple times in
order to specify several patterns. It can also be used as a way of specifying a
single pattern that starts with a hyphen. When \fB-e\fP is used, no argument
pattern is taken from the command line; all arguments are treated as file
names. There is no limit to the number of patterns. They are applied to each
line in the order in which they are defined until one matches.
.sp
If \fB-f\fP is used with \fB-e\fP, the command line patterns are matched first,
followed by the patterns from the file(s), independent of the order in which
these options are specified. Note that multiple use of \fB-e\fP is not the same
as a single pattern with alternatives. For example, X|Y finds the first
character in a line that is X or Y, whereas if the two patterns are given
separately, with X first, \fBpcregrep\fP finds X if it is present, even if it
follows Y in the line. It finds Y only if there is no X in the line. This
matters only if you are using \fB-o\fP or \fB--colo(u)r\fP to show the part(s)
of the line that matched.
.TP
\fB--exclude\fP=\fIpattern\fP
Files (but not directories) whose names match the pattern are skipped without
being processed. This applies to all files, whether listed on the command line,
obtained from \fB--file-list\fP, or by scanning a directory. The pattern is a
PCRE regular expression, and is matched against the final component of the file
name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
apply to this pattern. The option may be given any number of times in order to
specify multiple patterns. If a file name matches both an \fB--include\fP
and an \fB--exclude\fP pattern, it is excluded. There is no short form for this
option.
.TP
\fB--exclude-from=\fP\fIfilename\fP
Treat each non-empty line of the file as the data for an \fB--exclude\fP
option. What constitutes a newline when reading the file is the operating
system's default. The \fB--newline\fP option has no effect on this option. This
option may be given more than once in order to specify a number of files to
read.
.TP
\fB--exclude-dir\fP=\fIpattern\fP
Directories whose names match the pattern are skipped without being processed,
whatever the setting of the \fB--recursive\fP option. This applies to all
directories, whether listed on the command line, obtained from
\fB--file-list\fP, or by scanning a parent directory. The pattern is a PCRE
regular expression, and is matched against the final component of the directory
name, not the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not
apply to this pattern. The option may be given any number of times in order to
specify more than one pattern. If a directory matches both \fB--include-dir\fP
and \fB--exclude-dir\fP, it is excluded. There is no short form for this
option.
.TP
\fB-F\fP, \fB--fixed-strings\fP
Interpret each data-matching pattern as a list of fixed strings, separated by
newlines, instead of as a regular expression. What constitutes a newline for
this purpose is controlled by the \fB--newline\fP option. The \fB-w\fP (match
as a word) and \fB-x\fP (match whole line) options can be used with \fB-F\fP.
They apply to each of the fixed strings. A line is selected if any of the fixed
strings are found in it (subject to \fB-w\fP or \fB-x\fP, if present). This
option applies only to the patterns that are matched against the contents of
files; it does not apply to patterns specified by any of the \fB--include\fP or
\fB--exclude\fP options.
.TP
\fB-f\fP \fIfilename\fP, \fB--file=\fP\fIfilename\fP
Read patterns from the file, one per line, and match them against
each line of input. What constitutes a newline when reading the file is the
operating system's default. The \fB--newline\fP option has no effect on this
option. Trailing white space is removed from each line, and blank lines are
ignored. An empty file contains no patterns and therefore matches nothing. See
also the comments about multiple patterns versus a single pattern with
alternatives in the description of \fB-e\fP above.
.sp
If this option is given more than once, all the specified files are
read. A data line is output if any of the patterns match it. A filename can
be given as "-" to refer to the standard input. When \fB-f\fP is used, patterns
specified on the command line using \fB-e\fP may also be present; they are
tested before the file's patterns. However, no other pattern is taken from the
command line; all arguments are treated as the names of paths to be searched.
.TP
\fB--file-list\fP=\fIfilename\fP
Read a list of files and/or directories that are to be scanned from the given
file, one per line. Trailing white space is removed from each line, and blank
lines are ignored. These paths are processed before any that are listed on the
command line. The filename can be given as "-" to refer to the standard input.
If \fB--file\fP and \fB--file-list\fP are both specified as "-", patterns are
read first. This is useful only when the standard input is a terminal, from
which further lines (the list of files) can be read after an end-of-file
indication. If this option is given more than once, all the specified files are
read.
.TP
\fB--file-offsets\fP
Instead of showing lines or parts of lines that match, show each match as an
offset from the start of the file and a length, separated by a comma. In this
mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP
options are ignored. If there is more than one match in a line, each of them is
shown separately. This option is mutually exclusive with \fB--line-offsets\fP
and \fB--only-matching\fP.
.TP
\fB-H\fP, \fB--with-filename\fP
Force the inclusion of the filename at the start of output lines when searching
a single file. By default, the filename is not shown in this case. For matching
lines, the filename is followed by a colon; for context lines, a hyphen
separator is used. If a line number is also being output, it follows the file
name.
.TP
\fB-h\fP, \fB--no-filename\fP
Suppress the output filenames when searching multiple files. By default,
filenames are shown when multiple files are searched. For matching lines, the
filename is followed by a colon; for context lines, a hyphen separator is used.
If a line number is also being output, it follows the file name.
.TP
\fB--help\fP
Output a help message, giving brief details of the command options and file
type support, and then exit. Anything else on the command line is
ignored.
.TP
\fB-I\fP
Treat binary files as never matching. This is equivalent to
\fB--binary-files\fP=\fIwithout-match\fP.
.TP
\fB-i\fP, \fB--ignore-case\fP
Ignore upper/lower case distinctions during comparisons.
.TP
\fB--include\fP=\fIpattern\fP
If any \fB--include\fP patterns are specified, the only files that are
processed are those that match one of the patterns (and do not match an
\fB--exclude\fP pattern). This option does not affect directories, but it
applies to all files, whether listed on the command line, obtained from
\fB--file-list\fP, or by scanning a directory. The pattern is a PCRE regular
expression, and is matched against the final component of the file name, not
the entire path. The \fB-F\fP, \fB-w\fP, and \fB-x\fP options do not apply to
this pattern. The option may be given any number of times. If a file name
matches both an \fB--include\fP and an \fB--exclude\fP pattern, it is excluded.
There is no short form for this option.
.TP
\fB--include-from=\fP\fIfilename\fP
Treat each non-empty line of the file as the data for an \fB--include\fP
option. What constitutes a newline for this purpose is the operating system's
default. The \fB--newline\fP option has no effect on this option. This option
may be given any number of times; all the files are read.
.TP
\fB--include-dir\fP=\fIpattern\fP
If any \fB--include-dir\fP patterns are specified, the only directories that
are processed are those that match one of the patterns (and do not match an
\fB--exclude-dir\fP pattern). This applies to all directories, whether listed
on the command line, obtained from \fB--file-list\fP, or by scanning a parent
directory. The pattern is a PCRE regular expression, and is matched against the
final component of the directory name, not the entire path. The \fB-F\fP,
\fB-w\fP, and \fB-x\fP options do not apply to this pattern. The option may be
given any number of times. If a directory matches both \fB--include-dir\fP and
\fB--exclude-dir\fP, it is excluded. There is no short form for this option.
.TP
\fB-L\fP, \fB--files-without-match\fP
Instead of outputting lines from the files, just output the names of the files
that do not contain any lines that would have been output. Each file name is
output once, on a separate line.
.TP
\fB-l\fP, \fB--files-with-matches\fP
Instead of outputting lines from the files, just output the names of the files
containing lines that would have been output. Each file name is output
once, on a separate line. Searching normally stops as soon as a matching line
is found in a file. However, if the \fB-c\fP (count) option is also used,
matching continues in order to obtain the correct count, and those files that
have at least one match are listed along with their counts. Using this option
with \fB-c\fP is a way of suppressing the listing of files with no matches.
.TP
\fB--label\fP=\fIname\fP
This option supplies a name to be used for the standard input when file names
are being output. If not supplied, "(standard input)" is used. There is no
short form for this option.
.TP
\fB--line-buffered\fP
When this option is given, input is read and processed line by line, and the
output is flushed after each write. By default, input is read in large chunks,
unless \fBpcregrep\fP can determine that it is reading from a terminal (which
is currently possible only in Unix-like environments). Output to terminal is
normally automatically flushed by the operating system. This option can be
useful when the input or output is attached to a pipe and you do not want
\fBpcregrep\fP to buffer up large amounts of data. However, its use will affect
performance, and the \fB-M\fP (multiline) option ceases to work.
.TP
\fB--line-offsets\fP
Instead of showing lines or parts of lines that match, show each match as a
line number, the offset from the start of the line, and a length. The line
number is terminated by a colon (as usual; see the \fB-n\fP option), and the
offset and length are separated by a comma. In this mode, no context is shown.
That is, the \fB-A\fP, \fB-B\fP, and \fB-C\fP options are ignored. If there is
more than one match in a line, each of them is shown separately. This option is
mutually exclusive with \fB--file-offsets\fP and \fB--only-matching\fP.
.TP
\fB--locale\fP=\fIlocale-name\fP
This option specifies a locale to be used for pattern matching. It overrides
the value in the \fBLC_ALL\fP or \fBLC_CTYPE\fP environment variables. If no
locale is specified, the PCRE library's default (usually the "C" locale) is
used. There is no short form for this option.
.TP
\fB--match-limit\fP=\fInumber\fP
Processing some regular expression patterns can require a very large amount of
memory, leading in some cases to a program crash if not enough is available.
Other patterns may take a very long time to search for all possible matching
strings. The \fBpcre_exec()\fP function that is called by \fBpcregrep\fP to do
the matching has two parameters that can limit the resources that it uses.
.sp
The \fB--match-limit\fP option provides a means of limiting resource usage
when processing patterns that are not going to match, but which have a very
large number of possibilities in their search trees. The classic example is a
pattern that uses nested unlimited repeats. Internally, PCRE uses a function
called \fBmatch()\fP which it calls repeatedly (sometimes recursively). The
limit set by \fB--match-limit\fP is imposed on the number of times this
function is called during a match, which has the effect of limiting the amount
of backtracking that can take place.
.sp
The \fB--recursion-limit\fP option is similar to \fB--match-limit\fP, but
instead of limiting the total number of times that \fBmatch()\fP is called, it
limits the depth of recursive calls, which in turn limits the amount of memory
that can be used. The recursion depth is a smaller number than the total number
of calls, because not all calls to \fBmatch()\fP are recursive. This limit is
of use only if it is set smaller than \fB--match-limit\fP.
.sp
There are no short forms for these options. The default settings are specified
when the PCRE library is compiled, with the default default being 10 million.
.TP
\fB-M\fP, \fB--multiline\fP
Allow patterns to match more than one line. When this option is given, patterns
may usefully contain literal newline characters and internal occurrences of ^
and $ characters. The output for a successful match may consist of more than
one line, the last of which is the one in which the match ended. If the matched
string ends with a newline sequence the output ends at the end of that line.
.sp
When this option is set, the PCRE library is called in "multiline" mode.
There is a limit to the number of lines that can be matched, imposed by the way
that \fBpcregrep\fP buffers the input file as it scans it. However,
\fBpcregrep\fP ensures that at least 8K characters or the rest of the document
(whichever is the shorter) are available for forward matching, and similarly
the previous 8K characters (or all the previous characters, if fewer than 8K)
are guaranteed to be available for lookbehind assertions. This option does not
work when input is read line by line (see \fP--line-buffered\fP.)
.TP
\fB-N\fP \fInewline-type\fP, \fB--newline\fP=\fInewline-type\fP
The PCRE library supports five different conventions for indicating
the ends of lines. They are the single-character sequences CR (carriage return)
and LF (linefeed), the two-character sequence CRLF, an "anycrlf" convention,
which recognizes any of the preceding three types, and an "any" convention, in
which any Unicode line ending sequence is assumed to end a line. The Unicode
sequences are the three just mentioned, plus VT (vertical tab, U+000B), FF
(form feed, U+000C), NEL (next line, U+0085), LS (line separator, U+2028), and
PS (paragraph separator, U+2029).
.sp
When the PCRE library is built, a default line-ending sequence is specified.
This is normally the standard sequence for the operating system. Unless
otherwise specified by this option, \fBpcregrep\fP uses the library's default.
The possible values for this option are CR, LF, CRLF, ANYCRLF, or ANY. This
makes it possible to use \fBpcregrep\fP to scan files that have come from other
environments without having to modify their line endings. If the data that is
being scanned does not agree with the convention set by this option,
\fBpcregrep\fP may behave in strange ways. Note that this option does not
apply to files specified by the \fB-f\fP, \fB--exclude-from\fP, or
\fB--include-from\fP options, which are expected to use the operating system's
standard newline sequence.
.TP
\fB-n\fP, \fB--line-number\fP
Precede each output line by its line number in the file, followed by a colon
for matching lines or a hyphen for context lines. If the filename is also being
output, it precedes the line number. This option is forced if
\fB--line-offsets\fP is used.
.TP
\fB--no-jit\fP
If the PCRE library is built with support for just-in-time compiling (which
speeds up matching), \fBpcregrep\fP automatically makes use of this, unless it
was explicitly disabled at build time. This option can be used to disable the
use of JIT at run time. It is provided for testing and working round problems.
It should never be needed in normal use.
.TP
\fB-o\fP, \fB--only-matching\fP
Show only the part of the line that matched a pattern instead of the whole
line. In this mode, no context is shown. That is, the \fB-A\fP, \fB-B\fP, and
\fB-C\fP options are ignored. If there is more than one match in a line, each
of them is shown separately. If \fB-o\fP is combined with \fB-v\fP (invert the
sense of the match to find non-matching lines), no output is generated, but the
return code is set appropriately. If the matched portion of the line is empty,
nothing is output unless the file name or line number are being printed, in
which case they are shown on an otherwise empty line. This option is mutually
exclusive with \fB--file-offsets\fP and \fB--line-offsets\fP.
.TP
\fB-o\fP\fInumber\fP, \fB--only-matching\fP=\fInumber\fP
Show only the part of the line that matched the capturing parentheses of the
given number. Up to 32 capturing parentheses are supported, and -o0 is
equivalent to \fB-o\fP without a number. Because these options can be given
without an argument (see above), if an argument is present, it must be given in
the same shell item, for example, -o3 or --only-matching=2. The comments given
for the non-argument case above also apply to this case. If the specified
capturing parentheses do not exist in the pattern, or were not set in the
match, nothing is output unless the file name or line number are being printed.
.sp
If this option is given multiple times, multiple substrings are output, in the
order the options are given. For example, -o3 -o1 -o3 causes the substrings
matched by capturing parentheses 3 and 1 and then 3 again to be output. By
default, there is no separator (but see the next option).
.TP
\fB--om-separator\fP=\fItext\fP
Specify a separating string for multiple occurrences of \fB-o\fP. The default
is an empty string. Separating strings are never coloured.
.TP
\fB-q\fP, \fB--quiet\fP
Work quietly, that is, display nothing except error messages. The exit
status indicates whether or not any matches were found.
.TP
\fB-r\fP, \fB--recursive\fP
If any given path is a directory, recursively scan the files it contains,
taking note of any \fB--include\fP and \fB--exclude\fP settings. By default, a
directory is read as a normal file; in some operating systems this gives an
immediate end-of-file. This option is a shorthand for setting the \fB-d\fP
option to "recurse".
.TP
\fB--recursion-limit\fP=\fInumber\fP
See \fB--match-limit\fP above.
.TP
\fB-s\fP, \fB--no-messages\fP
Suppress error messages about non-existent or unreadable files. Such files are
quietly skipped. However, the return code is still 2, even if matches were
found in other files.
.TP
\fB-u\fP, \fB--utf-8\fP
Operate in UTF-8 mode. This option is available only if PCRE has been compiled
with UTF-8 support. All patterns (including those for any \fB--exclude\fP and
\fB--include\fP options) and all subject lines that are scanned must be valid
strings of UTF-8 characters.
.TP
\fB-V\fP, \fB--version\fP
Write the version numbers of \fBpcregrep\fP and the PCRE library to the
standard output and then exit. Anything else on the command line is
ignored.
.TP
\fB-v\fP, \fB--invert-match\fP
Invert the sense of the match, so that lines which do \fInot\fP match any of
the patterns are the ones that are found.
.TP
\fB-w\fP, \fB--word-regex\fP, \fB--word-regexp\fP
Force the patterns to match only whole words. This is equivalent to having \eb
at the start and end of the pattern. This option applies only to the patterns
that are matched against the contents of files; it does not apply to patterns
specified by any of the \fB--include\fP or \fB--exclude\fP options.
.TP
\fB-x\fP, \fB--line-regex\fP, \fB--line-regexp\fP
Force the patterns to be anchored (each must start matching at the beginning of
a line) and in addition, require them to match entire lines. This is equivalent
to having ^ and $ characters at the start and end of each alternative branch in
every pattern. This option applies only to the patterns that are matched
against the contents of files; it does not apply to patterns specified by any
of the \fB--include\fP or \fB--exclude\fP options.
.
.
.SH "ENVIRONMENT VARIABLES"
.rs
.sp
The environment variables \fBLC_ALL\fP and \fBLC_CTYPE\fP are examined, in that
order, for a locale. The first one that is set is used. This can be overridden
by the \fB--locale\fP option. If no locale is set, the PCRE library's default
(usually the "C" locale) is used.
.
.
.SH "NEWLINES"
.rs
.sp
The \fB-N\fP (\fB--newline\fP) option allows \fBpcregrep\fP to scan files with
different newline conventions from the default. Any parts of the input files
that are written to the standard output are copied identically, with whatever
newline sequences they have in the input. However, the setting of this option
does not affect the interpretation of files specified by the \fB-f\fP,
\fB--exclude-from\fP, or \fB--include-from\fP options, which are assumed to use
the operating system's standard newline sequence, nor does it affect the way in
which \fBpcregrep\fP writes informational messages to the standard error and
output streams. For these it uses the string "\en" to indicate newlines,
relying on the C I/O library to convert this to an appropriate sequence.
.
.
.SH "OPTIONS COMPATIBILITY"
.rs
.sp
Many of the short and long forms of \fBpcregrep\fP's options are the same
as in the GNU \fBgrep\fP program. Any long option of the form
\fB--xxx-regexp\fP (GNU terminology) is also available as \fB--xxx-regex\fP
(PCRE terminology). However, the \fB--file-list\fP, \fB--file-offsets\fP,
\fB--include-dir\fP, \fB--line-offsets\fP, \fB--locale\fP, \fB--match-limit\fP,
\fB-M\fP, \fB--multiline\fP, \fB-N\fP, \fB--newline\fP, \fB--om-separator\fP,
\fB--recursion-limit\fP, \fB-u\fP, and \fB--utf-8\fP options are specific to
\fBpcregrep\fP, as is the use of the \fB--only-matching\fP option with a
capturing parentheses number.
.P
Although most of the common options work the same way, a few are different in
\fBpcregrep\fP. For example, the \fB--include\fP option's argument is a glob
for GNU \fBgrep\fP, but a regular expression for \fBpcregrep\fP. If both the
\fB-c\fP and \fB-l\fP options are given, GNU grep lists only file names,
without counts, but \fBpcregrep\fP gives the counts.
.
.
.SH "OPTIONS WITH DATA"
.rs
.sp
There are four different ways in which an option with data can be specified.
If a short form option is used, the data may follow immediately, or (with one
exception) in the next command line item. For example:
.sp
  -f/some/file
  -f /some/file
.sp
The exception is the \fB-o\fP option, which may appear with or without data.
Because of this, if data is present, it must follow immediately in the same
item, for example -o3.
.P
If a long form option is used, the data may appear in the same command line
item, separated by an equals character, or (with two exceptions) it may appear
in the next command line item. For example:
.sp
  --file=/some/file
  --file /some/file
.sp
Note, however, that if you want to supply a file name beginning with ~ as data
in a shell command, and have the shell expand ~ to a home directory, you must
separate the file name from the option, because the shell does not treat ~
specially unless it is at the start of an item.
.P
The exceptions to the above are the \fB--colour\fP (or \fB--color\fP) and
\fB--only-matching\fP options, for which the data is optional. If one of these
options does have data, it must be given in the first form, using an equals
character. Otherwise \fBpcregrep\fP will assume that it has no data.
.
.
.SH "MATCHING ERRORS"
.rs
.sp
It is possible to supply a regular expression that takes a very long time to
fail to match certain lines. Such patterns normally involve nested indefinite
repeats, for example: (a+)*\ed when matched against a line of a's with no final
digit. The PCRE matching function has a resource limit that causes it to abort
in these circumstances. If this happens, \fBpcregrep\fP outputs an error
message and the line that caused the problem to the standard error stream. If
there are more than 20 such errors, \fBpcregrep\fP gives up.
.P
The \fB--match-limit\fP option of \fBpcregrep\fP can be used to set the overall
resource limit; there is a second option called \fB--recursion-limit\fP that
sets a limit on the amount of memory (usually stack) that is used (see the
discussion of these options above).
.
.
.SH DIAGNOSTICS
.rs
.sp
Exit status is 0 if any matches were found, 1 if no matches were found, and 2
for syntax errors, overlong lines, non-existent or inaccessible files (even if
matches were found in other files) or too many matching errors. Using the
\fB-s\fP option to suppress error messages about inaccessible files does not
affect the return code.
.
.
.SH "SEE ALSO"
.rs
.sp
\fBpcrepattern\fP(3), \fBpcresyntax\fP(3), \fBpcretest\fP(1).
.
.
.SH AUTHOR
.rs
.sp
.nf
Philip Hazel
University Computing Service
Cambridge CB2 3QH, England.
.fi
.
.
.SH REVISION
.rs
.sp
.nf
Last updated: 03 April 2014
Copyright (c) 1997-2014 University of Cambridge.
.fi
PK�����[�g\���0���0�����man1/pcretest.1nu��[�����������.TH PCRETEST 1 "23 February 2017" "PCRE 8.41"
.SH NAME
pcretest - a program for testing Perl-compatible regular expressions.
.SH SYNOPSIS
.rs
.sp
.B pcretest "[options] [input file [output file]]"
.sp
\fBpcretest\fP was written as a test program for the PCRE regular expression
library itself, but it can also be used for experimenting with regular
expressions. This document describes the features of the test program; for
details of the regular expressions themselves, see the
.\" HREF
\fBpcrepattern\fP
.\"
documentation. For details of the PCRE library function calls and their
options, see the
.\" HREF
\fBpcreapi\fP
.\"
,
.\" HREF
\fBpcre16\fP
and
.\" HREF
\fBpcre32\fP
.\"
documentation.
.P
The input for \fBpcretest\fP is a sequence of regular expression patterns and
strings to be matched, as described below. The output shows the result of each
match. Options on the command line and the patterns control PCRE options and
exactly what is output.
.P
As PCRE has evolved, it has acquired many different features, and as a result,
\fBpcretest\fP now has rather a lot of obscure options for testing every
possible feature. Some of these options are specifically designed for use in
conjunction with the test script and data files that are distributed as part of
PCRE, and are unlikely to be of use otherwise. They are all documented here,
but without much justification.
.
.
.SH "INPUT DATA FORMAT"
.rs
.sp
Input to \fBpcretest\fP is processed line by line, either by calling the C
library's \fBfgets()\fP function, or via the \fBlibreadline\fP library (see
below). In Unix-like environments, \fBfgets()\fP treats any bytes other than
newline as data characters. However, in some Windows environments character 26
(hex 1A) causes an immediate end of file, and no further data is read. For
maximum portability, therefore, it is safest to use only ASCII characters in
\fBpcretest\fP input files.
.P
The input is processed using using C's string functions, so must not
contain binary zeroes, even though in Unix-like environments, \fBfgets()\fP
treats any bytes other than newline as data characters.
.
.
.SH "PCRE's 8-BIT, 16-BIT AND 32-BIT LIBRARIES"
.rs
.sp
From release 8.30, two separate PCRE libraries can be built. The original one
supports 8-bit character strings, whereas the newer 16-bit library supports
character strings encoded in 16-bit units. From release 8.32, a third library
can be built, supporting character strings encoded in 32-bit units. The
\fBpcretest\fP program can be used to test all three libraries. However, it is
itself still an 8-bit program, reading 8-bit input and writing 8-bit output.
When testing the 16-bit or 32-bit library, the patterns and data strings are
converted to 16- or 32-bit format before being passed to the PCRE library
functions. Results are converted to 8-bit for output.
.P
References to functions and structures of the form \fBpcre[16|32]_xx\fP below
mean "\fBpcre_xx\fP when using the 8-bit library, \fBpcre16_xx\fP when using
the 16-bit library, or \fBpcre32_xx\fP when using the 32-bit library".
.
.
.SH "COMMAND LINE OPTIONS"
.rs
.TP 10
\fB-8\fP
If both the 8-bit library has been built, this option causes the 8-bit library
to be used (which is the default); if the 8-bit library has not been built,
this option causes an error.
.TP 10
\fB-16\fP
If both the 8-bit or the 32-bit, and the 16-bit libraries have been built, this
option causes the 16-bit library to be used. If only the 16-bit library has been
built, this is the default (so has no effect). If only the 8-bit or the 32-bit
library has been built, this option causes an error.
.TP 10
\fB-32\fP
If both the 8-bit or the 16-bit, and the 32-bit libraries have been built, this
option causes the 32-bit library to be used. If only the 32-bit library has been
built, this is the default (so has no effect). If only the 8-bit or the 16-bit
library has been built, this option causes an error.
.TP 10
\fB-b\fP
Behave as if each pattern has the \fB/B\fP (show byte code) modifier; the
internal form is output after compilation.
.TP 10
\fB-C\fP
Output the version number of the PCRE library, and all available information
about the optional features that are included, and then exit with zero exit
code. All other options are ignored.
.TP 10
\fB-C\fP \fIoption\fP
Output information about a specific build-time option, then exit. This
functionality is intended for use in scripts such as \fBRunTest\fP. The
following options output the value and set the exit code as indicated:
.sp
  ebcdic-nl  the code for LF (= NL) in an EBCDIC environment:
               0x15 or 0x25
               0 if used in an ASCII environment
               exit code is always 0
  linksize   the configured internal link size (2, 3, or 4)
               exit code is set to the link size
  newline    the default newline setting:
               CR, LF, CRLF, ANYCRLF, or ANY
               exit code is always 0
  bsr        the default setting for what \eR matches:
               ANYCRLF or ANY
               exit code is always 0
.sp
The following options output 1 for true or 0 for false, and set the exit code
to the same value:
.sp
  ebcdic     compiled for an EBCDIC environment
  jit        just-in-time support is available
  pcre16     the 16-bit library was built
  pcre32     the 32-bit library was built
  pcre8      the 8-bit library was built
  ucp        Unicode property support is available
  utf        UTF-8 and/or UTF-16 and/or UTF-32 support
               is available
.sp
If an unknown option is given, an error message is output; the exit code is 0.
.TP 10
\fB-d\fP
Behave as if each pattern has the \fB/D\fP (debug) modifier; the internal
form and information about the compiled pattern is output after compilation;
\fB-d\fP is equivalent to \fB-b -i\fP.
.TP 10
\fB-dfa\fP
Behave as if each data line contains the \eD escape sequence; this causes the
alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, to be used instead
of the standard \fBpcre[16|32]_exec()\fP function (more detail is given below).
.TP 10
\fB-help\fP
Output a brief summary these options and then exit.
.TP 10
\fB-i\fP
Behave as if each pattern has the \fB/I\fP modifier; information about the
compiled pattern is given after compilation.
.TP 10
\fB-M\fP
Behave as if each data line contains the \eM escape sequence; this causes
PCRE to discover the minimum MATCH_LIMIT and MATCH_LIMIT_RECURSION settings by
calling \fBpcre[16|32]_exec()\fP repeatedly with different limits.
.TP 10
\fB-m\fP
Output the size of each compiled pattern after it has been compiled. This is
equivalent to adding \fB/M\fP to each regular expression. The size is given in
bytes for both libraries.
.TP 10
\fB-O\fP
Behave as if each pattern has the \fB/O\fP modifier, that is disable
auto-possessification for all patterns.
.TP 10
\fB-o\fP \fIosize\fP
Set the number of elements in the output vector that is used when calling
\fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP to be \fIosize\fP. The
default value is 45, which is enough for 14 capturing subexpressions for
\fBpcre[16|32]_exec()\fP or 22 different matches for
\fBpcre[16|32]_dfa_exec()\fP.
The vector size can be changed for individual matching calls by including \eO
in the data line (see below).
.TP 10
\fB-p\fP
Behave as if each pattern has the \fB/P\fP modifier; the POSIX wrapper API is
used to call PCRE. None of the other options has any effect when \fB-p\fP is
set. This option can be used only with the 8-bit library.
.TP 10
\fB-q\fP
Do not output the version number of \fBpcretest\fP at the start of execution.
.TP 10
\fB-S\fP \fIsize\fP
On Unix-like systems, set the size of the run-time stack to \fIsize\fP
megabytes.
.TP 10
\fB-s\fP or \fB-s+\fP
Behave as if each pattern has the \fB/S\fP modifier; in other words, force each
pattern to be studied. If \fB-s+\fP is used, all the JIT compile options are
passed to \fBpcre[16|32]_study()\fP, causing just-in-time optimization to be set
up if it is available, for both full and partial matching. Specific JIT compile
options can be selected by following \fB-s+\fP with a digit in the range 1 to
7, which selects the JIT compile modes as follows:
.sp
  1  normal match only
  2  soft partial match only
  3  normal match and soft partial match
  4  hard partial match only
  6  soft and hard partial match
  7  all three modes (default)
.sp
If \fB-s++\fP is used instead of \fB-s+\fP (with or without a following digit),
the text "(JIT)" is added to the first output line after a match or no match
when JIT-compiled code was actually used.
.sp
Note that there are pattern options that can override \fB-s\fP, either
specifying no studying at all, or suppressing JIT compilation.
.sp
If the \fB/I\fP or \fB/D\fP option is present on a pattern (requesting output
about the compiled pattern), information about the result of studying is not
included when studying is caused only by \fB-s\fP and neither \fB-i\fP nor
\fB-d\fP is present on the command line. This behaviour means that the output
from tests that are run with and without \fB-s\fP should be identical, except
when options that output information about the actual running of a match are
set.
.sp
The \fB-M\fP, \fB-t\fP, and \fB-tm\fP options, which give information about
resources used, are likely to produce different output with and without
\fB-s\fP. Output may also differ if the \fB/C\fP option is present on an
individual pattern. This uses callouts to trace the the matching process, and
this may be different between studied and non-studied patterns. If the pattern
contains (*MARK) items there may also be differences, for the same reason. The
\fB-s\fP command line option can be overridden for specific patterns that
should never be studied (see the \fB/S\fP pattern modifier below).
.TP 10
\fB-t\fP
Run each compile, study, and match many times with a timer, and output the
resulting times per compile, study, or match (in milliseconds). Do not set
\fB-m\fP with \fB-t\fP, because you will then get the size output a zillion
times, and the timing will be distorted. You can control the number of
iterations that are used for timing by following \fB-t\fP with a number (as a
separate item on the command line). For example, "-t 1000" iterates 1000 times.
The default is to iterate 500000 times.
.TP 10
\fB-tm\fP
This is like \fB-t\fP except that it times only the matching phase, not the
compile or study phases.
.TP 10
\fB-T\fP \fB-TM\fP
These behave like \fB-t\fP and \fB-tm\fP, but in addition, at the end of a run,
the total times for all compiles, studies, and matches are output.
.
.
.SH DESCRIPTION
.rs
.sp
If \fBpcretest\fP is given two filename arguments, it reads from the first and
writes to the second. If it is given only one filename argument, it reads from
that file and writes to stdout. Otherwise, it reads from stdin and writes to
stdout, and prompts for each line of input, using "re>" to prompt for regular
expressions, and "data>" to prompt for data lines.
.P
When \fBpcretest\fP is built, a configuration option can specify that it should
be linked with the \fBlibreadline\fP library. When this is done, if the input
is from a terminal, it is read using the \fBreadline()\fP function. This
provides line-editing and history facilities. The output from the \fB-help\fP
option states whether or not \fBreadline()\fP will be used.
.P
The program handles any number of sets of input on a single input file. Each
set starts with a regular expression, and continues with any number of data
lines to be matched against that pattern.
.P
Each data line is matched separately and independently. If you want to do
multi-line matches, you have to use the \en escape sequence (or \er or \er\en,
etc., depending on the newline setting) in a single line of input to encode the
newline sequences. There is no limit on the length of data lines; the input
buffer is automatically extended if it is too small.
.P
An empty line signals the end of the data lines, at which point a new regular
expression is read. The regular expressions are given enclosed in any
non-alphanumeric delimiters other than backslash, for example:
.sp
  /(a|bc)x+yz/
.sp
White space before the initial delimiter is ignored. A regular expression may
be continued over several input lines, in which case the newline characters are
included within it. It is possible to include the delimiter within the pattern
by escaping it, for example
.sp
  /abc\e/def/
.sp
If you do so, the escape and the delimiter form part of the pattern, but since
delimiters are always non-alphanumeric, this does not affect its interpretation.
If the terminating delimiter is immediately followed by a backslash, for
example,
.sp
  /abc/\e
.sp
then a backslash is added to the end of the pattern. This is done to provide a
way of testing the error condition that arises if a pattern finishes with a
backslash, because
.sp
  /abc\e/
.sp
is interpreted as the first line of a pattern that starts with "abc/", causing
pcretest to read the next line as a continuation of the regular expression.
.
.
.SH "PATTERN MODIFIERS"
.rs
.sp
A pattern may be followed by any number of modifiers, which are mostly single
characters, though some of these can be qualified by further characters.
Following Perl usage, these are referred to below as, for example, "the
\fB/i\fP modifier", even though the delimiter of the pattern need not always be
a slash, and no slash is used when writing modifiers. White space may appear
between the final pattern delimiter and the first modifier, and between the
modifiers themselves. For reference, here is a complete list of modifiers. They
fall into several groups that are described in detail in the following
sections.
.sp
  \fB/8\fP              set UTF mode
  \fB/9\fP              set PCRE_NEVER_UTF (locks out UTF mode)
  \fB/?\fP              disable UTF validity check
  \fB/+\fP              show remainder of subject after match
  \fB/=\fP              show all captures (not just those that are set)
.sp
  \fB/A\fP              set PCRE_ANCHORED
  \fB/B\fP              show compiled code
  \fB/C\fP              set PCRE_AUTO_CALLOUT
  \fB/D\fP              same as \fB/B\fP plus \fB/I\fP
  \fB/E\fP              set PCRE_DOLLAR_ENDONLY
  \fB/F\fP              flip byte order in compiled pattern
  \fB/f\fP              set PCRE_FIRSTLINE
  \fB/G\fP              find all matches (shorten string)
  \fB/g\fP              find all matches (use startoffset)
  \fB/I\fP              show information about pattern
  \fB/i\fP              set PCRE_CASELESS
  \fB/J\fP              set PCRE_DUPNAMES
  \fB/K\fP              show backtracking control names
  \fB/L\fP              set locale
  \fB/M\fP              show compiled memory size
  \fB/m\fP              set PCRE_MULTILINE
  \fB/N\fP              set PCRE_NO_AUTO_CAPTURE
  \fB/O\fP              set PCRE_NO_AUTO_POSSESS
  \fB/P\fP              use the POSIX wrapper
  \fB/Q\fP              test external stack check function
  \fB/S\fP              study the pattern after compilation
  \fB/s\fP              set PCRE_DOTALL
  \fB/T\fP              select character tables
  \fB/U\fP              set PCRE_UNGREEDY
  \fB/W\fP              set PCRE_UCP
  \fB/X\fP              set PCRE_EXTRA
  \fB/x\fP              set PCRE_EXTENDED
  \fB/Y\fP              set PCRE_NO_START_OPTIMIZE
  \fB/Z\fP              don't show lengths in \fB/B\fP output
.sp
  \fB/<any>\fP          set PCRE_NEWLINE_ANY
  \fB/<anycrlf>\fP      set PCRE_NEWLINE_ANYCRLF
  \fB/<cr>\fP           set PCRE_NEWLINE_CR
  \fB/<crlf>\fP         set PCRE_NEWLINE_CRLF
  \fB/<lf>\fP           set PCRE_NEWLINE_LF
  \fB/<bsr_anycrlf>\fP  set PCRE_BSR_ANYCRLF
  \fB/<bsr_unicode>\fP  set PCRE_BSR_UNICODE
  \fB/<JS>\fP           set PCRE_JAVASCRIPT_COMPAT
.sp
.
.
.SS "Perl-compatible modifiers"
.rs
.sp
The \fB/i\fP, \fB/m\fP, \fB/s\fP, and \fB/x\fP modifiers set the PCRE_CASELESS,
PCRE_MULTILINE, PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when
\fBpcre[16|32]_compile()\fP is called. These four modifier letters have the same
effect as they do in Perl. For example:
.sp
  /caseless/i
.sp
.
.
.SS "Modifiers for other PCRE options"
.rs
.sp
The following table shows additional modifiers for setting PCRE compile-time
options that do not correspond to anything in Perl:
.sp
  \fB/8\fP              PCRE_UTF8           ) when using the 8-bit
  \fB/?\fP              PCRE_NO_UTF8_CHECK  )   library
.sp
  \fB/8\fP              PCRE_UTF16          ) when using the 16-bit
  \fB/?\fP              PCRE_NO_UTF16_CHECK )   library
.sp
  \fB/8\fP              PCRE_UTF32          ) when using the 32-bit
  \fB/?\fP              PCRE_NO_UTF32_CHECK )   library
.sp
  \fB/9\fP              PCRE_NEVER_UTF
  \fB/A\fP              PCRE_ANCHORED
  \fB/C\fP              PCRE_AUTO_CALLOUT
  \fB/E\fP              PCRE_DOLLAR_ENDONLY
  \fB/f\fP              PCRE_FIRSTLINE
  \fB/J\fP              PCRE_DUPNAMES
  \fB/N\fP              PCRE_NO_AUTO_CAPTURE
  \fB/O\fP              PCRE_NO_AUTO_POSSESS
  \fB/U\fP              PCRE_UNGREEDY
  \fB/W\fP              PCRE_UCP
  \fB/X\fP              PCRE_EXTRA
  \fB/Y\fP              PCRE_NO_START_OPTIMIZE
  \fB/<any>\fP          PCRE_NEWLINE_ANY
  \fB/<anycrlf>\fP      PCRE_NEWLINE_ANYCRLF
  \fB/<cr>\fP           PCRE_NEWLINE_CR
  \fB/<crlf>\fP         PCRE_NEWLINE_CRLF
  \fB/<lf>\fP           PCRE_NEWLINE_LF
  \fB/<bsr_anycrlf>\fP  PCRE_BSR_ANYCRLF
  \fB/<bsr_unicode>\fP  PCRE_BSR_UNICODE
  \fB/<JS>\fP           PCRE_JAVASCRIPT_COMPAT
.sp
The modifiers that are enclosed in angle brackets are literal strings as shown,
including the angle brackets, but the letters within can be in either case.
This example sets multiline matching with CRLF as the line ending sequence:
.sp
  /^abc/m<CRLF>
.sp
As well as turning on the PCRE_UTF8/16/32 option, the \fB/8\fP modifier causes
all non-printing characters in output strings to be printed using the
\ex{hh...} notation. Otherwise, those less than 0x100 are output in hex without
the curly brackets.
.P
Full details of the PCRE options are given in the
.\" HREF
\fBpcreapi\fP
.\"
documentation.
.
.
.SS "Finding all matches in a string"
.rs
.sp
Searching for all possible matches within each subject string can be requested
by the \fB/g\fP or \fB/G\fP modifier. After finding a match, PCRE is called
again to search the remainder of the subject string. The difference between
\fB/g\fP and \fB/G\fP is that the former uses the \fIstartoffset\fP argument to
\fBpcre[16|32]_exec()\fP to start searching at a new point within the entire
string (which is in effect what Perl does), whereas the latter passes over a
shortened substring. This makes a difference to the matching process if the
pattern begins with a lookbehind assertion (including \eb or \eB).
.P
If any call to \fBpcre[16|32]_exec()\fP in a \fB/g\fP or \fB/G\fP sequence matches
an empty string, the next call is done with the PCRE_NOTEMPTY_ATSTART and
PCRE_ANCHORED flags set in order to search for another, non-empty, match at the
same point. If this second match fails, the start offset is advanced, and the
normal match is retried. This imitates the way Perl handles such cases when
using the \fB/g\fP modifier or the \fBsplit()\fP function. Normally, the start
offset is advanced by one character, but if the newline convention recognizes
CRLF as a newline, and the current character is CR followed by LF, an advance
of two is used.
.
.
.SS "Other modifiers"
.rs
.sp
There are yet more modifiers for controlling the way \fBpcretest\fP
operates.
.P
The \fB/+\fP modifier requests that as well as outputting the substring that
matched the entire pattern, \fBpcretest\fP should in addition output the
remainder of the subject string. This is useful for tests where the subject
contains multiple copies of the same substring. If the \fB+\fP modifier appears
twice, the same action is taken for captured substrings. In each case the
remainder is output on the following line with a plus character following the
capture number. Note that this modifier must not immediately follow the /S
modifier because /S+ and /S++ have other meanings.
.P
The \fB/=\fP modifier requests that the values of all potential captured
parentheses be output after a match. By default, only those up to the highest
one actually used in the match are output (corresponding to the return code
from \fBpcre[16|32]_exec()\fP). Values in the offsets vector corresponding to
higher numbers should be set to -1, and these are output as "<unset>". This
modifier gives a way of checking that this is happening.
.P
The \fB/B\fP modifier is a debugging feature. It requests that \fBpcretest\fP
output a representation of the compiled code after compilation. Normally this
information contains length and offset values; however, if \fB/Z\fP is also
present, this data is replaced by spaces. This is a special feature for use in
the automatic test scripts; it ensures that the same output is generated for
different internal link sizes.
.P
The \fB/D\fP modifier is a PCRE debugging feature, and is equivalent to
\fB/BI\fP, that is, both the \fB/B\fP and the \fB/I\fP modifiers.
.P
The \fB/F\fP modifier causes \fBpcretest\fP to flip the byte order of the
2-byte and 4-byte fields in the compiled pattern. This facility is for testing
the feature in PCRE that allows it to execute patterns that were compiled on a
host with a different endianness. This feature is not available when the POSIX
interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
specified. See also the section about saving and reloading compiled patterns
below.
.P
The \fB/I\fP modifier requests that \fBpcretest\fP output information about the
compiled pattern (whether it is anchored, has a fixed first character, and
so on). It does this by calling \fBpcre[16|32]_fullinfo()\fP after compiling a
pattern. If the pattern is studied, the results of that are also output. In
this output, the word "char" means a non-UTF character, that is, the value of a
single data item (8-bit, 16-bit, or 32-bit, depending on the library that is
being tested).
.P
The \fB/K\fP modifier requests \fBpcretest\fP to show names from backtracking
control verbs that are returned from calls to \fBpcre[16|32]_exec()\fP. It causes
\fBpcretest\fP to create a \fBpcre[16|32]_extra\fP block if one has not already
been created by a call to \fBpcre[16|32]_study()\fP, and to set the
PCRE_EXTRA_MARK flag and the \fBmark\fP field within it, every time that
\fBpcre[16|32]_exec()\fP is called. If the variable that the \fBmark\fP field
points to is non-NULL for a match, non-match, or partial match, \fBpcretest\fP
prints the string to which it points. For a match, this is shown on a line by
itself, tagged with "MK:". For a non-match it is added to the message.
.P
The \fB/L\fP modifier must be followed directly by the name of a locale, for
example,
.sp
  /pattern/Lfr_FR
.sp
For this reason, it must be the last modifier. The given locale is set,
\fBpcre[16|32]_maketables()\fP is called to build a set of character tables for
the locale, and this is then passed to \fBpcre[16|32]_compile()\fP when compiling
the regular expression. Without an \fB/L\fP (or \fB/T\fP) modifier, NULL is
passed as the tables pointer; that is, \fB/L\fP applies only to the expression
on which it appears.
.P
The \fB/M\fP modifier causes the size in bytes of the memory block used to hold
the compiled pattern to be output. This does not include the size of the
\fBpcre[16|32]\fP block; it is just the actual compiled data. If the pattern is
successfully studied with the PCRE_STUDY_JIT_COMPILE option, the size of the
JIT compiled code is also output.
.P
The \fB/Q\fP modifier is used to test the use of \fBpcre_stack_guard\fP. It
must be followed by '0' or '1', specifying the return code to be given from an
external function that is passed to PCRE and used for stack checking during
compilation (see the
.\" HREF
\fBpcreapi\fP
.\"
documentation for details).
.P
The \fB/S\fP modifier causes \fBpcre[16|32]_study()\fP to be called after the
expression has been compiled, and the results used when the expression is
matched. There are a number of qualifying characters that may follow \fB/S\fP.
They may appear in any order.
.P
If \fB/S\fP is followed by an exclamation mark, \fBpcre[16|32]_study()\fP is
called with the PCRE_STUDY_EXTRA_NEEDED option, causing it always to return a
\fBpcre_extra\fP block, even when studying discovers no useful information.
.P
If \fB/S\fP is followed by a second S character, it suppresses studying, even
if it was requested externally by the \fB-s\fP command line option. This makes
it possible to specify that certain patterns are always studied, and others are
never studied, independently of \fB-s\fP. This feature is used in the test
files in a few cases where the output is different when the pattern is studied.
.P
If the \fB/S\fP modifier is followed by a + character, the call to
\fBpcre[16|32]_study()\fP is made with all the JIT study options, requesting
just-in-time optimization support if it is available, for both normal and
partial matching. If you want to restrict the JIT compiling modes, you can
follow \fB/S+\fP with a digit in the range 1 to 7:
.sp
  1  normal match only
  2  soft partial match only
  3  normal match and soft partial match
  4  hard partial match only
  6  soft and hard partial match
  7  all three modes (default)
.sp
If \fB/S++\fP is used instead of \fB/S+\fP (with or without a following digit),
the text "(JIT)" is added to the first output line after a match or no match
when JIT-compiled code was actually used.
.P
Note that there is also an independent \fB/+\fP modifier; it must not be given
immediately after \fB/S\fP or \fB/S+\fP because this will be misinterpreted.
.P
If JIT studying is successful, the compiled JIT code will automatically be used
when \fBpcre[16|32]_exec()\fP is run, except when incompatible run-time options
are specified. For more details, see the
.\" HREF
\fBpcrejit\fP
.\"
documentation. See also the \fB\eJ\fP escape sequence below for a way of
setting the size of the JIT stack.
.P
Finally, if \fB/S\fP is followed by a minus character, JIT compilation is
suppressed, even if it was requested externally by the \fB-s\fP command line
option. This makes it possible to specify that JIT is never to be used for
certain patterns.
.P
The \fB/T\fP modifier must be followed by a single digit. It causes a specific
set of built-in character tables to be passed to \fBpcre[16|32]_compile()\fP. It
is used in the standard PCRE tests to check behaviour with different character
tables. The digit specifies the tables as follows:
.sp
  0   the default ASCII tables, as distributed in
        pcre_chartables.c.dist
  1   a set of tables defining ISO 8859 characters
.sp
In table 1, some characters whose codes are greater than 128 are identified as
letters, digits, spaces, etc.
.
.
.SS "Using the POSIX wrapper API"
.rs
.sp
The \fB/P\fP modifier causes \fBpcretest\fP to call PCRE via the POSIX wrapper
API rather than its native API. This supports only the 8-bit library. When
\fB/P\fP is set, the following modifiers set options for the \fBregcomp()\fP
function:
.sp
  /i    REG_ICASE
  /m    REG_NEWLINE
  /N    REG_NOSUB
  /s    REG_DOTALL     )
  /U    REG_UNGREEDY   ) These options are not part of
  /W    REG_UCP        )   the POSIX standard
  /8    REG_UTF8       )
.sp
The \fB/+\fP modifier works as described above. All other modifiers are
ignored.
.
.
.SS "Locking out certain modifiers"
.rs
.sp
PCRE can be compiled with or without support for certain features such as
UTF-8/16/32 or Unicode properties. Accordingly, the standard tests are split up
into a number of different files that are selected for running depending on
which features are available. When updating the tests, it is all too easy to
put a new test into the wrong file by mistake; for example, to put a test that
requires UTF support into a file that is used when it is not available. To help
detect such mistakes as early as possible, there is a facility for locking out
specific modifiers. If an input line for \fBpcretest\fP starts with the string
"< forbid " the following sequence of characters is taken as a list of
forbidden modifiers. For example, in the test files that must not use UTF or
Unicode property support, this line appears:
.sp
  < forbid 8W
.sp
This locks out the /8 and /W modifiers. An immediate error is given if they are
subsequently encountered. If the character string contains < but not >, all the
multi-character modifiers that begin with < are locked out. Otherwise, such
modifiers must be explicitly listed, for example:
.sp
  < forbid <JS><cr>
.sp
There must be a single space between < and "forbid" for this feature to be
recognised. If there is not, the line is interpreted either as a request to
re-load a pre-compiled pattern (see "SAVING AND RELOADING COMPILED PATTERNS"
below) or, if there is a another < character, as a pattern that uses < as its
delimiter.
.
.
.SH "DATA LINES"
.rs
.sp
Before each data line is passed to \fBpcre[16|32]_exec()\fP, leading and trailing
white space is removed, and it is then scanned for \e escapes. Some of these
are pretty esoteric features, intended for checking out some of the more
complicated features of PCRE. If you are just testing "ordinary" regular
expressions, you probably don't need any of these. The following escapes are
recognized:
.sp
  \ea         alarm (BEL, \ex07)
  \eb         backspace (\ex08)
  \ee         escape (\ex27)
  \ef         form feed (\ex0c)
  \en         newline (\ex0a)
.\" JOIN
  \eqdd       set the PCRE_MATCH_LIMIT limit to dd
               (any number of digits)
  \er         carriage return (\ex0d)
  \et         tab (\ex09)
  \ev         vertical tab (\ex0b)
  \ennn       octal character (up to 3 octal digits); always
               a byte unless > 255 in UTF-8 or 16-bit or 32-bit mode
  \eo{dd...}  octal character (any number of octal digits}
  \exhh       hexadecimal byte (up to 2 hex digits)
  \ex{hh...}  hexadecimal character (any number of hex digits)
.\" JOIN
  \eA         pass the PCRE_ANCHORED option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \eB         pass the PCRE_NOTBOL option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \eCdd       call pcre[16|32]_copy_substring() for substring dd
               after a successful match (number less than 32)
.\" JOIN
  \eCname     call pcre[16|32]_copy_named_substring() for substring
               "name" after a successful match (name terminated
               by next non alphanumeric character)
.\" JOIN
  \eC+        show the current captured substrings at callout
               time
  \eC-        do not supply a callout function
.\" JOIN
  \eC!n       return 1 instead of 0 when callout number n is
               reached
.\" JOIN
  \eC!n!m     return 1 instead of 0 when callout number n is
               reached for the nth time
.\" JOIN
  \eC*n       pass the number n (may be negative) as callout
               data; this is used as the callout return value
  \eD         use the \fBpcre[16|32]_dfa_exec()\fP match function
  \eF         only shortest match for \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \eGdd       call pcre[16|32]_get_substring() for substring dd
               after a successful match (number less than 32)
.\" JOIN
  \eGname     call pcre[16|32]_get_named_substring() for substring
               "name" after a successful match (name terminated
               by next non-alphanumeric character)
.\" JOIN
  \eJdd       set up a JIT stack of dd kilobytes maximum (any
               number of digits)
.\" JOIN
  \eL         call pcre[16|32]_get_substringlist() after a
               successful match
.\" JOIN
  \eM         discover the minimum MATCH_LIMIT and
               MATCH_LIMIT_RECURSION settings
.\" JOIN
  \eN         pass the PCRE_NOTEMPTY option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
               PCRE_NOTEMPTY_ATSTART option
.\" JOIN
  \eOdd       set the size of the output vector passed to
               \fBpcre[16|32]_exec()\fP to dd (any number of digits)
.\" JOIN
  \eP         pass the PCRE_PARTIAL_SOFT option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP; if used twice, pass the
               PCRE_PARTIAL_HARD option
.\" JOIN
  \eQdd       set the PCRE_MATCH_LIMIT_RECURSION limit to dd
               (any number of digits)
  \eR         pass the PCRE_DFA_RESTART option to \fBpcre[16|32]_dfa_exec()\fP
  \eS         output details of memory get/free calls during matching
.\" JOIN
  \eY         pass the PCRE_NO_START_OPTIMIZE option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \eZ         pass the PCRE_NOTEOL option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e?         pass the PCRE_NO_UTF[8|16|32]_CHECK option to
               \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e>dd       start the match at offset dd (optional "-"; then
               any number of digits); this sets the \fIstartoffset\fP
               argument for \fBpcre[16|32]_exec()\fP or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e<cr>      pass the PCRE_NEWLINE_CR option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e<lf>      pass the PCRE_NEWLINE_LF option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e<crlf>    pass the PCRE_NEWLINE_CRLF option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e<anycrlf> pass the PCRE_NEWLINE_ANYCRLF option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.\" JOIN
  \e<any>     pass the PCRE_NEWLINE_ANY option to \fBpcre[16|32]_exec()\fP
               or \fBpcre[16|32]_dfa_exec()\fP
.sp
The use of \ex{hh...} is not dependent on the use of the \fB/8\fP modifier on
the pattern. It is recognized always. There may be any number of hexadecimal
digits inside the braces; invalid values provoke error messages.
.P
Note that \exhh specifies one byte rather than one character in UTF-8 mode;
this makes it possible to construct invalid UTF-8 sequences for testing
purposes. On the other hand, \ex{hh} is interpreted as a UTF-8 character in
UTF-8 mode, generating more than one byte if the value is greater than 127.
When testing the 8-bit library not in UTF-8 mode, \ex{hh} generates one byte
for values less than 256, and causes an error for greater values.
.P
In UTF-16 mode, all 4-digit \ex{hhhh} values are accepted. This makes it
possible to construct invalid UTF-16 sequences for testing purposes.
.P
In UTF-32 mode, all 4- to 8-digit \ex{...} values are accepted. This makes it
possible to construct invalid UTF-32 sequences for testing purposes.
.P
The escapes that specify line ending sequences are literal strings, exactly as
shown. No more than one newline setting should be present in any data line.
.P
A backslash followed by anything else just escapes the anything else. If
the very last character is a backslash, it is ignored. This gives a way of
passing an empty line as data, since a real empty line terminates the data
input.
.P
The \fB\eJ\fP escape provides a way of setting the maximum stack size that is
used by the just-in-time optimization code. It is ignored if JIT optimization
is not being used. Providing a stack that is larger than the default 32K is
necessary only for very complicated patterns.
.P
If \eM is present, \fBpcretest\fP calls \fBpcre[16|32]_exec()\fP several times,
with different values in the \fImatch_limit\fP and \fImatch_limit_recursion\fP
fields of the \fBpcre[16|32]_extra\fP data structure, until it finds the minimum
numbers for each parameter that allow \fBpcre[16|32]_exec()\fP to complete without
error. Because this is testing a specific feature of the normal interpretive
\fBpcre[16|32]_exec()\fP execution, the use of any JIT optimization that might
have been set up by the \fB/S+\fP qualifier of \fB-s+\fP option is disabled.
.P
The \fImatch_limit\fP number is a measure of the amount of backtracking
that takes place, and checking it out can be instructive. For most simple
matches, the number is quite small, but for patterns with very large numbers of
matching possibilities, it can become large very quickly with increasing length
of subject string. The \fImatch_limit_recursion\fP number is a measure of how
much stack (or, if PCRE is compiled with NO_RECURSE, how much heap) memory is
needed to complete the match attempt.
.P
When \eO is used, the value specified may be higher or lower than the size set
by the \fB-O\fP command line option (or defaulted to 45); \eO applies only to
the call of \fBpcre[16|32]_exec()\fP for the line in which it appears.
.P
If the \fB/P\fP modifier was present on the pattern, causing the POSIX wrapper
API to be used, the only option-setting sequences that have any effect are \eB,
\eN, and \eZ, causing REG_NOTBOL, REG_NOTEMPTY, and REG_NOTEOL, respectively,
to be passed to \fBregexec()\fP.
.
.
.SH "THE ALTERNATIVE MATCHING FUNCTION"
.rs
.sp
By default, \fBpcretest\fP uses the standard PCRE matching function,
\fBpcre[16|32]_exec()\fP to match each data line. PCRE also supports an
alternative matching function, \fBpcre[16|32]_dfa_test()\fP, which operates in a
different way, and has some restrictions. The differences between the two
functions are described in the
.\" HREF
\fBpcrematching\fP
.\"
documentation.
.P
If a data line contains the \eD escape sequence, or if the command line
contains the \fB-dfa\fP option, the alternative matching function is used.
This function finds all possible matches at a given point. If, however, the \eF
escape sequence is present in the data line, it stops after the first match is
found. This is always the shortest possible match.
.
.
.SH "DEFAULT OUTPUT FROM PCRETEST"
.rs
.sp
This section describes the output when the normal matching function,
\fBpcre[16|32]_exec()\fP, is being used.
.P
When a match succeeds, \fBpcretest\fP outputs the list of captured substrings
that \fBpcre[16|32]_exec()\fP returns, starting with number 0 for the string that
matched the whole pattern. Otherwise, it outputs "No match" when the return is
PCRE_ERROR_NOMATCH, and "Partial match:" followed by the partially matching
substring when \fBpcre[16|32]_exec()\fP returns PCRE_ERROR_PARTIAL. (Note that
this is the entire substring that was inspected during the partial match; it
may include characters before the actual match start if a lookbehind assertion,
\eK, \eb, or \eB was involved.) For any other return, \fBpcretest\fP outputs
the PCRE negative error number and a short descriptive phrase. If the error is
a failed UTF string check, the offset of the start of the failing character and
the reason code are also output, provided that the size of the output vector is
at least two. Here is an example of an interactive \fBpcretest\fP run.
.sp
  $ pcretest
  PCRE version 8.13 2011-04-30
.sp
    re> /^abc(\ed+)/
  data> abc123
   0: abc123
   1: 123
  data> xyz
  No match
.sp
Unset capturing substrings that are not followed by one that is set are not
returned by \fBpcre[16|32]_exec()\fP, and are not shown by \fBpcretest\fP. In the
following example, there are two capturing substrings, but when the first data
line is matched, the second, unset substring is not shown. An "internal" unset
substring is shown as "<unset>", as for the second data line.
.sp
    re> /(a)|(b)/
  data> a
   0: a
   1: a
  data> b
   0: b
   1: <unset>
   2: b
.sp
If the strings contain any non-printing characters, they are output as \exhh
escapes if the value is less than 256 and UTF mode is not set. Otherwise they
are output as \ex{hh...} escapes. See below for the definition of non-printing
characters. If the pattern has the \fB/+\fP modifier, the output for substring
0 is followed by the the rest of the subject string, identified by "0+" like
this:
.sp
    re> /cat/+
  data> cataract
   0: cat
   0+ aract
.sp
If the pattern has the \fB/g\fP or \fB/G\fP modifier, the results of successive
matching attempts are output in sequence, like this:
.sp
    re> /\eBi(\ew\ew)/g
  data> Mississippi
   0: iss
   1: ss
   0: iss
   1: ss
   0: ipp
   1: pp
.sp
"No match" is output only if the first match attempt fails. Here is an example
of a failure message (the offset 4 that is specified by \e>4 is past the end of
the subject string):
.sp
    re> /xyz/
  data> xyz\e>4
  Error -24 (bad offset value)
.P
If any of the sequences \fB\eC\fP, \fB\eG\fP, or \fB\eL\fP are present in a
data line that is successfully matched, the substrings extracted by the
convenience functions are output with C, G, or L after the string number
instead of a colon. This is in addition to the normal full list. The string
length (that is, the return from the extraction function) is given in
parentheses after each string for \fB\eC\fP and \fB\eG\fP.
.P
Note that whereas patterns can be continued over several lines (a plain ">"
prompt is used for continuations), data lines may not. However newlines can be
included in data by means of the \en escape (or \er, \er\en, etc., depending on
the newline sequence setting).
.
.
.
.SH "OUTPUT FROM THE ALTERNATIVE MATCHING FUNCTION"
.rs
.sp
When the alternative matching function, \fBpcre[16|32]_dfa_exec()\fP, is used (by
means of the \eD escape sequence or the \fB-dfa\fP command line option), the
output consists of a list of all the matches that start at the first point in
the subject where there is at least one match. For example:
.sp
    re> /(tang|tangerine|tan)/
  data> yellow tangerine\eD
   0: tangerine
   1: tang
   2: tan
.sp
(Using the normal matching function on this data finds only "tang".) The
longest matching string is always given first (and numbered zero). After a
PCRE_ERROR_PARTIAL return, the output is "Partial match:", followed by the
partially matching substring. (Note that this is the entire substring that was
inspected during the partial match; it may include characters before the actual
match start if a lookbehind assertion, \eK, \eb, or \eB was involved.)
.P
If \fB/g\fP is present on the pattern, the search for further matches resumes
at the end of the longest match. For example:
.sp
    re> /(tang|tangerine|tan)/g
  data> yellow tangerine and tangy sultana\eD
   0: tangerine
   1: tang
   2: tan
   0: tang
   1: tan
   0: tan
.sp
Since the matching function does not support substring capture, the escape
sequences that are concerned with captured substrings are not relevant.
.
.
.SH "RESTARTING AFTER A PARTIAL MATCH"
.rs
.sp
When the alternative matching function has given the PCRE_ERROR_PARTIAL return,
indicating that the subject partially matched the pattern, you can restart the
match with additional subject data by means of the \eR escape sequence. For
example:
.sp
    re> /^\ed?\ed(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\ed\ed$/
  data> 23ja\eP\eD
  Partial match: 23ja
  data> n05\eR\eD
   0: n05
.sp
For further information about partial matching, see the
.\" HREF
\fBpcrepartial\fP
.\"
documentation.
.
.
.SH CALLOUTS
.rs
.sp
If the pattern contains any callout requests, \fBpcretest\fP's callout function
is called during matching. This works with both matching functions. By default,
the called function displays the callout number, the start and current
positions in the text at the callout time, and the next pattern item to be
tested. For example:
.sp
  --->pqrabcdef
    0    ^  ^     \ed
.sp
This output indicates that callout number 0 occurred for a match attempt
starting at the fourth character of the subject string, when the pointer was at
the seventh character of the data, and when the next pattern item was \ed. Just
one circumflex is output if the start and current positions are the same.
.P
Callouts numbered 255 are assumed to be automatic callouts, inserted as a
result of the \fB/C\fP pattern modifier. In this case, instead of showing the
callout number, the offset in the pattern, preceded by a plus, is output. For
example:
.sp
    re> /\ed?[A-E]\e*/C
  data> E*
  --->E*
   +0 ^      \ed?
   +3 ^      [A-E]
   +8 ^^     \e*
  +10 ^ ^
   0: E*
.sp
If a pattern contains (*MARK) items, an additional line is output whenever
a change of latest mark is passed to the callout function. For example:
.sp
    re> /a(*MARK:X)bc/C
  data> abc
  --->abc
   +0 ^       a
   +1 ^^      (*MARK:X)
  +10 ^^      b
  Latest Mark: X
  +11 ^ ^     c
  +12 ^  ^
   0: abc
.sp
The mark changes between matching "a" and "b", but stays the same for the rest
of the match, so nothing more is output. If, as a result of backtracking, the
mark reverts to being unset, the text "<unset>" is output.
.P
The callout function in \fBpcretest\fP returns zero (carry on matching) by
default, but you can use a \eC item in a data line (as described above) to
change this and other parameters of the callout.
.P
Inserting callouts can be helpful when using \fBpcretest\fP to check
complicated regular expressions. For further information about callouts, see
the
.\" HREF
\fBpcrecallout\fP
.\"
documentation.
.
.
.
.SH "NON-PRINTING CHARACTERS"
.rs
.sp
When \fBpcretest\fP is outputting text in the compiled version of a pattern,
bytes other than 32-126 are always treated as non-printing characters are are
therefore shown as hex escapes.
.P
When \fBpcretest\fP is outputting text that is a matched part of a subject
string, it behaves in the same way, unless a different locale has been set for
the pattern (using the \fB/L\fP modifier). In this case, the \fBisprint()\fP
function to distinguish printing and non-printing characters.
.
.
.
.SH "SAVING AND RELOADING COMPILED PATTERNS"
.rs
.sp
The facilities described in this section are not available when the POSIX
interface to PCRE is being used, that is, when the \fB/P\fP pattern modifier is
specified.
.P
When the POSIX interface is not in use, you can cause \fBpcretest\fP to write a
compiled pattern to a file, by following the modifiers with > and a file name.
For example:
.sp
  /pattern/im >/some/file
.sp
See the
.\" HREF
\fBpcreprecompile\fP
.\"
documentation for a discussion about saving and re-using compiled patterns.
Note that if the pattern was successfully studied with JIT optimization, the
JIT data cannot be saved.
.P
The data that is written is binary. The first eight bytes are the length of the
compiled pattern data followed by the length of the optional study data, each
written as four bytes in big-endian order (most significant byte first). If
there is no study data (either the pattern was not studied, or studying did not
return any data), the second length is zero. The lengths are followed by an
exact copy of the compiled pattern. If there is additional study data, this
(excluding any JIT data) follows immediately after the compiled pattern. After
writing the file, \fBpcretest\fP expects to read a new pattern.
.P
A saved pattern can be reloaded into \fBpcretest\fP by specifying < and a file
name instead of a pattern. There must be no space between < and the file name,
which must not contain a < character, as otherwise \fBpcretest\fP will
interpret the line as a pattern delimited by < characters. For example:
.sp
   re> </some/file
  Compiled pattern loaded from /some/file
  No study data
.sp
If the pattern was previously studied with the JIT optimization, the JIT
information cannot be saved and restored, and so is lost. When the pattern has
been loaded, \fBpcretest\fP proceeds to read data lines in the usual way.
.P
You can copy a file written by \fBpcretest\fP to a different host and reload it
there, even if the new host has opposite endianness to the one on which the
pattern was compiled. For example, you can compile on an i86 machine and run on
a SPARC machine. When a pattern is reloaded on a host with different
endianness, the confirmation message is changed to:
.sp
  Compiled pattern (byte-inverted) loaded from /some/file
.sp
The test suite contains some saved pre-compiled patterns with different
endianness. These are reloaded using "<!" instead of just "<". This suppresses
the "(byte-inverted)" text so that the output is the same on all hosts. It also
forces debugging output once the pattern has been reloaded.
.P
File names for saving and reloading can be absolute or relative, but note that
the shell facility of expanding a file name that starts with a tilde (~) is not
available.
.P
The ability to save and reload files in \fBpcretest\fP is intended for testing
and experimentation. It is not intended for production use because only a
single pattern can be written to a file. Furthermore, there is no facility for
supplying custom character tables for use with a reloaded pattern. If the
original pattern was compiled with custom tables, an attempt to match a subject
string using a reloaded pattern is likely to cause \fBpcretest\fP to crash.
Finally, if you attempt to load a file that is not in the correct format, the
result is undefined.
.
.
.SH "SEE ALSO"
.rs
.sp
\fBpcre\fP(3), \fBpcre16\fP(3), \fBpcre32\fP(3), \fBpcreapi\fP(3),
\fBpcrecallout\fP(3),
\fBpcrejit\fP, \fBpcrematching\fP(3), \fBpcrepartial\fP(d),
\fBpcrepattern\fP(3), \fBpcreprecompile\fP(3).
.
.
.SH AUTHOR
.rs
.sp
.nf
Philip Hazel
University Computing Service
Cambridge CB2 3QH, England.
.fi
.
.
.SH REVISION
.rs
.sp
.nf
Last updated: 23 February 2017
Copyright (c) 1997-2017 University of Cambridge.
.fi
PK�����[�g\1ⱐ�
���
����man1/pcre-config.1nu��[�����������.TH PCRE-CONFIG 1 "01 January 2012" "PCRE 8.30"
.SH NAME
pcre-config - program to return PCRE configuration
.SH SYNOPSIS
.rs
.sp
.nf
.B pcre-config  [--prefix] [--exec-prefix] [--version] [--libs]
.B "            [--libs16] [--libs32] [--libs-cpp] [--libs-posix]"
.B "            [--cflags] [--cflags-posix]"
.fi
.
.
.SH DESCRIPTION
.rs
.sp
\fBpcre-config\fP returns the configuration of the installed PCRE
libraries and the options required to compile a program to use them. Some of
the options apply only to the 8-bit, or 16-bit, or 32-bit libraries,
respectively, and are
not available if only one of those libraries has been built. If an unavailable
option is encountered, the "usage" information is output.
.
.
.SH OPTIONS
.rs
.TP 10
\fB--prefix\fP
Writes the directory prefix used in the PCRE installation for architecture
independent files (\fI/usr\fP on many systems, \fI/usr/local\fP on some
systems) to the standard output.
.TP 10
\fB--exec-prefix\fP
Writes the directory prefix used in the PCRE installation for architecture
dependent files (normally the same as \fB--prefix\fP) to the standard output.
.TP 10
\fB--version\fP
Writes the version number of the installed PCRE libraries to the standard
output.
.TP 10
\fB--libs\fP
Writes to the standard output the command line options required to link
with the 8-bit PCRE library (\fB-lpcre\fP on many systems).
.TP 10
\fB--libs16\fP
Writes to the standard output the command line options required to link
with the 16-bit PCRE library (\fB-lpcre16\fP on many systems).
.TP 10
\fB--libs32\fP
Writes to the standard output the command line options required to link
with the 32-bit PCRE library (\fB-lpcre32\fP on many systems).
.TP 10
\fB--libs-cpp\fP
Writes to the standard output the command line options required to link with
PCRE's C++ wrapper library (\fB-lpcrecpp\fP \fB-lpcre\fP on many
systems).
.TP 10
\fB--libs-posix\fP
Writes to the standard output the command line options required to link with
PCRE's POSIX API wrapper library (\fB-lpcreposix\fP \fB-lpcre\fP on many
systems).
.TP 10
\fB--cflags\fP
Writes to the standard output the command line options required to compile
files that use PCRE (this may include some \fB-I\fP options, but is blank on
many systems).
.TP 10
\fB--cflags-posix\fP
Writes to the standard output the command line options required to compile
files that use PCRE's POSIX API wrapper library (this may include some \fB-I\fP
options, but is blank on many systems).
.
.
.SH "SEE ALSO"
.rs
.sp
\fBpcre(3)\fP
.
.
.SH AUTHOR
.rs
.sp
This manual page was originally written by Mark Baker for the Debian GNU/Linux
system. It has been subsequently revised as a generic PCRE man page.
.
.
.SH REVISION
.rs
.sp
.nf
Last updated: 24 June 2012
.fi
PK����� h\�t����������man1/xml2-config.1nu��[�����������.TH xml2-config 1 "3 April 2022" Version 1.2.0
.SH NAME
xml2-config - script to get information about the installed version of libxml2
.SH SYNOPSIS
.B xml2-config
[\-\-prefix\fI[=DIR]\fP] [\-\-libs] [\-\-cflags] [\-\-version] [\-\-help]
.SH DESCRIPTION
\fIxml2-config\fP is a tool that is used to determine the compile and
linker flags that should be used to compile and link programs that use
\fIlibxml2\fP.
.SH OPTIONS
\fIxml2-config\fP accepts the following options:
.TP 8
.B  \-\-version
Print the currently installed version of \fIlibxml2\fP on the standard output.
.TP 8
.B  \-\-libs
Print the linker flags that are necessary to link a \fIlibxml2\fP program.
Add \-\-dynamic after \-\-libs to print only shared library linking
information.
.TP 8
.B  \-\-cflags
Print the compiler flags that are necessary to compile a \fIlibxml2\fP program.
.TP 8
.B  \-\-prefix=PREFIX
If specified, use PREFIX instead of the installation prefix that
\fIlibxml2\fP was built with when computing the output for the
\-\-cflags and \-\-libs options. This option must be specified before
any \-\-libs or \-\-cflags options.
.SH AUTHOR
This manual page was written by Fredrik Hallenberg <hallon@lysator.liu.se>,
for the Debian GNU/linux system (but may be used by others).
PK����� h\/�+&Q!��Q!����man1/xmlcatalog.1nu��[�����������'\" t
.\"     Title: xmlcatalog
.\"    Author: John Fleck <jfleck@inkstain.net>
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 08/17/2022
.\"    Manual: xmlcatalog Manual
.\"    Source: libxml2
.\"  Language: English
.\"
.TH "XMLCATALOG" "1" "08/17/2022" "libxml2" "xmlcatalog Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
xmlcatalog \- Command line tool to parse and manipulate XML or SGML catalog files\&.
.SH "SYNOPSIS"
.HP \w'\fBxmlcatalog\fR\ 'u
\fBxmlcatalog\fR [\fB\-\-sgml\fR | \fB\-\-shell\fR | \fB\-\-create\fR | \fB\-\-del\ \fR\fB\fIVALUE(S)\fR\fR | [\ \fB\-\-add\ \fR\fB\fITYPE\fR\fR\fB\ \fR\fB\fIORIG\fR\fR\fB\ \fR\fB\fIREPLACE\fR\fR\fB\ \fR\ |\ \fB\-\-add\ \fR\fB\fIFILENAME\fR\fR] | \fB\-\-noout\fR | \fB\-\-no\-super\-update\fR | [\fB\-v\fR\ |\ \fB\-\-verbose\fR]] {\fICATALOGFILE\fR} {\fIENTITIES\fR...}
.SH "DESCRIPTION"
.PP
\fBxmlcatalog\fR
is a command line application allowing users to monitor and manipulate
XML
and
SGML
catalogs\&. It is included in
\fBlibxml\fR(3)\&.
.PP
Its functions can be invoked from a single command from the command line, or it can perform multiple functions in interactive mode\&. It can operate on both
XML
and
SGML
files\&.
.SH "OPTIONS"
.PP
\fBxmlcatalog\fR
accepts the following options (in alphabetical order):
.PP
\fB\-\-add \fR\fB\fITYPE\fR\fR\fB \fR\fB\fIORIG\fR\fR\fB \fR\fB\fIREPLACE\fR\fR\fB \fR
.RS 4
Add an entry to
CATALOGFILE\&.
\fITYPE\fR
indicates the type of entry\&. Possible types are:
\fIpublic\fR, \fIsystem\fR, \fIuri\fR, \fIrewriteSystem\fR, \fIrewriteURI\fR, \fIdelegatePublic\fR, \fIdelegateSystem\fR, \fIdelegateURI\fR, \fInextCatalog\fR\&.
\fIORIG\fR
is the original reference to be replaced, and
\fIREPLACE\fR
is the
URI
of the replacement entity to be used\&. The
\fB\-\-add\fR
option will not overwrite
CATALOGFILE, outputting to
stdout, unless
\fB\-\-noout\fR
is used\&. The
\fB\-\-add\fR
will always take three parameters even if some of the
XML
catalog constructs will have only a single argument\&.
.RE
.PP
\fB\-\-add \fR\fB\fIFILENAME\fR\fR
.RS 4
If the
\fB\-\-add\fR
option is used following the
\fB\-\-sgml\fR
option, only a single argument, a
\fIFILENAME\fR, is used\&. This is used to add the name of a catalog file to an
SGML
supercatalog, a file that contains references to other included
SGML
catalog files\&.
.RE
.PP
\fB\-\-create\fR
.RS 4
Create a new
XML
catalog\&. Outputs to
stdout, ignoring
\fIfilename\fR
unless
\fB\-\-noout\fR
is used, in which case it creates a new catalog file
\fIfilename\fR\&.
.RE
.PP
\fB\-\-del \fR\fB\fIVALUE(S)\fR\fR
.RS 4
Remove entries from
\fICATALOGFILE\fR
matching
\fIVALUE(S)\fR\&. The
\fB\-\-del\fR
option will not overwrite
\fICATALOGFILE\fR, outputting to
stdout, unless
\fB\-\-noout\fR
is used\&.
.RE
.PP
\fB\-\-noout\fR
.RS 4
Save output to the named file rather than outputting to
stdout\&.
.RE
.PP
\fB\-\-no\-super\-update\fR
.RS 4
Do not update the
SGML
super catalog\&.
.RE
.PP
\fB\-\-shell\fR
.RS 4
Run a shell allowing interactive queries on catalog file
\fICATALOGFILE\fR\&. For the set of available commands see
the section called \(lqSHELL COMMANDS\(rq\&.
.RE
.PP
\fB\-\-sgml\fR
.RS 4
Uses
SGML
super catalogs for
\fB\-\-add\fR
and
\fB\-\-del\fR
options\&.
.RE
.PP
\fB\-v\fR, \fB\-\-verbose\fR
.RS 4
Output debugging information\&.
.RE
.PP
Invoking
\fBxmlcatalog\fR
non\-interactively without a designated action (imposed with options like
\fB\-\-add\fR) will result in a lookup of the catalog entry for
\fIENTITIES\fR
in the catalog denoted with
\fICATALOGFILE\fR\&. The corresponding entries will be output to the command line\&. This mode of operation, together with
\fB\-\-shell\fR
mode and non\-modifying (i\&.e\&. without
\fB\-\-noout\fR) direct actions, allows for a special shortcut of the void
\fICATALOGFILE\fR
specification (possibly expressed as "" in the shell environment) appointing the default system catalog\&. That simplifies the handling when its exact location is irrelevant but the respective built\-in still needs to be consulted\&.
.SH "SHELL COMMANDS"
.PP
Invoking
\fBxmlcatalog\fR
with the
\fB\-\-shell \fR\fB\fICATALOGFILE\fR\fR
option opens a command line shell allowing interactive access to the catalog file identified by
\fICATALOGFILE\fR\&. Invoking the shell provides a command line prompt after which the following commands (described in alphabetical order) can be entered\&.
.PP
\fBadd \fR\fB\fITYPE\fR\fR\fB \fR\fB\fIORIG\fR\fR\fB \fR\fB\fIREPLACE\fR\fR\fB \fR
.RS 4
Add an entry to the catalog file\&.
\fITYPE\fR
indicates the type of entry\&. Possible types are:
\fIpublic\fR, \fIsystem\fR, \fIuri\fR, \fIrewriteSystem\fR, \fIrewriteURI\fR, \fIdelegatePublic\fR, \fIdelegateSystem\fR, \fIdelegateURI\fR, \fInextCatalog\fR\&.
\fIORIG\fR
is the original reference to be replaced, and
\fIREPLACE\fR
is the
URI
of the replacement entity to be used\&. The
\fB\-\-add\fR
option will not overwrite
CATALOGFILE, outputting to
stdout, unless
\fB\-\-noout\fR
is used\&. The
\fB\-\-add\fR
will always take three parameters even if some of the
XML
catalog constructs will have only a single argument\&.
.RE
.PP
\fBdebug\fR
.RS 4
Print debugging statements showing the steps
\fBxmlcatalog\fR
is executing\&.
.RE
.PP
\fBdel \fR\fB\fIVALUE(S)\fR\fR
.RS 4
Remove the catalog entry corresponding to
\fIVALUE(S)\fR\&.
.RE
.PP
\fBdump\fR
.RS 4
Print the current catalog\&.
.RE
.PP
\fBexit\fR
.RS 4
Quit the shell\&.
.RE
.PP
\fBpublic \fR\fB\fIPUBLIC\-ID\fR\fR
.RS 4
Execute a Formal Public Identifier lookup of the catalog entry for
\fIPUBLIC\-ID\fR\&. The corresponding entry will be output to the command line\&.
.RE
.PP
\fBquiet\fR
.RS 4
Stop printing debugging statements\&.
.RE
.PP
\fBsystem \fR\fB\fISYSTEM\-ID\fR\fR
.RS 4
Execute a Formal Public Identifier lookup of the catalog entry for
\fISYSTEM\-ID\fR\&. The corresponding entry will be output to the command line\&.
.RE
.SH "ENVIRONMENT"
.PP
\fBXML_CATALOG_FILES\fR
.RS 4
XML
catalog behavior can be changed by redirecting queries to the user\*(Aqs own set of catalogs\&. This can be done by setting the
\fBXML_CATALOG_FILES\fR
environment variable to a space\-separated list of catalogs\&. Use percent\-encoding to escape spaces or other characters\&. An empty variable should deactivate loading the default
/etc/xml/catalog
catalog\&.
.RE
.SH "DIAGNOSTICS"
.PP
\fBxmlcatalog\fR
return codes provide information that can be used when calling it from scripts\&.
.PP
\fB0\fR
.RS 4
No error
.RE
.PP
\fB1\fR
.RS 4
Failed to remove an entry from the catalog
.RE
.PP
\fB2\fR
.RS 4
Failed to save to the catalog, check file permissions
.RE
.PP
\fB3\fR
.RS 4
Failed to add an entry to the catalog
.RE
.PP
\fB4\fR
.RS 4
Failed to look up an entry in the catalog
.RE
.SH "SEE ALSO"
.PP
\fBlibxml\fR(3)
.PP
More information can be found at
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBlibxml\fR(3)
web page
\m[blue]\fB\%https://gitlab.gnome.org/GNOME/libxml2\fR\m[]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBlibxml\fR(3)
catalog support web page at
\m[blue]\fB\%https://gitlab.gnome.org/GNOME/libxml2/-/wikis/Catalog-support\fR\m[]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
James Clark\*(Aqs
SGML
catalog page
\m[blue]\fB\%http://www.jclark.com/sp/catalog.htm\fR\m[]
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
OASIS
XML
catalog specification
\m[blue]\fB\%http://www.oasis-open.org/committees/entity/spec.html\fR\m[]
.RE
.sp
.SH "AUTHOR"
.PP
\fBJohn Fleck\fR <\&jfleck@inkstain\&.net\&>
.RS 4
Author.
.RE
.SH "COPYRIGHT"
.br
Copyright \(co 2001, 2004
.br
PK����� h\zH��4���4����man1/xmllint.1nu��[�����������'\" t
.\"     Title: xmllint
.\"    Author: John Fleck <jfleck@inkstain.net>
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 08/17/2022
.\"    Manual: xmllint Manual
.\"    Source: libxml2
.\"  Language: English
.\"
.TH "XMLLINT" "1" "08/17/2022" "libxml2" "xmllint Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
xmllint \- command line XML tool
.SH "SYNOPSIS"
.HP \w'\fBxmllint\fR\ 'u
\fBxmllint\fR [\fB\-\-version\fR | \fB\-\-debug\fR | \fB\-\-shell\fR | \fB\-\-xpath\ "\fR\fB\fIXPath_expression\fR\fR\fB"\fR | \fB\-\-debugent\fR | \fB\-\-copy\fR | \fB\-\-recover\fR | \fB\-\-noent\fR | \fB\-\-noout\fR | \fB\-\-nonet\fR | \fB\-\-path\ "\fR\fB\fIPATH(S)\fR\fR\fB"\fR | \fB\-\-load\-trace\fR | \fB\-\-htmlout\fR | \fB\-\-nowrap\fR | \fB\-\-valid\fR | \fB\-\-postvalid\fR | \fB\-\-dtdvalid\ \fR\fB\fIURL\fR\fR | \fB\-\-dtdvalidfpi\ \fR\fB\fIFPI\fR\fR | \fB\-\-timing\fR | \fB\-\-output\ \fR\fB\fIFILE\fR\fR | \fB\-\-repeat\fR | \fB\-\-insert\fR | \fB\-\-compress\fR | \fB\-\-html\fR | \fB\-\-xmlout\fR | \fB\-\-push\fR | \fB\-\-memory\fR | \fB\-\-maxmem\ \fR\fB\fINBBYTES\fR\fR | \fB\-\-nowarning\fR | \fB\-\-noblanks\fR | \fB\-\-nocdata\fR | \fB\-\-format\fR | \fB\-\-encode\ \fR\fB\fIENCODING\fR\fR | \fB\-\-dropdtd\fR | \fB\-\-nsclean\fR | \fB\-\-testIO\fR | \fB\-\-catalogs\fR | \fB\-\-nocatalogs\fR | \fB\-\-auto\fR | \fB\-\-xinclude\fR | \fB\-\-noxincludenode\fR | \fB\-\-loaddtd\fR | \fB\-\-dtdattr\fR | \fB\-\-stream\fR | \fB\-\-walker\fR | \fB\-\-pattern\ \fR\fB\fIPATTERNVALUE\fR\fR | \fB\-\-chkregister\fR | \fB\-\-relaxng\ \fR\fB\fISCHEMA\fR\fR | \fB\-\-schema\ \fR\fB\fISCHEMA\fR\fR | \fB\-\-c14n\fR] {\fIXML\-FILE(S)\fR... | \-}
.HP \w'\fBxmllint\fR\ 'u
\fBxmllint\fR \fB\-\-help\fR
.SH "DESCRIPTION"
.PP
The
\fBxmllint\fR
program parses one or more
XML
files, specified on the command line as
\fIXML\-FILE\fR
(or the standard input if the filename provided is
\fB\-\fR
)\&. It prints various types of output, depending upon the options selected\&. It is useful for detecting errors both in
XML
code and in the
XML
parser itself\&.
.PP
\fBxmllint\fR
is included in
\fBlibxml\fR(3)\&.
.SH "OPTIONS"
.PP
\fBxmllint\fR
accepts the following options (in alphabetical order):
.PP
\fB\-\-auto\fR
.RS 4
Generate a small document for testing purposes\&.
.RE
.PP
\fB\-\-catalogs\fR
.RS 4
Use the
SGML
catalog(s) from
\fBSGML_CATALOG_FILES\fR\&. Otherwise
XML
catalogs starting from
/etc/xml/catalog
are used by default\&.
.RE
.PP
\fB\-\-chkregister\fR
.RS 4
Turn on node registration\&. Useful for developers testing
\fBlibxml\fR(3)
node tracking code\&.
.RE
.PP
\fB\-\-compress\fR
.RS 4
Turn on
\fBgzip\fR(1)
compression of output\&.
.RE
.PP
\fB\-\-copy\fR
.RS 4
Test the internal copy implementation\&.
.RE
.PP
\fB\-\-c14n\fR
.RS 4
Use the W3C
XML
Canonicalisation (C14N) to serialize the result of parsing to
stdout\&. It keeps comments in the result\&.
.RE
.PP
\fB\-\-dtdvalid \fR\fB\fIURL\fR\fR
.RS 4
Use the
DTD
specified by an
\fIURL\fR
for validation\&.
.RE
.PP
\fB\-\-dtdvalidfpi \fR\fB\fIFPI\fR\fR
.RS 4
Use the
DTD
specified by a Formal Public Identifier
\fIFPI\fR
for validation, note that this will require a catalog exporting that Formal Public Identifier to work\&.
.RE
.PP
\fB\-\-debug\fR
.RS 4
Parse a file and output an annotated tree of the in\-memory version of the document\&.
.RE
.PP
\fB\-\-debugent\fR
.RS 4
Debug the entities defined in the document\&.
.RE
.PP
\fB\-\-dropdtd\fR
.RS 4
Remove
DTD
from output\&.
.RE
.PP
\fB\-\-dtdattr\fR
.RS 4
Fetch external
DTD
and populate the tree with inherited attributes\&.
.RE
.PP
\fB\-\-encode \fR\fB\fIENCODING\fR\fR
.RS 4
Output in the given encoding\&. Note that this works for full document not fragments or result from XPath queries\&.
.RE
.PP
\fB\-\-format\fR
.RS 4
Reformat and reindent the output\&. The
\fBXMLLINT_INDENT\fR
environment variable controls the indentation\&. The default value is two spaces " ")\&.
.RE
.PP
\fB\-\-help\fR
.RS 4
Print out a short usage summary for
\fBxmllint\fR\&.
.RE
.PP
\fB\-\-html\fR
.RS 4
Use the
HTML
parser\&.
.RE
.PP
\fB\-\-htmlout\fR
.RS 4
Output results as an
HTML
file\&. This causes
\fBxmllint\fR
to output the necessary
HTML
tags surrounding the result tree output so the results can be displayed/viewed in a browser\&.
.RE
.PP
\fB\-\-insert\fR
.RS 4
Test for valid insertions\&.
.RE
.PP
\fB\-\-loaddtd\fR
.RS 4
Fetch an external
DTD\&.
.RE
.PP
\fB\-\-load\-trace\fR
.RS 4
Display all the documents loaded during the processing to
stderr\&.
.RE
.PP
\fB\-\-maxmem \fR\fB\fINNBYTES\fR\fR
.RS 4
Test the parser memory support\&.
\fINNBYTES\fR
is the maximum number of bytes the library is allowed to allocate\&. This can also be used to make sure batch processing of
XML
files will not exhaust the virtual memory of the server running them\&.
.RE
.PP
\fB\-\-memory\fR
.RS 4
Parse from memory\&.
.RE
.PP
\fB\-\-noblanks\fR
.RS 4
Drop ignorable blank spaces\&.
.RE
.PP
\fB\-\-nocatalogs\fR
.RS 4
Do not use any catalogs\&.
.RE
.PP
\fB\-\-nocdata\fR
.RS 4
Substitute CDATA section by equivalent text nodes\&.
.RE
.PP
\fB\-\-noent\fR
.RS 4
Substitute entity values for entity references\&. By default,
\fBxmllint\fR
leaves entity references in place\&.
.RE
.PP
\fB\-\-nonet\fR
.RS 4
Do not use the Internet to fetch
DTDs or entities\&.
.RE
.PP
\fB\-\-noout\fR
.RS 4
Suppress output\&. By default,
\fBxmllint\fR
outputs the result tree\&.
.RE
.PP
\fB\-\-nowarning\fR
.RS 4
Do not emit warnings from the parser and/or validator\&.
.RE
.PP
\fB\-\-nowrap\fR
.RS 4
Do not output
HTML
doc wrapper\&.
.RE
.PP
\fB\-\-noxincludenode\fR
.RS 4
Do XInclude processing but do not generate XInclude start and end nodes\&.
.RE
.PP
\fB\-\-nsclean\fR
.RS 4
Remove redundant namespace declarations\&.
.RE
.PP
\fB\-\-output \fR\fB\fIFILE\fR\fR
.RS 4
Define a file path where
\fBxmllint\fR
will save the result of parsing\&. Usually the programs build a tree and save it on
stdout, with this option the result
XML
instance will be saved onto a file\&.
.RE
.PP
\fB\-\-path "\fR\fB\fIPATH(S)\fR\fR\fB"\fR
.RS 4
Use the (space\- or colon\-separated) list of filesystem paths specified by
\fIPATHS\fR
to load
DTDs or entities\&. Enclose space\-separated lists by quotation marks\&.
.RE
.PP
\fB\-\-pattern \fR\fB\fIPATTERNVALUE\fR\fR
.RS 4
Used to exercise the pattern recognition engine, which can be used with the reader interface to the parser\&. It allows to select some nodes in the document based on an XPath (subset) expression\&. Used for debugging\&.
.RE
.PP
\fB\-\-postvalid\fR
.RS 4
Validate after parsing has completed\&.
.RE
.PP
\fB\-\-push\fR
.RS 4
Use the push mode of the parser\&.
.RE
.PP
\fB\-\-recover\fR
.RS 4
Output any parsable portions of an invalid document\&.
.RE
.PP
\fB\-\-relaxng \fR\fB\fISCHEMA\fR\fR
.RS 4
Use RelaxNG file named
\fISCHEMA\fR
for validation\&.
.RE
.PP
\fB\-\-repeat\fR
.RS 4
Repeat 100 times, for timing or profiling\&.
.RE
.PP
\fB\-\-schema \fR\fB\fISCHEMA\fR\fR
.RS 4
Use a W3C
XML
Schema file named
\fISCHEMA\fR
for validation\&.
.RE
.PP
\fB\-\-shell\fR
.RS 4
Run a navigating shell\&. Details on available commands in shell mode are below (see
the section called \(lqSHELL COMMANDS\(rq)\&.
.RE
.PP
\fB\-\-xpath "\fR\fB\fIXPath_expression\fR\fR\fB"\fR
.RS 4
Run an XPath expression given as argument and print the result\&. In case of a nodeset result, each node in the node set is serialized in full in the output\&. In case of an empty node set the "XPath set is empty" result will be shown and an error exit code will be returned\&.
.RE
.PP
\fB\-\-stream\fR
.RS 4
Use streaming
API
\- useful when used in combination with
\fB\-\-relaxng\fR
or
\fB\-\-valid\fR
options for validation of files that are too large to be held in memory\&.
.RE
.PP
\fB\-\-testIO\fR
.RS 4
Test user input/output support\&.
.RE
.PP
\fB\-\-timing\fR
.RS 4
Output information about the time it takes
\fBxmllint\fR
to perform the various steps\&.
.RE
.PP
\fB\-\-valid\fR
.RS 4
Determine if the document is a valid instance of the included Document Type Definition (DTD)\&. A
DTD
to be validated against also can be specified at the command line using the
\fB\-\-dtdvalid\fR
option\&. By default,
\fBxmllint\fR
also checks to determine if the document is well\-formed\&.
.RE
.PP
\fB\-\-version\fR
.RS 4
Display the version of
\fBlibxml\fR(3)
used\&.
.RE
.PP
\fB\-\-walker\fR
.RS 4
Test the walker module, which is a reader interface but for a document tree, instead of using the reader
API
on an unparsed document it works on an existing in\-memory tree\&. Used for debugging\&.
.RE
.PP
\fB\-\-xinclude\fR
.RS 4
Do XInclude processing\&.
.RE
.PP
\fB\-\-xmlout\fR
.RS 4
Used in conjunction with
\fB\-\-html\fR\&. Usually when
HTML
is parsed the document is saved with the
HTML
serializer\&. But with this option the resulting document is saved with the
XML
serializer\&. This is primarily used to generate
XHTML
from
HTML
input\&.
.RE
.SH "SHELL COMMANDS"
.PP
\fBxmllint\fR
offers an interactive shell mode invoked with the
\fB\-\-shell\fR
command\&. Available commands in shell mode include (in alphabetical order):
.PP
\fBbase\fR
.RS 4
Display
XML
base of the node\&.
.RE
.PP
\fBbye\fR
.RS 4
Leave the shell\&.
.RE
.PP
\fBcat \fR\fB\fINODE\fR\fR
.RS 4
Display the given node or the current one\&.
.RE
.PP
\fBcd \fR\fB\fIPATH\fR\fR
.RS 4
Change the current node to the given path (if unique) or root if no argument is given\&.
.RE
.PP
\fBdir \fR\fB\fIPATH\fR\fR
.RS 4
Dumps information about the node (namespace, attributes, content)\&.
.RE
.PP
\fBdu \fR\fB\fIPATH\fR\fR
.RS 4
Show the structure of the subtree under the given path or the current node\&.
.RE
.PP
\fBexit\fR
.RS 4
Leave the shell\&.
.RE
.PP
\fBhelp\fR
.RS 4
Show this help\&.
.RE
.PP
\fBfree\fR
.RS 4
Display memory usage\&.
.RE
.PP
\fBload \fR\fB\fIFILENAME\fR\fR
.RS 4
Load a new document with the given filename\&.
.RE
.PP
\fBls \fR\fB\fIPATH\fR\fR
.RS 4
List contents of the given path or the current directory\&.
.RE
.PP
\fBpwd\fR
.RS 4
Display the path to the current node\&.
.RE
.PP
\fBquit\fR
.RS 4
Leave the shell\&.
.RE
.PP
\fBsave \fR\fB\fIFILENAME\fR\fR
.RS 4
Save the current document to the given filename or to the original name\&.
.RE
.PP
\fBvalidate\fR
.RS 4
Check the document for errors\&.
.RE
.PP
\fBwrite \fR\fB\fIFILENAME\fR\fR
.RS 4
Write the current node to the given filename\&.
.RE
.SH "ENVIRONMENT"
.PP
\fBSGML_CATALOG_FILES\fR
.RS 4
SGML
catalog behavior can be changed by redirecting queries to the user\*(Aqs own set of catalogs\&. This can be done by setting the
\fBSGML_CATALOG_FILES\fR
environment variable to a list of catalogs\&. An empty one should deactivate loading the default
/etc/sgml/catalog
catalog\&.
.RE
.PP
\fBXML_CATALOG_FILES\fR
.RS 4
XML
catalog behavior can be changed by redirecting queries to the user\*(Aqs own set of catalogs\&. This can be done by setting the
\fBXML_CATALOG_FILES\fR
environment variable to a space\-separated list of catalogs\&. Use percent\-encoding to escape spaces or other characters\&. An empty variable should deactivate loading the default
/etc/xml/catalog
catalog\&.
.RE
.PP
\fBXML_DEBUG_CATALOG\fR
.RS 4
Setting the environment variable
\fBXML_DEBUG_CATALOG\fR
to
\fInon\-zero\fR
using the
\fBexport\fR
command outputs debugging information related to catalog operations\&.
.RE
.PP
\fBXMLLINT_INDENT\fR
.RS 4
Setting the environment variable
\fBXMLLINT_INDENT\fR
controls the indentation\&. The default value is two spaces " "\&.
.RE
.SH "DIAGNOSTICS"
.PP
\fBxmllint\fR
return codes provide information that can be used when calling it from scripts\&.
.PP
\fB0\fR
.RS 4
No error
.RE
.PP
\fB1\fR
.RS 4
Unclassified
.RE
.PP
\fB2\fR
.RS 4
Error in
DTD
.RE
.PP
\fB3\fR
.RS 4
Validation error
.RE
.PP
\fB4\fR
.RS 4
Validation error
.RE
.PP
\fB5\fR
.RS 4
Error in schema compilation
.RE
.PP
\fB6\fR
.RS 4
Error writing output
.RE
.PP
\fB7\fR
.RS 4
Error in pattern (generated when
\fB\-\-pattern\fR
option is used)
.RE
.PP
\fB8\fR
.RS 4
Error in Reader registration (generated when
\fB\-\-chkregister\fR
option is used)
.RE
.PP
\fB9\fR
.RS 4
Out of memory error
.RE
.PP
\fB10\fR
.RS 4
XPath evaluation error
.RE
.SH "SEE ALSO"
.PP
\fBlibxml\fR(3)
.PP
More information can be found at
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fBlibxml\fR(3)
web page
\m[blue]\fB\%https://gitlab.gnome.org/GNOME/libxml2\fR\m[]
.RE
.sp
.SH "AUTHORS"
.PP
\fBJohn Fleck\fR <\&jfleck@inkstain\&.net\&>
.RS 4
Author.
.RE
.PP
\fBZiying Sherwin\fR <\&sherwin@nlm\&.nih\&.gov\&>
.RS 4
Author.
.RE
.PP
\fBHeiko Rupp\fR <\&hwr@pilhuhn\&.de\&>
.RS 4
Author.
.RE
.SH "COPYRIGHT"
.br
Copyright \(co 2001, 2004
.br
PK�����jSi\m�&$��$����man3/ld_errno.3nu��[�����������.lf 1 stdin
.TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_err2string( int \fIerr\fB );
.SH DESCRIPTION
The
.B ldap_err2string()
routine provides short description of the various codes returned by
routines in this library.  The returned string is a pointer to a
static area that should not be modified.

These codes are either negative,
indicating an API error code; positive, indicating an LDAP resultCode
other than \'success' (0), or - zero, indicating both successful use
of the API and the LDAP resultCode \'success' (0).

The code associated with an LDAP session is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).

.SH PROTOCOL RESULT CODES

This section provides a partial list of protocol codes recognized
by the library.  As LDAP is extensible, additional values may be
returned.  A complete listing of \fIregistered\fP LDAP result codes
can be obtained from the \fIInternet Assigned Numbers Authority\fP
<http://www.iana.org>.

.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.

.SH API ERROR CODES

This section provides a complete list of API error codes recognized
by the library.   Note that LDAP_SUCCESS indicates success of an
API call in addition to representing the return of the LDAP
\'success' resultCode.


.LP
.TP 20
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred.  This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap library routine.
.TP
.SM LDAP_USER_CANCELED
Indicates the user cancelled the operation.
.TP
.SM LDAP_CONNECT_ERROR
Indicates a connection problem.
.TP
.SM LDAP_NOT_SUPPORTED
Indicates the routine was called in a manner not supported by the library.
.TP
.SM LDAP_CONTROL_NOT_FOUND
Indicates the control provided is unknown to the client library.
.TP
.SM LDAP_NO_RESULTS_RETURNED
Indicates no results returned.
.TP
.SM LDAP_MORE_RESULTS_TO_RETURN
Indicates more results could be returned.
.TP
.SM LDAP_CLIENT_LOOP
Indicates the library has detected a loop in its processing.
.TP
.SM LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates the referral limit has been exceeded.

.SH DEPRECATED
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 220 stdin

.SH SEE ALSO
.BR ldap (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 225 stdin
PK�����jSi\�շY��������man3/ber_bvfree.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����jSi\�4���������man3/ldap_modify_s.3nu��[�����������.lf 1 stdin
.TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modify_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.nf
.ft B
int ldap_modify_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.LP
.nf
.ft B
void ldap_mods_free(
.RS
.ft B
LDAPMod **\fImods\fB,
int \fIfreemods\fB );
.RE
.SH DESCRIPTION
The routine
.B ldap_modify_ext_s()
is used to perform an LDAP modify operation.
\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
null-terminated array of modifications to make to the entry.  Each element
of the \fImods\fP array is a pointer to an LDAPMod structure, which is
defined below.
.LP
.nf
	typedef struct ldapmod {
	    int mod_op;
	    char *mod_type;
	    union {
	        char **modv_strvals;
	        struct berval **modv_bvals;
	    } mod_vals;
	    struct ldapmod *mod_next;
	} LDAPMod;
	#define mod_values mod_vals.modv_strvals
	#define mod_bvalues mod_vals.modv_bvals
.ft
.fi
.LP
The \fImod_op\fP field is used to specify the type of modification to
perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
LDAP_MOD_REPLACE.  The \fImod_type\fP and \fImod_values\fP fields
specify the attribute type to modify and a null-terminated array of
values to add, delete, or replace respectively.  The \fImod_next\fP
field is used only by the LDAP server and may be ignored by the
client.
.LP
If you need to specify a non-string value (e.g., to add a
photo or audio attribute value), you should set \fImod_op\fP to the
logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
and the constant LDAP_MOD_BVALUES.  In this case, \fImod_bvalues\fP
should be used instead of \fImod_values\fP, and it should point to
a null-terminated array of struct bervals, as defined in <lber.h>.
.LP
For LDAP_MOD_ADD modifications, the given values are added to the
entry, creating the attribute if necessary.  For LDAP_MOD_DELETE
modifications, the given values are deleted from the entry, removing
the attribute if no values remain.  If the entire attribute is to be deleted,
the \fImod_values\fP field should be set to NULL.  For LDAP_MOD_REPLACE
modifications, the attribute will have the listed values after the
modification, having been created if necessary.  All modifications are
performed in the order in which they are listed.
.LP
.B ldap_mods_free()
can be used to free each element of a NULL-terminated
array of mod structures.  If \fIfreemods\fP is non-zero, the
\fImods\fP pointer itself is freed as well.
.LP
.B ldap_modify_ext_s()
returns a code indicating success or, in the case of failure,
indicating the nature of the failure.  See
.BR ldap_error (3)
for details
.LP
The
.B ldap_modify_ext()
operation works the same way as
.BR ldap_modify_ext_s() ,
except that it is asynchronous. The integer that \fImsgidp\fP points
to is set to the message id of the modify request.  The result of
the operation can be obtained by calling
.BR ldap_result (3).
.LP
Both
.B ldap_modify_ext() 
and
.B ldap_modify_ext_s() 
allows server and client controls to be passed in
via the sctrls and cctrls parameters, respectively.
.SH DEPRECATED INTERFACES
The
.B ldap_modify()
and
.B ldap_modify_s()
routines are deprecated in favor of the
.B ldap_modify_ext()
and
.B ldap_modify_ext_s()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 132 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin

PK�����jSi\��1ܽ�������man3/ldap_control_create.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����jSi\���0��0����man3/ldap_memfree.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����jSi\���0��0����man3/ldap_memcalloc.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����jSi\��q��q����man3/ldap_explode_dn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����jSi\�շY��������man3/ber_bvecadd.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����jSi\}�q �
���
����man3/ldap_add.3nu��[�����������.lf 1 stdin
.TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
.LP
.ft B
.nf
int ldap_add_ext(
.RS
.ft B
LDAP *\fIld,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
.nf
int ldap_add_ext_s(
.RS
LDAP *\fIld\fB,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl *\fIsctrls\fB,
LDAPControl *\fIcctrls\fB );
.RE
.fi
.SH DESCRIPTION
The
.B ldap_add_ext_s()
routine is used to perform an LDAP add operation.
It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a
null-terminated array of the entry's attributes.  The LDAPMod structure
is used to represent attributes, with the \fImod_type\fP and
\fImod_values\fP fields being used as described under
.BR ldap_modify_ext (3),
and the \fIldap_op\fP field being used only if you need to specify
the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero.
.LP
Note that all entries except that
specified by the last component in the given DN must already exist.
.B ldap_add_ext_s()
returns an code indicating success or, in the case of failure,
indicating the nature of failure of the operation.  See
.BR ldap_error (3)
for more details.
.LP
The
.B ldap_add_ext()
routine works just like
.BR ldap_add_ext_s() ,
but it is asynchronous.  It returns the message id of the request it
initiated.  The result of this operation can be obtained by calling
.BR ldap_result (3).
.SH DEPRECATED INTERFACES
The
.BR ldap_add ()
and
.BR ldap_add_s ()
routines are deprecated in favor of the
.BR ldap_add_ext ()
and
.BR ldap_add_ext_s ()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 76 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����jSi\��q��q����man3/ldap_dn2dcedn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����jSi\���0��0����man3/ldap_memrealloc.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����jSi\�5^#v1��v1����man3/ber_get_stringa.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����jSi\��n��������man3/ldap_init_fd.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_open(host, port)
.ft
char *host;
int port;
.LP
.ft B
LDAP *ldap_init(host, port)
.ft
char *host;
int port;
.LP
.ft B
int ldap_initialize(ldp, uri)
.ft
LDAP **ldp;
char *uri;
.LP
.ft B
int ldap_set_urllist_proc(ld, proc, params)
.ft
LDAP *ld;
LDAP_URLLIST_PROC *proc;
void *params;
.LP
.ft B
int (LDAP_URLLIST_PROC)(ld, urllist, url, params);
.ft
LDAP *ld;
LDAPURLDesc **urllist;
LDAPURLDesc **url;
void *params;
.LP
.ft B
#include <ldap_pvt.h>
.LP
.ft B
int ldap_init_fd(fd, proto, uri, ldp)
.ft
ber_socket_t fd;
int proto;
char *uri;
LDAP **ldp;
.SH DESCRIPTION
.LP
.B ldap_open()
opens a connection to an LDAP server and allocates an LDAP
structure which is used to identify
the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection.
.B ldap_initialize()
allocates an LDAP structure but does not open an initial connection.
.B ldap_init_fd()
allocates an LDAP structure using an existing connection on the
provided socket.
One
of these routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
running, and \fIport\fP, the port number to which to connect.  If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
\fIport\fP.  The \fIhost\fP parameter may contain a blank-separated list
of hosts to try to connect to, and each host may optionally by of the form
\fIhost:port\fP.  If present, the \fI:port\fP overrides the \fIport\fP
parameter to
.BR ldap_open() .
Upon successfully making a connection to an
LDAP server,
.B ldap_open()
returns a pointer to an opaque LDAP structure, which should be passed
to subsequent calls to
.BR ldap_bind() ,
.BR ldap_search() ,
etc. Certain fields in the LDAP structure can be set to indicate size limit,
time limit, and how aliases are handled during operations; read and write access 
to those fields must occur by calling
.BR ldap_get_option (3) 
and
.BR ldap_set_option (3)
respectively, whenever possible.
.LP
.B
ldap_init()
acts just like
.BR ldap_open() ,
but does not open a connection
to the LDAP server.  The actual connection open will occur when the
first operation is attempted.
.LP
.B ldap_initialize()
acts like
.BR ldap_init() ,
but it returns an integer indicating either success or the failure reason,
and it allows to specify details for the connection in the schema portion
of the URI.
The
.I uri
parameter may be a comma- or whitespace-separated list of URIs
containing only the
.IR schema ,
the
.IR host ,
and the
.I port
fields.
Apart from
.BR ldap ,
other (non-standard) recognized values of the
.I schema
field are
.B ldaps
(LDAP over TLS),
.B ldapi
(LDAP over IPC),
and
.B cldap
(connectionless LDAP).
If other fields are present, the behavior is undefined.
.LP
At this time,
.B ldap_open()
and 
.B ldap_init()
are deprecated in favor of
.BR ldap_initialize() ,
essentially because the latter allows to specify a schema in the URI
and it explicitly returns an error code.
.LP
.B ldap_init_fd()
allows an LDAP structure to be initialized using an already-opened
connection. The
.I proto
parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP,
or LDAP_PROTO_IPC
for a connection using TCP, UDP, or IPC, respectively. The value
LDAP_PROTO_EXT
may also be specified if user-supplied sockbuf handlers are going to
be used. Note that support for UDP is not implemented unless libldap
was built with LDAP_CONNECTIONLESS defined.
The
.I uri
parameter may optionally be provided for informational purposes.
.LP
.B ldap_set_urllist_proc()
allows to set a function
.I proc
of type
.I LDAP_URLLIST_PROC
that is called when a successful connection can be established.
This function receives the list of URIs parsed from the
.I uri
string originally passed to
.BR ldap_initialize() ,
and the one that successfully connected.
The function may manipulate the URI list; the typical use consists
in moving the successful URI to the head of the list,
so that subsequent attempts to connect to one of the URIs using the same LDAP handle
will try it first.
If
.I ld
is null,
.I proc
is set as a global parameter that is inherited by all handlers
within the process that are created after the call to
.BR ldap_set_urllist_proc() .
By default, no 
.I LDAP_URLLIST_PROC
is set.
In a multithreaded environment,
.B ldap_set_urllist_proc()
must be called before any concurrent operation using the LDAP handle is started.

Note: the first call into the LDAP library also initializes the global
options for the library. As such the first call should be single-threaded
or otherwise protected to insure that only one call is active. It is
recommended that
.BR ldap_get_option ()
or
.BR ldap_set_option ()
be used in the program's main thread before any additional threads are created.
See
.BR ldap_get_option (3).

.SH ERRORS
If an error occurs,
.B ldap_open()
and
.B ldap_init()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_initialize()
and
.B ldap_init_fd()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.B ldap_set_urllist_proc()
returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_bind (3),
.BR ldap_get_option (3),
.BR ldap_set_option (3),
.BR lber-sockbuf (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 226 stdin
PK�����jSi\�5^#v1��v1����man3/ber_get_next.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����jSi\V�H-	��-	����man3/ldap_abandon_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_ABANDON 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_abandon_ext \- Abandon an LDAP operation in progress
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B
#include <ldap.h>
.LP
.ft B
int ldap_abandon_ext(
.RS
.ft B
LDAP *\fIld\fB,
Bint \fImsgid\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.fi
.SH DESCRIPTION
The
.B ldap_abandon_ext()
routine is used to send a LDAP Abandon request for an
operation in progress.  The \fImsgid\fP passed should be the
message id of an outstanding LDAP operation, such as returned by
.BR ldap_search_ext (3).
.LP
.BR ldap_abandon_ext ()
checks to see if the result of the operation has already come in.  If it
has, it deletes it from the queue of pending messages.  If not,
it sends an LDAP abandon request to the LDAP server.
.LP
The caller can expect that the result of an abandoned operation
will not be returned from a future call to
.BR ldap_result (3).
.LP
.B ldap_abandon_ext()
allows server and client controls to be passed in via the
.I sctrls
and
.I cctrls
parameters, respectively.
.LP
.B ldap_abandon_ext()
returns a code indicating success or, in the case of failure, the
nature of the failure.  See
.BR ldap_error (3)
for details.
.SH DEPRECATED INTERFACES
The
.B ldap_abandon()
routine is deprecated in favor of the
.B ldap_abandon_ext()
routine. 
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 61 stdin

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_result (3),
.BR ldap_search_ext (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 69 stdin

PK�����jSi\���.���.����man3/ldap_unbind_s.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����jSi\'�t!��������man3/ldap_start_tls.3nu��[�����������.lf 1 stdin
.TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_start_tls(LDAP *" ld ");"
.LP
.BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");"
.LP
.BI "int ldap_tls_inplace(LDAP *" ld ");"
.LP
.BI "int ldap_install_tls(LDAP *" ld ");"
.SH DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session.
.BR ldap_start_tls_s ()
sends a StartTLS request to a server, waits for the reply, and then installs
TLS handlers on the session if the request succeeded. The routine returns
.B LDAP_SUCCESS
if everything succeeded, otherwise it returns an LDAP error code.
.BR ldap_start_tls ()
sends a StartTLS request to a server and does nothing else. It returns
.B LDAP_SUCCESS
if the request was sent successfully.
.BR ldap_tls_inplace ()
returns 1 if TLS handlers have been installed on the specified session, 0
otherwise.
.BR ldap_install_tls ()
installs the TLS handlers on the given session. It returns
.B LDAP_LOCAL_ERROR
if TLS is already installed.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 42 stdin
PK�����jSi\��q��q����man3/ldap_str2dn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����jSi\g�d"#��"#����man3/ldap_str2objectclass.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����jSi\�5^#v1��v1����man3/ber_peek_tag.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����jSi\�5^#v1��v1����man3/ber_get_boolean.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����jSi\�����
���
����man3/ldap_get_values.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>

.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
int ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
int ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
void ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
void ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values.  \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead.  It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 103 stdin
PK�����jSi\��A
	��	����man3/ldap_modrdn2_s.3nu��[�����������.lf 1 stdin
.TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modrdn(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
.LP
.ft B
int ldap_modrdn_s(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.LP
.ft B
int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.SH DESCRIPTION
The
.B ldap_modrdn()
and
.B ldap_modrdn_s()
routines perform an LDAP modify
RDN operation.  They both take \fIdn\fP, the DN of the entry whose
RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry.
The old RDN of the entry is never kept as an attribute of the entry.
.B ldap_modrdn()
is asynchronous, returning the message id of the operation
it initiates.
.B ldap_modrdn_s()
is synchronous, returning the LDAP error
code indicating the success or failure of the operation.  Use of
these routines is deprecated.  Use the versions described below
instead.
.LP
The
.B ldap_modrdn2()
and
.B ldap_modrdn2_s()
routines also perform an LDAP
modify RDN operation, taking the same parameters as above.  In addition,
they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean
value to indicate whether the old RDN values should be deleted from
the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP.  See
.BR ldap_error (3)
for more details.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����jSi\]�Ib�	���	����man3/ldap_delete_ext_s.3nu��[�����������.lf 1 stdin
.TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_delete_s(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
int *msgidp;
.LP
.ft B
int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
asynchronously. It takes the same parameters as
.BR ldap_delete_s(),
but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
The
.B ldap_delete_ext()
routine  allows  server  and client controls to be 
specified to extend the delete request. This routine is asynchronous like 
ldap_delete(), but its return value is an LDAP error code. It stores the 
message id of the request in the integer pointed to by msgidp.
.LP
The
.B ldap_delete_ext_s()
routine is the synchronous version of
.BR ldap_delete_ext().
It also returns an LDAP error code indicating success 
or failure of the operation.
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
and
.B ldap_delete_ext_s()
return some Non-zero value if
something  went wrong initiating the request, else return 0.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 90 stdin
PK�����jSi\��n��������man3/ldap_initialize.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_open(host, port)
.ft
char *host;
int port;
.LP
.ft B
LDAP *ldap_init(host, port)
.ft
char *host;
int port;
.LP
.ft B
int ldap_initialize(ldp, uri)
.ft
LDAP **ldp;
char *uri;
.LP
.ft B
int ldap_set_urllist_proc(ld, proc, params)
.ft
LDAP *ld;
LDAP_URLLIST_PROC *proc;
void *params;
.LP
.ft B
int (LDAP_URLLIST_PROC)(ld, urllist, url, params);
.ft
LDAP *ld;
LDAPURLDesc **urllist;
LDAPURLDesc **url;
void *params;
.LP
.ft B
#include <ldap_pvt.h>
.LP
.ft B
int ldap_init_fd(fd, proto, uri, ldp)
.ft
ber_socket_t fd;
int proto;
char *uri;
LDAP **ldp;
.SH DESCRIPTION
.LP
.B ldap_open()
opens a connection to an LDAP server and allocates an LDAP
structure which is used to identify
the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection.
.B ldap_initialize()
allocates an LDAP structure but does not open an initial connection.
.B ldap_init_fd()
allocates an LDAP structure using an existing connection on the
provided socket.
One
of these routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
running, and \fIport\fP, the port number to which to connect.  If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
\fIport\fP.  The \fIhost\fP parameter may contain a blank-separated list
of hosts to try to connect to, and each host may optionally by of the form
\fIhost:port\fP.  If present, the \fI:port\fP overrides the \fIport\fP
parameter to
.BR ldap_open() .
Upon successfully making a connection to an
LDAP server,
.B ldap_open()
returns a pointer to an opaque LDAP structure, which should be passed
to subsequent calls to
.BR ldap_bind() ,
.BR ldap_search() ,
etc. Certain fields in the LDAP structure can be set to indicate size limit,
time limit, and how aliases are handled during operations; read and write access 
to those fields must occur by calling
.BR ldap_get_option (3) 
and
.BR ldap_set_option (3)
respectively, whenever possible.
.LP
.B
ldap_init()
acts just like
.BR ldap_open() ,
but does not open a connection
to the LDAP server.  The actual connection open will occur when the
first operation is attempted.
.LP
.B ldap_initialize()
acts like
.BR ldap_init() ,
but it returns an integer indicating either success or the failure reason,
and it allows to specify details for the connection in the schema portion
of the URI.
The
.I uri
parameter may be a comma- or whitespace-separated list of URIs
containing only the
.IR schema ,
the
.IR host ,
and the
.I port
fields.
Apart from
.BR ldap ,
other (non-standard) recognized values of the
.I schema
field are
.B ldaps
(LDAP over TLS),
.B ldapi
(LDAP over IPC),
and
.B cldap
(connectionless LDAP).
If other fields are present, the behavior is undefined.
.LP
At this time,
.B ldap_open()
and 
.B ldap_init()
are deprecated in favor of
.BR ldap_initialize() ,
essentially because the latter allows to specify a schema in the URI
and it explicitly returns an error code.
.LP
.B ldap_init_fd()
allows an LDAP structure to be initialized using an already-opened
connection. The
.I proto
parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP,
or LDAP_PROTO_IPC
for a connection using TCP, UDP, or IPC, respectively. The value
LDAP_PROTO_EXT
may also be specified if user-supplied sockbuf handlers are going to
be used. Note that support for UDP is not implemented unless libldap
was built with LDAP_CONNECTIONLESS defined.
The
.I uri
parameter may optionally be provided for informational purposes.
.LP
.B ldap_set_urllist_proc()
allows to set a function
.I proc
of type
.I LDAP_URLLIST_PROC
that is called when a successful connection can be established.
This function receives the list of URIs parsed from the
.I uri
string originally passed to
.BR ldap_initialize() ,
and the one that successfully connected.
The function may manipulate the URI list; the typical use consists
in moving the successful URI to the head of the list,
so that subsequent attempts to connect to one of the URIs using the same LDAP handle
will try it first.
If
.I ld
is null,
.I proc
is set as a global parameter that is inherited by all handlers
within the process that are created after the call to
.BR ldap_set_urllist_proc() .
By default, no 
.I LDAP_URLLIST_PROC
is set.
In a multithreaded environment,
.B ldap_set_urllist_proc()
must be called before any concurrent operation using the LDAP handle is started.

Note: the first call into the LDAP library also initializes the global
options for the library. As such the first call should be single-threaded
or otherwise protected to insure that only one call is active. It is
recommended that
.BR ldap_get_option ()
or
.BR ldap_set_option ()
be used in the program's main thread before any additional threads are created.
See
.BR ldap_get_option (3).

.SH ERRORS
If an error occurs,
.B ldap_open()
and
.B ldap_init()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_initialize()
and
.B ldap_init_fd()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.B ldap_set_urllist_proc()
returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_bind (3),
.BR ldap_get_option (3),
.BR ldap_set_option (3),
.BR lber-sockbuf (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 226 stdin
PK�����jSi\���������"��man3/ldap_parse_sasl_bind_result.3nu��[�����������.lf 1 stdin
.TH LDAP_PARSE_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_parse_result( LDAP *ld, LDAPMessage *result,
	int *errcodep, char **matcheddnp, char **errmsgp,
	char ***referralsp, LDAPControl ***serverctrlsp,
	int freeit )
.LP
.ft B
int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result,
	struct berval **servercredp, int freeit )
.LP
.ft B
int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result,
	char **retoidp, struct berval **retdatap, int freeit )
.SH DESCRIPTION
.LP
These routines are used to extract information from a result message.
They will operate on the first result message in a chain of search
results (skipping past other message types). They take the \fIresult\fP
as returned by a call to
.BR ldap_result (3),
.BR ldap_search_s (3)
or
.BR ldap_search_st (3).
In addition to
.BR ldap_parse_result() ,
the routines
.B ldap_parse_sasl_bind_result()
and
.B ldap_parse_extended_result()
are used to get all the result information from SASL bind and extended
operations.
.LP
The \fIerrcodep\fP parameter will be filled in with the result code from
the result message.
.LP
The server might supply a matched DN string in the message indicating
how much of a name in a request was recognized. The \fImatcheddnp\fP
parameter will be filled in with this string if supplied, else it will
be NULL. If a string is returned, it should be freed using
.BR ldap_memfree (3).
.LP
The \fIerrmsgp\fP parameter will be filled in with the error message
field from the parsed message. This string should be freed using
.BR ldap_memfree (3).
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
referral strings from the parsed message. This array should be freed using
.BR ldap_memvfree (3).
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
controls copied from the parsed message. The array should be freed using
.BR ldap_controls_free (3).
If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
.LP
The \fIfreeit\fP parameter determines whether the parsed message is
freed or not after the extraction. Any non-zero value will make it
free the message. The
.BR ldap_msgfree (3)
routine can also be used to free the message later.
.LP
For SASL bind results, the \fIservercredp\fP parameter will be filled in
with an allocated berval structure containing the credentials from the
server if present. The structure should be freed using
.BR ber_bvfree (3).
.LP
For extended results, the \fIretoidp\fP parameter will be filled in
with the dotted-OID text representation of the name of the extended
operation response. The string should be freed using
.BR ldap_memfree (3).
If no OID was returned, \fI*retoidp\fP is set to NULL.
.LP
For extended results, the \fIretdatap\fP parameter will be filled in
with a pointer to a berval structure containing the data from the
extended operation response. The structure should be freed using
.BR ber_bvfree (3).
If no data were returned, \fI*retdatap\fP is set to NULL.
.LP
For all the above result parameters, NULL values can be used in calls
in order to ignore certain fields.
.SH ERRORS
Upon success LDAP_SUCCESS is returned. Otherwise the values of the
result parameters are undefined.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_memfree (3),
.BR ldap_memvfree (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 108 stdin
PK�����jSi\�C�B�
���
����man3/ldap_compare_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_compare_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_compare_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB );
.RE
.SH DESCRIPTION
The
.B ldap_compare_ext_s()
routine is used to perform an LDAP compare operation synchronously.
It takes \fIdn\fP, the DN of the entry upon which to perform the
compare, and \fIattr\fP and \fIvalue\fP, the attribute description and
value to compare to those found in the entry.  It returns a code, which
will be LDAP_COMPARE_TRUE if the entry contains the attribute value and
LDAP_COMPARE_FALSE if it does not.  Otherwise, an error code is
returned that indicates the nature of the problem.  See
.BR ldap (3)
for details.
.LP
The
.B ldap_compare_ext()
routine is used to perform an LDAP compare operation
asynchronously.  It takes the same parameters as
.BR ldap_compare_ext_s() ,
but provides the message id of the request it initiated in the
integer pointed to \fImsgidp\fP.  The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
Both routines allow server and client controls to be specified to
extend the compare request.
.SH DEPRECATED INTERFACES
The routines
.BR ldap_compare ()
and
.BR ldap_compare_s ()
are deprecated in favor of
.BR ldap_compare_ext ()
and
.BR ldap_compare_ext_s (),
respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 75 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 80 stdin
PK�����jSi\S/�6	��6	����man3/ldap_next_attribute.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_ATTRIBUTE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_first_attribute(
	LDAP *ld, LDAPMessage *entry, BerElement **berptr )
.LP
.ft B
char *ldap_next_attribute(
	LDAP *ld, LDAPMessage *entry, BerElement *ber )
.SH DESCRIPTION
The
.B ldap_first_attribute()
and
.B ldap_next_attribute()
routines are used
to step through the attributes in an LDAP entry.
.B ldap_first_attribute()
takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a pointer to character string
containing the first attribute description in the entry.
.B ldap_next_attribute()
returns the next attribute description in the entry.
.LP
It also returns, in \fIberptr\fP, a pointer to a BerElement it has
allocated to keep track of its current position.  This pointer should
be passed to subsequent calls to
.B ldap_next_attribute()
and is used
to effectively step through the entry's attributes.  The caller is
solely responsible for freeing the BerElement pointed to by \fIberptr\fP
when it is no longer needed by calling
.BR ber_free (3).
When calling
.BR ber_free (3)
in this instance, be sure the second argument is 0.
.LP
The attribute names returned are suitable for inclusion in a call
to
.BR ldap_get_values (3)
to retrieve the attribute's values.
.SH ERRORS
If an error occurs, NULL is returned and the ld_errno field in the
\fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
The
.B ldap_first_attribute()
and
.B ldap_next_attribute()
return dynamically allocated memory that must be freed by the caller via
.BR ldap_memfree (3).   
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_get_values (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 74 stdin
PK�����jSi\
ݴ�������man3/ldap_free_urldesc.3nu��[�����������.lf 1 stdin
.TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_is_ldap_url( const char *url )
.LP
.ft B
int ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
.LP
typedef struct ldap_url_desc {
    char *      lud_scheme;     /* URI scheme */
    char *      lud_host;       /* LDAP host to contact */
    int         lud_port;       /* port on host */
    char *      lud_dn;         /* base for search */
    char **     lud_attrs;      /* list of attributes */
    int         lud_scope;      /* a LDAP_SCOPE_... value */
    char *      lud_filter;     /* LDAP search filter */
    char **     lud_exts;       /* LDAP extensions */
    int         lud_crit_exts;  /* true if any extension is critical */
    /* may contain additional fields for internal use */
} LDAPURLDesc;
.LP
.ft B
void ldap_free_urldesc( LDAPURLDesc *ludp );
.SH DESCRIPTION
These routines support the use of LDAP URLs (Uniform Resource Locators)
as detailed in RFC 4516.  LDAP URLs look like this:
.nf

  \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]

where:
  \fIhostport\fP is a host name with an optional ":portnumber"
  \fIdn\fP is the search base
  \fIattrs\fP is a comma separated list of attributes to request
  \fIscope\fP is one of these three strings:
    base one sub (default=base)
  \fIfilter\fP is filter
  \fIexts\fP are recognized set of LDAP and/or API extensions.

Example:
  ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*)

.fi
.LP
URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also
tolerated.  Alternative LDAP schemes such as ldaps:// and ldapi:// may be
parsed using the below routines as well.
.LP
.B ldap_is_ldap_url()
returns a non-zero value if \fIurl\fP looks like an LDAP URL (as
opposed to some other kind of URL).  It can be used as a quick check
for an LDAP URL; the
.B ldap_url_parse()
routine should be used if a more thorough check is needed.
.LP
.B ldap_url_parse()
breaks down an LDAP URL passed in \fIurl\fP into its component pieces.
If successful, zero is returned, an LDAP URL description is
allocated, filled in, and \fIludpp\fP is set to point to it.  If an
error occurs, a non-zero URL error code is returned.
.LP
.B ldap_free_urldesc()
should be called to free an LDAP URL description that was obtained from
a call to
.B ldap_url_parse().
.SH SEE ALSO
.nf
.BR ldap (3)
.BR "RFC 4516" " <http://www.rfc-editor.org/rfc/rfc4516.txt>"
.SH ACKNOWLEDGEMENTS
.fi
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 84 stdin
PK�����jSi\��MK$��K$����man3/ber_put_int.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����jSi\	ȵ���������man3/ldap_sort_entries.3nu��[�����������.lf 1 stdin
.TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
.BR ldap_sort_values (),
and
.BR ldap_sort_strcasecmp ()
are deprecated.  
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 18 stdin
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 22 stdin
PK�����jSi\a��j	��j	����man3/ldap_count_entries.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_ENTRY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_entries( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry )
.SH DESCRIPTION
.LP
These routines are used to parse results received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines
.BR ldap_search_s (3)
and
.BR ldap_search_st (3).
.LP
The
.B ldap_first_entry()
routine is used to retrieve the first entry in a chain
of search results.  It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3)
or
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first entry in the result.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_entry()
to get the next entry, the result of which should be
supplied to the next call to
.BR ldap_next_entry() ,
etc.
.B ldap_next_entry()
will return NULL when there are no more entries.  The entries returned
from these calls are used in calls to the routines described in
.BR ldap_get_dn (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
etc.
.LP
A count of the number of entries in the search result can be obtained
by calling
.BR ldap_count_entries() .
.SH ERRORS
If an error occurs in
.B ldap_first_entry()
or
.BR ldap_next_entry() ,
NULL is returned and the ld_errno field in the \fIld\fP parameter
is set to indicate the error.  If an error occurs in
.BR ldap_count_entries() ,
-1 is returned, and
.B ld_errno
is set appropriately.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
.BR ldap_get_dn (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 81 stdin
PK�����jSi\%�&}.��.����man3/ldap_dup.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_dup, ldap_destroy, \- Duplicate and destroy LDAP session handles
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_dup(
.RS
.ft B
LDAP *\fIold\fB );
.RE
.LP
.ft B
int ldap_destroy(
.RS
.ft B
LDAP *\fIold\fB );
.RE
.SH DESCRIPTION
.LP
.B ldap_dup()
duplicates an existing LDAP
.RB ( "LDAP *" )
session handle.
The new session handle may be used concurrently with the
original session handle.
In a threaded environment, different threads may execute concurrent
requests on the same connection/session without fear of contamination.
Each session handle manages its own private error results.
.LP
.B ldap_destroy()
destroys an existing session handle.
.LP
The
.B ldap_dup()
and
.B ldap_destroy()
functions are used in conjunction with a "thread safe" version
of
.B libldap
.RB ( libldap_r )
to enable operation thread safe API calls, so that a single session
may be simultaneously used across multiple threads with consistent
error handling.
.LP
When a session is created through the use of one of the session creation
functions including
.BR ldap_open (3),
.BR ldap_init (3),
.BR ldap_initialize (3)
or
.BR ldap_init_fd (3)
an
.B "LDAP *"
session handle is returned to the application.
The session handle may be shared amongst threads, however the
error codes are unique to a session handle.
Multiple threads performing different operations using the same
session handle will result in inconsistent error codes and
return values.
.LP
To prevent this confusion,
.B ldap_dup()
is used duplicate an existing session handle so that multiple threads
can share the session, and maintain consistent error information
and results.
.LP
The message queues for a session are shared between sibling session handles.
Results of operations on a sibling session handles are accessible
to all the sibling session handles.
Applications desiring results associated with a specific operation
should provide the appropriate msgid to
.BR ldap_result() .
Applications should avoid calling
.B ldap_result()
with
.B LDAP_RES_ANY
as that may "steal" and return results in the calling thread
that another operation in a different thread, using a
different session handle, may require to complete.
.LP
When
.B ldap_unbind()
is called on a session handle with siblings, all the 
siblings become invalid.
.LP
Siblings must be destroyed using
.BR ldap_destroy() .
Session handle resources associated with the original
.RB ( "LDAP *" )
will be freed when the last session handle is destroyed or when
.B ldap_unbind()
is called, if no other session handles currently exist.
.SH ERRORS
If an error occurs,
.B ldap_dup()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_destroy()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.SH SEE ALSO
.BR ldap_open (3),
.BR ldap_init (3),
.BR ldap_initialize (3),
.BR ldap_init_fd (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
This work is based on the previously proposed
.B LDAP C API Concurrency Extensions
draft
.BR ( draft-zeilenga-ldap-c-api-concurrency-00.txt )
effort.
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 127 stdin
PK�����jSi\�T������man3/lber-memory.3nu��[�����������.lf 1 stdin
.TH LBER_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- OpenLDAP LBER memory allocators
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "void *ber_memalloc(ber_len_t " bytes ");"
.LP
.BI "void *ber_memcalloc(ber_len_t " nelems ", ber_len_t " bytes ");"
.LP
.BI "void *ber_memrealloc(void *" ptr ", ber_len_t " bytes ");"
.LP
.BI "void ber_memfree(void *" ptr ");"
.LP
.BI "void ber_memvfree(void **" vec ");"
.SH DESCRIPTION
.LP
These routines are used to allocate/deallocate memory used/returned
by the Lightweight BER library as required by
.BR lber-encode (3)
and
.BR lber-decode (3).
.BR ber_memalloc (),
.BR ber_memcalloc (),
.BR ber_memrealloc (),
and
.BR ber_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.  The
.BR ber_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-encode (3),
.BR lber-types (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 50 stdin
PK�����jSi\��1ܽ�������man3/ldap_controls_dup.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����jSi\���.���.����man3/ldap_unbind_ext_s.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����jSi\���.���.����man3/ldap_simple_bind_s.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����jSi\
ݴ�������man3/ldap_url_parse.3nu��[�����������.lf 1 stdin
.TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_is_ldap_url( const char *url )
.LP
.ft B
int ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
.LP
typedef struct ldap_url_desc {
    char *      lud_scheme;     /* URI scheme */
    char *      lud_host;       /* LDAP host to contact */
    int         lud_port;       /* port on host */
    char *      lud_dn;         /* base for search */
    char **     lud_attrs;      /* list of attributes */
    int         lud_scope;      /* a LDAP_SCOPE_... value */
    char *      lud_filter;     /* LDAP search filter */
    char **     lud_exts;       /* LDAP extensions */
    int         lud_crit_exts;  /* true if any extension is critical */
    /* may contain additional fields for internal use */
} LDAPURLDesc;
.LP
.ft B
void ldap_free_urldesc( LDAPURLDesc *ludp );
.SH DESCRIPTION
These routines support the use of LDAP URLs (Uniform Resource Locators)
as detailed in RFC 4516.  LDAP URLs look like this:
.nf

  \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]

where:
  \fIhostport\fP is a host name with an optional ":portnumber"
  \fIdn\fP is the search base
  \fIattrs\fP is a comma separated list of attributes to request
  \fIscope\fP is one of these three strings:
    base one sub (default=base)
  \fIfilter\fP is filter
  \fIexts\fP are recognized set of LDAP and/or API extensions.

Example:
  ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*)

.fi
.LP
URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also
tolerated.  Alternative LDAP schemes such as ldaps:// and ldapi:// may be
parsed using the below routines as well.
.LP
.B ldap_is_ldap_url()
returns a non-zero value if \fIurl\fP looks like an LDAP URL (as
opposed to some other kind of URL).  It can be used as a quick check
for an LDAP URL; the
.B ldap_url_parse()
routine should be used if a more thorough check is needed.
.LP
.B ldap_url_parse()
breaks down an LDAP URL passed in \fIurl\fP into its component pieces.
If successful, zero is returned, an LDAP URL description is
allocated, filled in, and \fIludpp\fP is set to point to it.  If an
error occurs, a non-zero URL error code is returned.
.LP
.B ldap_free_urldesc()
should be called to free an LDAP URL description that was obtained from
a call to
.B ldap_url_parse().
.SH SEE ALSO
.nf
.BR ldap (3)
.BR "RFC 4516" " <http://www.rfc-editor.org/rfc/rfc4516.txt>"
.SH ACKNOWLEDGEMENTS
.fi
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 84 stdin
PK�����jSi\�^�E/	��/	����man3/ldap_parse_reference.3nu��[�����������.lf 1 stdin
.TH LDAP_PARSE_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_reference \- Extract referrals and controls from a reference message
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_parse_reference( LDAP *ld, LDAPMessage *reference,
	char ***referralsp, LDAPControl ***serverctrlsp,
	int freeit )
.SH DESCRIPTION
.LP
The
.B ldap_parse_reference()
routine is used to extract referrals and controls from a reference message.
The \fIreference\fP parameter is a reference message as returned by a
call to
.BR ldap_first_reference (3) ,
.BR ldap_next_reference (3) ,
.BR ldap_first_message (3) ,
.BR ldap_next_message (3) ,
or
.BR ldap_result (3) .
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
character strings. The strings are copies of the referrals contained in
the parsed message. The array should be freed by calling
.BR ldap_value_free (3) .
If \fIreferralsp\fP is NULL, no referrals are returned.
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
controls copied from the parsed message. The array should be freed by calling
.BR ldap_controls_free (3).
If \fIserverctrlsp\fP is NULL, no controls are returned.
If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
.LP
The \fIfreeit\fP parameter determines whether the parsed message is
freed or not after the extraction. Any non-zero value will make it
free the message. The
.BR ldap_msgfree (3)
routine can also be used to free the message later.
.SH ERRORS
Upon success LDAP_SUCCESS is returned. Otherwise the values of the
\fIreferralsp\fP and \fIserverctrlsp\fP parameters are undefined.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_reference (3),
.BR ldap_first_message (3),
.BR ldap_result (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 62 stdin
PK�����jSi\�շY��������man3/ber_dupbv.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����jSi\��MK$��K$����man3/ber_put_enum.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����jSi\	ȵ���������man3/ldap_sort_values.3nu��[�����������.lf 1 stdin
.TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
.BR ldap_sort_values (),
and
.BR ldap_sort_strcasecmp ()
are deprecated.  
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 18 stdin
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 22 stdin
PK�����jSi\��q��q����man3/ldap_dnfree.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����jSi\a��j	��j	����man3/ldap_next_entry.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_ENTRY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_entries( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry )
.SH DESCRIPTION
.LP
These routines are used to parse results received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines
.BR ldap_search_s (3)
and
.BR ldap_search_st (3).
.LP
The
.B ldap_first_entry()
routine is used to retrieve the first entry in a chain
of search results.  It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3)
or
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first entry in the result.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_entry()
to get the next entry, the result of which should be
supplied to the next call to
.BR ldap_next_entry() ,
etc.
.B ldap_next_entry()
will return NULL when there are no more entries.  The entries returned
from these calls are used in calls to the routines described in
.BR ldap_get_dn (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
etc.
.LP
A count of the number of entries in the search result can be obtained
by calling
.BR ldap_count_entries() .
.SH ERRORS
If an error occurs in
.B ldap_first_entry()
or
.BR ldap_next_entry() ,
NULL is returned and the ld_errno field in the \fIld\fP parameter
is set to indicate the error.  If an error occurs in
.BR ldap_count_entries() ,
-1 is returned, and
.B ld_errno
is set appropriately.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
.BR ldap_get_dn (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 81 stdin
PK�����jSi\g�d"#��"#����man3/ldap_syntax2str.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����jSi\�����
���
����man3/ldap_count_values_len.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>

.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
int ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
int ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
void ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
void ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values.  \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead.  It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 103 stdin
PK�����jSi\��A
	��	����man3/ldap_modrdn.3nu��[�����������.lf 1 stdin
.TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modrdn(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
.LP
.ft B
int ldap_modrdn_s(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.LP
.ft B
int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.SH DESCRIPTION
The
.B ldap_modrdn()
and
.B ldap_modrdn_s()
routines perform an LDAP modify
RDN operation.  They both take \fIdn\fP, the DN of the entry whose
RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry.
The old RDN of the entry is never kept as an attribute of the entry.
.B ldap_modrdn()
is asynchronous, returning the message id of the operation
it initiates.
.B ldap_modrdn_s()
is synchronous, returning the LDAP error
code indicating the success or failure of the operation.  Use of
these routines is deprecated.  Use the versions described below
instead.
.LP
The
.B ldap_modrdn2()
and
.B ldap_modrdn2_s()
routines also perform an LDAP
modify RDN operation, taking the same parameters as above.  In addition,
they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean
value to indicate whether the old RDN values should be deleted from
the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP.  See
.BR ldap_error (3)
for more details.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����jSi\g�d"#��"#����man3/ldap_syntax2name.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����jSi\��MK$��K$����man3/ber_put_string.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����jSi\�շY��������man3/ber_bvarray_add.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����jSi\'�t!��������man3/ldap_tls.3nu��[�����������.lf 1 stdin
.TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_start_tls(LDAP *" ld ");"
.LP
.BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");"
.LP
.BI "int ldap_tls_inplace(LDAP *" ld ");"
.LP
.BI "int ldap_install_tls(LDAP *" ld ");"
.SH DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session.
.BR ldap_start_tls_s ()
sends a StartTLS request to a server, waits for the reply, and then installs
TLS handlers on the session if the request succeeded. The routine returns
.B LDAP_SUCCESS
if everything succeeded, otherwise it returns an LDAP error code.
.BR ldap_start_tls ()
sends a StartTLS request to a server and does nothing else. It returns
.B LDAP_SUCCESS
if the request was sent successfully.
.BR ldap_tls_inplace ()
returns 1 if TLS handlers have been installed on the specified session, 0
otherwise.
.BR ldap_install_tls ()
installs the TLS handlers on the given session. It returns
.B LDAP_LOCAL_ERROR
if TLS is already installed.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 42 stdin
PK�����jSi\M7��R#��R#����man3/ldap.3nu��[�����������.lf 1 stdin
.TH LDAP 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap \- OpenLDAP Lightweight Directory Access Protocol API
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.ft
.fi
.SH DESCRIPTION
.LP
The Lightweight Directory Access Protocol (LDAP) (RFC 4510) provides
access to X.500 directory services.  These services may be stand\-alone
or part of a distributed directory service.  This client API supports
LDAP over TCP (RFC 4511), LDAP over TLS/SSL, and LDAP over IPC (UNIX
domain sockets).  This API supports SASL (RFC 4513) and Start TLS
(RFC 4513) as well as a number of protocol extensions.  This API is
loosely based upon IETF/LDAPEXT C LDAP API draft specification, a (orphaned)
work in progress.
.LP
The OpenLDAP Software package includes a stand\-alone server in
.BR slapd (8),
various LDAP clients, and an LDAP client library used to provide
programmatic access to the LDAP protocol. This man page gives an
overview of the LDAP library routines.
.LP
Both synchronous and asynchronous APIs are provided.  Also included are
various routines to parse the results returned from these routines.
These routines are found in the \-lldap library.
.LP
The basic interaction is as follows.  A session handle is
created using
.BR ldap_initialize (3)
and set the protocol version to 3 by calling
.BR ldap_set_option (3).
The underlying session is established first operation is
issued.  This would generally be a Start TLS or Bind operation,
or a Search operation to read attributes of the Root DSE.
A Start TLS operation is performed by calling
.BR ldap_start_tls_s (3).
A LDAP bind operation is performed by calling
.BR ldap_sasl_bind (3)
or one of its friends.
A Search operation is performed by calling ldap_search_ext_s(3)
or one of its friends.

Subsequently, additional operations are performed
by calling one of the synchronous or asynchronous routines (e.g.,
.BR ldap_compare_ext_s (3)
or
.BR ldap_compare_ext (3)
followed by
.BR ldap_result (3)).
Results returned from these routines are interpreted by calling the
LDAP parsing routines such as
.BR ldap_parse_result (3).
The LDAP association and underlying connection is terminated by calling
.BR ldap_unbind_ext (3).
Errors can be interpreted by calling
.BR ldap_err2string (3).
.SH LDAP versions
This library supports version 3 of the Lightweight Directory Access
Protocol (LDAPv3) as defined in RFC 4510.  It also supports a variant
of version 2 of LDAP as defined by U-Mich LDAP and, to some degree,
RFC 1777.  Version 2 (all variants) are considered obsolete.
Version 3 should be used instead.
.LP
For backwards compatibility reasons, the library defaults to version 2.
Hence, all new applications (and all actively maintained applications)
should use
.BR ldap_set_option (3)
to select version 3.  The library manual pages assume version 3
has been selected.
.SH INPUT and OUTPUT PARAMETERS
All character string input/output is expected to be/is UTF-8
encoded Unicode (version 3.2). 
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
be passed to the LDAP routines should conform to RFC 4514 UTF-8
string representation. 
.LP
Search filters to be passed to the search routines are to be
constructed by hand and should conform to RFC 4515 UTF-8
string representation.
.LP
LDAP URLs to be passed to routines are expected to conform
to RFC 4516 format.  The
.BR ldap_url (3)
routines can be used to work with LDAP URLs.
.LP
LDAP controls to be passed to routines can be manipulated using the
.BR ldap_controls (3)
routines.
.SH DISPLAYING RESULTS
Results obtained from the search routines can be output by hand,
by calling
.BR ldap_first_entry (3)
and
.BR ldap_next_entry (3)
to step through
the entries returned,
.BR ldap_first_attribute (3)
and
.BR ldap_next_attribute (3)
to step through an entry's attributes, and
.BR ldap_get_values (3)
to retrieve a given attribute's values.  Attribute values
may or may not be displayable.
.SH UTILITY ROUTINES
Also provided are various utility routines.  The
.BR ldap_sort (3)
routines are used to sort the entries and values returned via
the ldap search routines. 
.SH DEPRECATED INTERFACES
A number of interfaces are now considered deprecated.  For instance,
ldap_add(3) is deprecated in favor of ldap_add_ext(3).
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 123 stdin
.SH BER LIBRARY
Also included in the distribution is a set of lightweight Basic
Encoding Rules routines.  These routines are used by the LDAP library
routines to encode and decode LDAP protocol elements using the
(slightly simplified) Basic Encoding Rules defined by LDAP.  They are
not normally used directly by an LDAP application program except
in the handling of controls and extended operations.  The
routines provide a printf and scanf\-like interface, as well as
lower\-level access.  These routines are discussed in
.BR lber\-decode (3),
.BR lber\-encode (3),
.BR lber\-memory (3),
and
.BR lber\-types (3).
.SH INDEX
.TP 20
.SM ldap_initialize(3)
initialize the LDAP library without opening a connection to a server
.TP
.SM ldap_result(3)
wait for the result from an asynchronous operation
.TP
.SM ldap_abandon_ext(3)
abandon (abort) an asynchronous operation
.TP
.SM ldap_add_ext(3)
asynchronously add an entry
.TP
.SM ldap_add_ext_s(3)
synchronously add an entry
.TP
.SM ldap_sasl_bind(3)
asynchronously bind to the directory
.TP
.SM ldap_sasl_bind_s(3)
synchronously bind to the directory
.TP
.SM ldap_unbind_ext(3)
synchronously unbind from the LDAP server and close the connection
.TP
.SM ldap_unbind(3) and ldap_unbind_s(3) are
equivalent to
.BR ldap_unbind_ext (3)
.TP
.SM ldap_memfree(3)
dispose of memory allocated by LDAP routines.
.TP
.SM ldap_compare_ext(3)
asynchronously compare to a directory entry
.TP
.SM ldap_compare_ext_s(3)
synchronously compare to a directory entry
.TP
.SM ldap_delete_ext(3)
asynchronously delete an entry
.TP
.SM ldap_delete_ext_s(3)
synchronously delete an entry
.TP
.SM ld_errno(3)
LDAP error indication
.TP
.SM ldap_errlist(3)
list of LDAP errors and their meanings
.TP
.SM ldap_err2string(3)
convert LDAP error indication to a string
.TP
.SM ldap_extended_operation(3)
asynchronously perform an arbitrary extended operation
.TP
.SM ldap_extended_operation_s(3)
synchronously perform an arbitrary extended operation
.TP
.SM ldap_first_attribute(3)
return first attribute name in an entry
.TP
.SM ldap_next_attribute(3)
return next attribute name in an entry
.TP
.SM ldap_first_entry(3)
return first entry in a chain of search results
.TP
.SM ldap_next_entry(3)
return next entry in a chain of search results
.TP
.SM ldap_count_entries(3)
return number of entries in a search result
.TP
.SM ldap_get_dn(3)
extract the DN from an entry
.TP
.SM ldap_get_values_len(3)
return an attribute's values with lengths
.TP
.SM ldap_value_free_len(3)
free memory allocated by ldap_get_values_len(3)
.TP
.SM ldap_count_values_len(3)
return number of values
.TP
.SM ldap_modify_ext(3)
asynchronously modify an entry
.TP
.SM ldap_modify_ext_s(3)
synchronously modify an entry
.TP
.SM ldap_mods_free(3)
free array of pointers to mod structures used by ldap_modify_ext(3)
.TP
.SM ldap_rename(3)
asynchronously rename an entry
.TP
.SM ldap_rename_s(3)
synchronously rename an entry
.TP
.SM ldap_msgfree(3)
free results allocated by ldap_result(3)
.TP
.SM ldap_msgtype(3)
return the message type of a message from ldap_result(3)
.TP
.SM ldap_msgid(3)
return the message id of a message from ldap_result(3)
.TP
.SM ldap_search_ext(3)
asynchronously search the directory
.TP
.SM ldap_search_ext_s(3)
synchronously search the directory
.TP
.SM ldap_is_ldap_url(3)
check a URL string to see if it is an LDAP URL
.TP
.SM ldap_url_parse(3)
break up an LDAP URL string into its components
.TP
.SM ldap_sort_entries(3)
sort a list of search results
.TP
.SM ldap_sort_values(3)
sort a list of attribute values
.TP
.SM ldap_sort_strcasecmp(3)
case insensitive string comparison
.SH SEE ALSO
.BR ldap.conf (5),
.BR slapd (8),
.BR draft-ietf-ldapext-ldap-c-api-xx.txt \ <http://www.ietf.org>
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 274 stdin
.LP
These API manual pages are loosely based upon descriptions provided
in the IETF/LDAPEXT C LDAP API Internet Draft, a (orphaned) work
in progress.

PK�����jSi\OPh��
���
����man3/ldap_rename_s.3nu��[�����������.lf 1 stdin
.TH LDAP_RENAME 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_rename, ldap_rename_s \- Renames the specified entry.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp );
.ft
LDAP *ld;
const char *dn, *newrdn, *newparent;
int deleteoldrdn;
LDAPControl *sctrls[], *cctrls[];
int *msgidp);
.LP
.ft B
int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] );
.ft
LDAP *ld;
const char *dn, *newrdn, *newparent;
int deleteoldrdn;
LDAPControl *sctrls[], *cctrls[];
.SH DESCRIPTION
These routines are used to perform a LDAP rename operation.
The function changes the leaf component of an entry's distinguished
name and  optionally moves the entry to a new parent container. The 
.B ldap_rename_s
performs a rename operation synchronously.
The method takes \fIdn\fP, which points to the distinguished name of
the entry whose attribute is being compared, \fInewparent\fP,the distinguished
name of the entry's new parent. If this parameter is NULL, only the RDN is changed.
The root DN is specified by passing a zero length string, "". 
\fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted.
Zero indicates that the old RDN should be retained. If you choose this option,
the attribute will contain both names (the old and the new).
Non-zero indicates that the old RDN should be deleted.
\fIserverctrls\fP points to an array of LDAPControl structures that list the
client controls to use with this extended operation. Use NULL to specify
no client controls. \fIclientctrls\fP points to an array of LDAPControl 
structures that list the client controls to use with the search.
.LP
.B ldap_rename
works just like
.B ldap_rename_s,
but the operation is asynchronous. It returns the message id of the request
it initiated. The result of this operation can be obtained by calling
.BR ldap_result(3).
.SH ERRORS
.B ldap_rename()
returns \-1 in case of error initiating the request, and
will set the \fIld_errno\fP field in the \fIld\fP parameter to
indicate the error.
.BR ldap_rename_s()
returns the LDAP error code resulting from the rename operation.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 67 stdin
PK�����jSi\g�d"#��"#����man3/ldap_objectclass2str.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\g�d"#��"#����man3/ldap_attributetype2name.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\���.���.����man3/ldap_unbind_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����kSi\�����
���
����man3/ldap_count_values.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>

.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
int ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
int ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
void ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
void ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values.  \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead.  It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 103 stdin
PK�����kSi\��MK$��K$����man3/ber_flush.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\���0��0����man3/ldap_memory.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����kSi\a��j	��j	����man3/ldap_first_entry.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_ENTRY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_entries( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_entry( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_entry( LDAP *ld, LDAPMessage *entry )
.SH DESCRIPTION
.LP
These routines are used to parse results received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines
.BR ldap_search_s (3)
and
.BR ldap_search_st (3).
.LP
The
.B ldap_first_entry()
routine is used to retrieve the first entry in a chain
of search results.  It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3)
or
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first entry in the result.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_entry()
to get the next entry, the result of which should be
supplied to the next call to
.BR ldap_next_entry() ,
etc.
.B ldap_next_entry()
will return NULL when there are no more entries.  The entries returned
from these calls are used in calls to the routines described in
.BR ldap_get_dn (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
etc.
.LP
A count of the number of entries in the search result can be obtained
by calling
.BR ldap_count_entries() .
.SH ERRORS
If an error occurs in
.B ldap_first_entry()
or
.BR ldap_next_entry() ,
NULL is returned and the ld_errno field in the \fIld\fP parameter
is set to indicate the error.  If an error occurs in
.BR ldap_count_entries() ,
-1 is returned, and
.B ld_errno
is set appropriately.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_first_attribute (3),
.BR ldap_get_values (3),
.BR ldap_get_dn (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 81 stdin
PK�����kSi\J�s*	��*	����man3/ldap_parse_vlv_control.3nu��[�����������.lf 1 stdin
.TH LDAP_PARSE_VLV_CONTROL 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_vlv_control \- Decode the information returned from a search operation that used a VLV (virtual list view) control
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_parse_vlv_control( ld, ctrlp, target_posp, list_countp, contextp, errcodep )
.ft
LDAP *ld;
LDAPControl **ctrlp;
unsigned long *target_posp, *list_countp;
struct berval **contextp;
int *errcodep;
.SH DESCRIPTION
The
.B ldap_parse_vlv_control
is used to decode the information returned from a search operation that used a
VLV (virtual list view)control. It takes a null terminated array of LDAPControl
structures, usually obtained by a call to the 
.BR ldap_parse_result function,
a \fItarget_pos\fP which points to the list index of the target entry. If
this parameter is NULL, the target position is not returned. The index returned 
is an approximation of the position of the target entry. It is
not guaranteed to be exact. The parameter \fIlist_countp\fP points to 
the server's estimate of the size of the list. If this parameter is NULL, the
size is not returned. \fIcontextp\fP is a pointer to the address of a berval
structure that contains a server-generated context identifier if server returns
one. If server does not return a context identifier, the server returns a NULL
in this parameter. If this parameter is set to NULL, the context identifier is
not returned. You should use this returned context in the next call to
create a VLV control. When the berval structure is no longer needed, you should
free the memory by calling the \fIber_bvfree function.e\fP
\fIerrcodep\fP is an output parameter, which points to the result code returned
by the server. If this parameter is NULL, the result code is not returned.
.LP 
See
ldap.h for a list of possible return codes.
.SH SEE ALSO
.BR ldap_search (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 50 stdin
PK�����kSi\�C�B�
���
����man3/ldap_compare_s.3nu��[�����������.lf 1 stdin
.TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_compare_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_compare_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB );
.RE
.SH DESCRIPTION
The
.B ldap_compare_ext_s()
routine is used to perform an LDAP compare operation synchronously.
It takes \fIdn\fP, the DN of the entry upon which to perform the
compare, and \fIattr\fP and \fIvalue\fP, the attribute description and
value to compare to those found in the entry.  It returns a code, which
will be LDAP_COMPARE_TRUE if the entry contains the attribute value and
LDAP_COMPARE_FALSE if it does not.  Otherwise, an error code is
returned that indicates the nature of the problem.  See
.BR ldap (3)
for details.
.LP
The
.B ldap_compare_ext()
routine is used to perform an LDAP compare operation
asynchronously.  It takes the same parameters as
.BR ldap_compare_ext_s() ,
but provides the message id of the request it initiated in the
integer pointed to \fImsgidp\fP.  The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
Both routines allow server and client controls to be specified to
extend the compare request.
.SH DEPRECATED INTERFACES
The routines
.BR ldap_compare ()
and
.BR ldap_compare_s ()
are deprecated in favor of
.BR ldap_compare_ext ()
and
.BR ldap_compare_ext_s (),
respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 75 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 80 stdin
PK�����kSi\�c%u��u����man3/ldap_search_st.3nu��[�����������.lf 1 stdin
.TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <sys/types.h>
#include <ldap.h>
.LP
.ft B
int ldap_search_ext(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_search_ext_s(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
LDAPMessage **\fIres\fB );
.RE
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
The
.B ldap_search_ext_s()
routine
does the search synchronously (i.e., not
returning until the operation completes), providing a pointer
to the resulting LDAP messages at the location pointed to by
the \fIres\fP parameter.
.LP
The
.B ldap_search_ext()
routine is the asynchronous version, initiating the search and returning
the message id of the operation it initiated in the integer
pointed to by the \fImsgidp\fP parameter.
.LP
The \fIbase\fP parameter is the DN of the entry at which to start the search.
.LP
The \fIscope\fP parameter is the scope of the search and should be one
of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL,
to search the object's immediate children, LDAP_SCOPE_SUBTREE, to
search the object and all its descendants, or LDAP_SCOPE_CHILDREN,
to search all of the descendants.   Note that the latter requires
the server support the LDAP Subordinates Search Scope extension.
.LP
The \fIfilter\fP is a string representation of the filter to
apply in the search.  The string should conform to the format
specified in RFC 4515 as extended by RFC 4526.  For instance,
"(cn=Jane Doe)".  Note that use of the extension requires the
server to support the LDAP Absolute True/False Filter extension.
NULL may be specified to indicate the library should send the
filter (objectClass=*).
.LP
The \fIattrs\fP parameter is a null-terminated array of attribute
descriptions to return from matching entries.
If NULL is specified, the return of all user attributes is requested.
The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
all user attributes to be returned.
The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to
request all operational attributes to be returned.  Note that this
requires the server to support the LDAP All Operational Attribute
extension.
To request no attributes, the description "1.1" (LDAP_NO_ATTRS)
should be listed by itself.
.LP
The \fIattrsonly\fP parameter should be set to a non-zero value
if only attribute descriptions are wanted.  It should be set to zero (0)
if both attributes descriptions and attribute values are wanted.
.LP
The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used
to specify server and client controls, respectively.
.LP
The
.B ldap_search_ext_s()
routine is the synchronous version of
.BR ldap_search_ext().
.LP
It also returns a code indicating success or, in the
case of failure, indicating the nature of the failure
of the operation.  See
.BR ldap_error (3)
for details.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
routines. Return values are contained in <ldap.h>.
.LP
Note that \fIres\fR parameter of
.B ldap_search_ext_s()
and
.B ldap_search_s()
should be freed with
.B ldap_msgfree()
regardless of return value of these functions.
.SH DEPRECATED INTERFACES
The 
.B ldap_search()
routine is deprecated in favor of the
.B ldap_search_ext()
routine.  The 
.B ldap_search_s()
and
.B ldap_search_st()
routines are deprecated in favor of the
.B ldap_search_ext_s()
routine.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 139 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 145 stdin
PK�����kSi\}�q �
���
����man3/ldap_add_ext_s.3nu��[�����������.lf 1 stdin
.TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
.LP
.ft B
.nf
int ldap_add_ext(
.RS
.ft B
LDAP *\fIld,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
.nf
int ldap_add_ext_s(
.RS
LDAP *\fIld\fB,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl *\fIsctrls\fB,
LDAPControl *\fIcctrls\fB );
.RE
.fi
.SH DESCRIPTION
The
.B ldap_add_ext_s()
routine is used to perform an LDAP add operation.
It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a
null-terminated array of the entry's attributes.  The LDAPMod structure
is used to represent attributes, with the \fImod_type\fP and
\fImod_values\fP fields being used as described under
.BR ldap_modify_ext (3),
and the \fIldap_op\fP field being used only if you need to specify
the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero.
.LP
Note that all entries except that
specified by the last component in the given DN must already exist.
.B ldap_add_ext_s()
returns an code indicating success or, in the case of failure,
indicating the nature of failure of the operation.  See
.BR ldap_error (3)
for more details.
.LP
The
.B ldap_add_ext()
routine works just like
.BR ldap_add_ext_s() ,
but it is asynchronous.  It returns the message id of the request it
initiated.  The result of this operation can be obtained by calling
.BR ldap_result (3).
.SH DEPRECATED INTERFACES
The
.BR ldap_add ()
and
.BR ldap_add_s ()
routines are deprecated in favor of the
.BR ldap_add_ext ()
and
.BR ldap_add_ext_s ()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 76 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����kSi\Y��X<L��<L����man3/ldap_get_option.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_OPTION 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_option, ldap_set_option \- LDAP option handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_get_option(LDAP *" ld ", int " option ", void *" outvalue ");"
.LP
.BI "int ldap_set_option(LDAP *" ld ", int " option ", const void *" invalue ");"
.SH DESCRIPTION
.LP
These routines provide access to options stored either in a LDAP handle
or as global options, where applicable.
They make use of a neutral interface, where the type of the value
either retrieved by 
.BR ldap_get_option (3)
or set by
.BR ldap_set_option (3)
is cast to 
.BR "void *" .
The actual type is determined based on the value of the
.B option
argument.
Global options are set/retrieved by passing a NULL LDAP handle. LDAP handles
inherit their default settings from the global options in effect at the time
the handle is created.
.TP
.B LDAP_OPT_API_FEATURE_INFO
Fills-in a 
.BR "LDAPAPIFeatureInfo" ;
.BR outvalue 
must be a 
.BR "LDAPAPIFeatureInfo *" ,
pointing to an already allocated struct.
The
.B ldapaif_info_version
field of the struct must be initialized to
.B LDAP_FEATURE_INFO_VERSION
before making the call. The
.B ldapaif_name
field must be set to the name of a feature to query.
This is a read-only option.
.TP
.B LDAP_OPT_API_INFO
Fills-in a 
.BR "LDAPAPIInfo" ;
.BR outvalue 
must be a 
.BR "LDAPAPIInfo *" ,
pointing to an already allocated struct. The
.B ldapai_info_version
field of the struct must be initialized to
.B LDAP_API_INFO_VERSION
before making the call.
If the version passed in does not match the current library
version, the expected version number will be stored in the
struct and the call will fail.
The caller is responsible for freeing the elements of the
.B ldapai_extensions
array and the array itself using
.BR ldap_memfree (3).
The caller must also free the
.BR ldapi_vendor_name .
This is a read-only option.
.TP
.B LDAP_OPT_CLIENT_CONTROLS
Sets/gets the client-side controls to be used for all operations.
This is now deprecated as modern LDAP C API provides replacements
for all main operations which accepts client-side controls as
explicit arguments; see for example
.BR ldap_search_ext (3),
.BR ldap_add_ext (3),
.BR ldap_modify_ext (3)
and so on.
.BR outvalue
must be 
.BR "LDAPControl ***" ,
and the caller is responsible of freeing the returned controls, if any,
by calling 
.BR ldap_controls_free (3),
while
.BR invalue
must be 
.BR "LDAPControl *const *" ;
the library duplicates the controls passed via
.BR invalue .
.TP
.B LDAP_OPT_CONNECT_ASYNC
Sets/gets the status of the asynchronous connect flag.
.BR invalue
should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON ;
.BR outvalue
must be
.BR "int *" .
When set, the library will call
.BR connect (2)
and return, without waiting for response.
This leaves the handle in a connecting state.
Subsequent calls to library routines will poll for completion
of the connect before performing further operations.
As a consequence, library calls that need to establish a connection
with a DSA do not block even for the network timeout
(option
.BR LDAP_OPT_NETWORK_TIMEOUT ).
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_CONNECT_CB
This option allows to set a connect callback.
.B invalue
must be a 
.BR "const struct ldap_conncb *" .
Callbacks are executed in last in-first served order.
Handle-specific callbacks are executed first, followed by global ones.
Right before freeing the callback structure, the
.B lc_del
callback handler is passed a 
.B NULL
.BR Sockbuf .
Calling
.BR ldap_get_option (3)
for this option removes the callback whose pointer matches
.BR outvalue .
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_DEBUG_LEVEL
Sets/gets the debug level of the client library.
.BR invalue
must be a 
.BR "const int *" ;
.BR outvalue
must be a
.BR "int *" .
Valid debug levels are 
.BR LDAP_DEBUG_ANY ,
.BR LDAP_DEBUG_ARGS ,
.BR LDAP_DEBUG_BER ,
.BR LDAP_DEBUG_CONNS ,
.BR LDAP_DEBUG_NONE ,
.BR LDAP_DEBUG_PACKETS ,
.BR LDAP_DEBUG_PARSE ,
and
.BR LDAP_DEBUG_TRACE .
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_DEFBASE
Sets/gets a string containing the DN to be used as default base
for search operations.
.BR outvalue
must be a
.BR "char **" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library duplicates the corresponding string.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_DEREF
Sets/gets the value that defines when alias dereferencing must occur.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue 
must be
.BR "int *" .
They cannot be NULL.
The value of 
.BR *invalue
should be one of
.BR LDAP_DEREF_NEVER
(the default),
.BR LDAP_DEREF_SEARCHING ,
.BR LDAP_DEREF_FINDING ,
or
.BR LDAP_DEREF_ALWAYS .
Note that this has ever been the only means to determine alias dereferencing
within search operations.
.TP
.B LDAP_OPT_DESC
Returns the file descriptor associated to the socket buffer
of the LDAP handle passed in as 
.BR ld ;
.BR outvalue
must be a 
.BR "int *" .
This is a read-only, handle-specific option.
.TP
.B LDAP_OPT_DIAGNOSTIC_MESSAGE
Sets/gets a string containing the error string associated to the LDAP handle.
This option was formerly known as 
.BR LDAP_OPT_ERROR_STRING .
.BR outvalue
must be a
.BR "char **" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "char *" ;
the library duplicates the corresponding string.
.TP
.B LDAP_OPT_HOST_NAME
Sets/gets a space-separated list of hosts to be contacted by the library 
when trying to establish a connection.
This is now deprecated in favor of
.BR LDAP_OPT_URI .
.BR outvalue
must be a 
.BR "char **" ,
and the caller is responsible of freeing the resulting string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library duplicates the corresponding string.
.TP
.B LDAP_OPT_MATCHED_DN
Sets/gets a string containing the matched DN associated to the LDAP handle.
.BR outvalue
must be a
.BR "char **" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library duplicates the corresponding string.
.TP
.B LDAP_OPT_NETWORK_TIMEOUT
Sets/gets the network timeout value after which
.BR poll (2)/ select (2) 
following a 
.BR connect (2) 
returns in case of no activity.
.B outvalue
must be a 
.BR "struct timeval **"
(the caller has to free
.BR *outvalue ) ,
and
.B invalue
must be a 
.BR "const struct timeval *" .
They cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_PROTOCOL_VERSION
Sets/gets the protocol version.
.BR outvalue
and
.BR invalue
must be 
.BR "int *" .
.TP
.B LDAP_OPT_REFERRAL_URLS
Sets/gets an array containing the referral URIs associated to the LDAP handle.
.BR outvalue
must be a
.BR "char ***" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memvfree (3),
while
.BR invalue
must be a NULL-terminated
.BR "char *const *" ;
the library duplicates the corresponding string.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_REFERRALS
Determines whether the library should implicitly chase referrals or not.
.BR invalue
must be 
.BR "const int *" ;
its value should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON .
.BR outvalue
must be
.BR "int *" .
.\".TP
.\".B LDAP_OPT_REFHOPLIMIT
.\"This option is OpenLDAP specific.
.\"It is not currently implemented.
.TP
.B LDAP_OPT_RESTART
Determines whether the library should implicitly restart connections (FIXME).
.BR invalue
must be 
.BR "const int *" ;
its value should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON .
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_RESULT_CODE
Sets/gets the LDAP result code associated to the handle.
This option was formerly known as
.BR LDAP_OPT_ERROR_NUMBER .
.BR invalue
must be a 
.BR "const int *" .
.BR outvalue
must be a
.BR "int *" .
.TP
.B LDAP_OPT_SERVER_CONTROLS
Sets/gets the server-side controls to be used for all operations.
This is now deprecated as modern LDAP C API provides replacements
for all main operations which accepts server-side controls as
explicit arguments; see for example
.BR ldap_search_ext (3),
.BR ldap_add_ext (3),
.BR ldap_modify_ext (3)
and so on.
.BR outvalue
must be 
.BR "LDAPControl ***" ,
and the caller is responsible of freeing the returned controls, if any,
by calling 
.BR ldap_controls_free (3),
while
.BR invalue
must be 
.BR "LDAPControl *const *" ;
the library duplicates the controls passed via
.BR invalue .
.TP
.B LDAP_OPT_SESSION_REFCNT
Returns the reference count associated with the LDAP handle passed in as
.BR ld ;
.BR outvalue
must be a
.BR "int *" .
This is a read-only, handle-specific option.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_SIZELIMIT
Sets/gets the value that defines the maximum number of entries
to be returned by a search operation.
.BR invalue
must be
.BR "const int *" ,
while
.BR outvalue
must be
.BR "int *" ;
They cannot be NULL.
.TP
.B LDAP_OPT_SOCKBUF
Returns a pointer to the socket buffer of the LDAP handle passed in as
.BR ld ;
.BR outvalue
must be a 
.BR "Sockbuf **" .
This is a read-only, handle-specific option.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_TIMELIMIT
Sets/gets the value that defines the time limit after which
a search operation should be terminated by the server.
.BR invalue
must be
.BR "const int *" ,
while
.BR outvalue
must be
.BR "int *" ,
and they cannot be NULL.
.TP
.B LDAP_OPT_TIMEOUT
Sets/gets a timeout value for the synchronous API calls.
.B outvalue
must be a 
.BR "struct timeval **"
(the caller has to free
.BR *outvalue ) ,
and
.B invalue
must be a 
.BR "struct timeval *" ,
and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_URI
Sets/gets a comma- or space-separated list of URIs to be contacted by the library 
when trying to establish a connection.
.BR outvalue
must be a 
.BR "char **" ,
and the caller is responsible of freeing the resulting string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library parses the string into a list of 
.BR LDAPURLDesc
structures, so the invocation of 
.BR ldap_set_option (3)
may fail if URL parsing fails.
URIs may only contain the
.BR schema ,
the
.BR host ,
and the
.BR port
fields.
This option is OpenLDAP specific.
.SH SASL OPTIONS
The SASL options are OpenLDAP specific.
.TP
.B LDAP_OPT_X_SASL_AUTHCID
Gets the SASL authentication identity;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_AUTHZID
Gets the SASL authorization identity;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_MAXBUFSIZE
Gets/sets SASL maximum buffer size;
.BR invalue
must be
.BR "const ber_len_t *" ,
while
.BR outvalue
must be
.BR "ber_len_t *" .
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_MECH
Gets the SASL mechanism;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_MECHLIST
Gets the list of the available mechanisms,
in form of a NULL-terminated array of strings;
.BR outvalue
must be
.BR "char ***" .
The caller must not free or otherwise muck with it.
.TP
.B LDAP_OPT_X_SASL_NOCANON
Sets/gets the NOCANON flag.
When unset, the hostname is canonicalized.
.BR invalue
must be
.BR "const int *" ;
its value should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON .
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_SASL_REALM
Gets the SASL realm;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_SECPROPS
Sets the SASL secprops;
.BR invalue
must be a
.BR "char *" ,
containing a comma-separated list of properties.
Legal values are:
.BR none ,
.BR nodict ,
.BR noplain ,
.BR noactive ,
.BR passcred ,
.BR forwardsec ,
.BR noanonymous ,
.BR minssf=<minssf> ,
.BR maxssf=<maxssf> ,
.BR maxbufsize=<maxbufsize> .
.TP
.B LDAP_OPT_X_SASL_SSF
Gets the SASL SSF;
.BR outvalue
must be a
.BR "ber_len_t *" .
.TP
.B LDAP_OPT_X_SASL_SSF_EXTERNAL
Sets the SASL SSF value related to an authentication
performed using an EXTERNAL mechanism;
.BR invalue
must be a
.BR "const ber_len_t *" .
.TP
.B LDAP_OPT_X_SASL_SSF_MAX
Gets/sets SASL maximum SSF;
.BR invalue
must be
.BR "const ber_len_t *" ,
while
.BR outvalue
must be
.BR "ber_len_t *" .
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_SSF_MIN
Gets/sets SASL minimum SSF;
.BR invalue
must be
.BR "const ber_len_t *" ,
while
.BR outvalue
must be
.BR "ber_len_t *" .
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_USERNAME
Gets the SASL username;
.BR outvalue
must be a
.BR "char **" .
Its content needs to be freed by the caller using
.BR ldap_memfree (3).
.SH TCP OPTIONS
The TCP options are OpenLDAP specific.
Mainly intended for use with Linux, they may not be portable.
.TP
.B LDAP_OPT_X_KEEPALIVE_IDLE
Sets/gets the number of seconds a connection needs to remain idle
before TCP starts sending keepalive probes.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_KEEPALIVE_PROBES
Sets/gets the maximum number of keepalive probes TCP should send
before dropping the connection.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_KEEPALIVE_INTERVAL
Sets/gets the interval in seconds between individual keepalive probes.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.SH TLS OPTIONS
The TLS options are OpenLDAP specific.
.\".TP
.\".B LDAP_OPT_X_TLS
.\"Sets/gets the TLS mode.
.TP
.B LDAP_OPT_X_TLS_CACERTDIR
Sets/gets the path of the directory containing CA certificates.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CACERTFILE
Sets/gets the full-path of the CA certificate file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CERTFILE
Sets/gets the full-path of the certificate file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CIPHER_SUITE
Sets/gets the allowed cipher suite.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CONNECT_ARG
Sets/gets the connection callback argument.
.BR invalue
must be
.BR "const void *" ;
.BR outvalue
must be
.BR "void **" .
.TP
.B LDAP_OPT_X_TLS_CONNECT_CB
Sets/gets the connection callback handle.
.BR invalue
must be
.BR "const LDAP_TLS_CONNECT_CB *" ;
.BR outvalue
must be
.BR "LDAP_TLS_CONNECT_CB **" .
.TP
.B LDAP_OPT_X_TLS_CRLCHECK
Sets/gets the CRL evaluation strategy, one of
.BR LDAP_OPT_X_TLS_CRL_NONE ,
.BR LDAP_OPT_X_TLS_CRL_PEER ,
or
.BR LDAP_OPT_X_TLS_CRL_ALL .
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
Requires OpenSSL.
.TP
.B LDAP_OPT_X_TLS_CRLFILE
Sets/gets the full-path of the CRL file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
This option is only valid for GnuTLS.
.TP
.B LDAP_OPT_X_TLS_CTX
Sets/gets the TLS library context. New TLS sessions will inherit their
default settings from this library context.
.BR invalue
must be
.BR "const void *" ;
.BR outvalue
must be
.BR "void **" .
When using the OpenSSL library this is an SSL_CTX*. When using other
crypto libraries this is a pointer to an OpenLDAP private structure.
Applications generally should not use this option or attempt to
manipulate this structure.
.TP
.B LDAP_OPT_X_TLS_DHFILE
Gets/sets the full-path of the file containing the parameters
for Diffie-Hellman ephemeral key exchange.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
Ignored by GnuTLS and Mozilla NSS.
.TP
.B LDAP_OPT_X_TLS_KEYFILE
Sets/gets the full-path of the certificate key file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_NEWCTX
Instructs the library to create a new TLS library context.
.BR invalue
must be
.BR "const int *" .
A non-zero value pointed to by
.BR invalue
tells the library to create a context for a server.
.TP
.B LDAP_OPT_X_TLS_PROTOCOL_MIN
Sets/gets the minimum protocol version.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_TLS_RANDOM_FILE
Sets/gets the random file when
.B /dev/random
and
.B /dev/urandom
are not available.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
Ignored by GnuTLS older than version 2.2.  Ignored by Mozilla NSS.
.TP
.B LDAP_OPT_X_TLS_REQUIRE_CERT
Sets/gets the peer certificate checking strategy,
one of
.BR LDAP_OPT_X_TLS_NEVER ,
.BR LDAP_OPT_X_TLS_HARD ,
.BR LDAP_OPT_X_TLS_DEMAND ,
.BR LDAP_OPT_X_TLS_ALLOW ,
.BR LDAP_OPT_X_TLS_TRY .
.TP
.B LDAP_OPT_X_TLS_SSL_CTX
Gets the TLS session context associated with this handle.
.BR outvalue
must be
.BR "void **" .
When using the OpenSSL library this is an SSL*. When using other
crypto libraries this is a pointer to an OpenLDAP private structure.
Applications generally should not use this option.
.SH ERRORS
On success, the functions return
.BR LDAP_OPT_SUCCESS ,
while they may return
.B LDAP_OPT_ERROR
to indicate a generic option handling error.
Occasionally, more specific errors can be returned, like
.B LDAP_NO_MEMORY
to indicate a failure in memory allocation.
.SH NOTES
The LDAP libraries with the
.B LDAP_OPT_REFERRALS 
option set to
.B LDAP_OPT_ON
(default value) automatically follow referrals using an anonymous bind.
Application developers are encouraged to either implement consistent
referral chasing features, or explicitly disable referral chasing
by setting that option to
.BR LDAP_OPT_OFF .
.P
The protocol version used by the library defaults to LDAPv2 (now historic),
which corresponds to the
.B LDAP_VERSION2
macro.
Application developers are encouraged to explicitly set
.B LDAP_OPT_PROTOCOL_VERSION
to LDAPv3, using the 
.B LDAP_VERSION3
macro, or to allow users to select the protocol version.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.B RFC 4422
(http://www.rfc-editor.org),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 811 stdin
PK�����kSi\�5^#v1��v1����man3/ber_next_element.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����kSi\g�d"#��"#����man3/ldap_str2matchingrule.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\�5^#v1��v1����man3/ber_get_bitstring.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����kSi\��q��q����man3/ldap_dn2ufn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����kSi\��MK$��K$����man3/ber_put_null.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\}�q �
���
����man3/ldap_add_s.3nu��[�����������.lf 1 stdin
.TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
.LP
.ft B
.nf
int ldap_add_ext(
.RS
.ft B
LDAP *\fIld,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
.nf
int ldap_add_ext_s(
.RS
LDAP *\fIld\fB,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl *\fIsctrls\fB,
LDAPControl *\fIcctrls\fB );
.RE
.fi
.SH DESCRIPTION
The
.B ldap_add_ext_s()
routine is used to perform an LDAP add operation.
It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a
null-terminated array of the entry's attributes.  The LDAPMod structure
is used to represent attributes, with the \fImod_type\fP and
\fImod_values\fP fields being used as described under
.BR ldap_modify_ext (3),
and the \fIldap_op\fP field being used only if you need to specify
the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero.
.LP
Note that all entries except that
specified by the last component in the given DN must already exist.
.B ldap_add_ext_s()
returns an code indicating success or, in the case of failure,
indicating the nature of failure of the operation.  See
.BR ldap_error (3)
for more details.
.LP
The
.B ldap_add_ext()
routine works just like
.BR ldap_add_ext_s() ,
but it is asynchronous.  It returns the message id of the request it
initiated.  The result of this operation can be obtained by calling
.BR ldap_result (3).
.SH DEPRECATED INTERFACES
The
.BR ldap_add ()
and
.BR ldap_add_s ()
routines are deprecated in favor of the
.BR ldap_add_ext ()
and
.BR ldap_add_ext_s ()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 76 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����kSi\���	���	�� ��man3/ldap_extended_operation_s.3nu��[�����������.lf 1 stdin
.TH LDAP_EXTENDED_OPERATION 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_extended_operation(
.RS
.ft B
LDAP *\fIld\fB,
const char *\fIrequestoid\fB,
const struct berval *\fIrequestdata\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_extended_operation_s(
.RS
.ft B
LDAP *\fIld\fB,
const char *\fIrequestoid\fB,
const struct berval *\fIrequestdata\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
char **\fIretoidp\fB,
struct berval **\fIretdatap\fB );
.RE
.SH DESCRIPTION
The
.B ldap_extended_operation_s()
routine is used to synchronously perform an LDAP extended operation.
It takes \fIrequestoid\fP, which points to a dotted-decimal OID string
identifying the extended operation to perform. \fIrequestdata\fP is the
data required for the request, \fIsctrls\fP is an array of LDAPControl
structures to use with this extended operation, \fIcctrls\fP is an array
of LDAPControl structures that list the client controls to use with
this extended operation.
.LP
The output parameter \fIretoidp\fP points to a dotted-decimal OID
string returned by the LDAP server.  The memory used by the string
should be freed with the
.BR ldap_memfree (3)
function.
The output parameter \fIretdatap\fP points to a pointer to a berval
structure that contains the returned data.  If no data is returned
by the server, the pointer is set this to NULL.  The memory used by
this structure should be freed with the
.BR ber_bvfree (3)
function.
.LP
The
.B ldap_extended_operation()
works just like
.BR ldap_extended_operation_s() ,
but the operation is asynchronous.  It provides the message id of
the request it initiated in the integer pointed to be \fImsgidp\fP.
The result of this operation can be obtained by calling
.BR ldap_result(3).
.SH SEE ALSO
.BR ber_bvfree (3),
.BR ldap_memfree (3),
.BR ldap_parse_extended_result (3),
.BR ldap_result (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 76 stdin
PK�����kSi\��1ܽ�������man3/ldap_control_dup.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����kSi\��1ܽ�������man3/ldap_controls.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����kSi\g�d"#��"#����man3/ldap_schema.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\���0��0����man3/ldap_strdup.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����kSi\�շY��������man3/ber_bvdup.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����kSi\�Q�}
&��
&����man3/ldap_sync.3nu��[�����������.lf 1 stdin
.TH LDAP_SYNC 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2006-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_sync_init(ldap_sync_t *" ls ", int " mode ");"
.LP
.BI "int ldap_sync_init_refresh_only(ldap_sync_t *" ls ");"
.LP
.BI "int ldap_sync_init_refresh_and_persist(ldap_sync_t *" ls  ");"
.LP
.BI "int ldap_sync_poll(ldap_sync_t *" ls ");"
.LP
.BI "ldap_sync_t * ldap_sync_initialize(ldap_sync_t *" ls ");"
.LP
.BI "void ldap_sync_destroy(ldap_sync_t *" ls ", int " freeit ");"
.LP
.BI "typedef int (*" ldap_sync_search_entry_f ")(ldap_sync_t *" ls ","
.RS
.BI "LDAPMessage *" msg ", struct berval *" entryUUID ","
.BI "ldap_sync_refresh_t " phase ");"
.RE
.LP
.BI "typedef int (*" ldap_sync_search_reference_f ")(ldap_sync_t *" ls ","
.RS
.BI "LDAPMessage *" msg ");"
.RE
.LP
.BI "typedef int (*" ldap_sync_intermediate_f ")(ldap_sync_t *" ls ","
.RS
.BI "LDAPMessage *" msg ", BerVarray " syncUUIDs ","
.BI "ldap_sync_refresh_t " phase ");"
.RE
.LP
.BI "typedef int (*" ldap_sync_search_result_f ")(ldap_sync_t *" ls ","
.RS
.BI "LDAPMessage *" msg ", int " refreshDeletes ");"
.RE
.SH DESCRIPTION
.LP
These routines provide an interface to the LDAP Content Synchronization 
operation (RFC 4533).
They require an
.BR ldap_sync_t
structure to be set up with parameters required for various phases
of the operation; this includes setting some handlers for special events.
All handlers take a pointer to the \fBldap_sync_t\fP structure as the first
argument, and a pointer to the \fBLDAPMessage\fP structure as received
from the server by the client library, plus, occasionally, other specific
arguments.

The members of the \fBldap_sync_t\fP structure are:
.TP
.BI "char *" ls_base
The search base; by default, the
.B BASE
option in
.BR ldap.conf (5).
.TP
.BI "int " ls_scope
The search scope (one of 
.BR LDAP_SCOPE_BASE ,
.BR LDAP_SCOPE_ONELEVEL ,
.BR LDAP_SCOPE_SUBORDINATE
or
.BR LDAP_SCOPE_SUBTREE ;
see
.B ldap.h
for details).
.TP
.BI "char *" ls_filter
The filter (RFC 4515); by default, 
.BR (objectClass=*) .
.TP
.BI "char **" ls_attrs
The requested attributes; by default
.BR NULL ,
indicating all user attributes.
.TP
.BI "int " ls_timelimit
The requested time limit (in seconds); by default
.BR 0 ,
to indicate no limit.
.TP
.BI "int " ls_sizelimit
The requested size limit (in entries); by default
.BR 0 ,
to indicate no limit.
.TP
.BI "int " ls_timeout
The desired timeout during polling with
.BR ldap_sync_poll (3).
A value of
.BR \-1
means that polling is blocking, so 
.BR ldap_sync_poll (3)
will not return until a message is received; a value of
.BR 0
means that polling returns immediately, no matter if any response
is available or not; a positive value represents the timeout the
.BR ldap_sync_poll (3)
function will wait for response before returning, unless a message
is received; in that case, 
.BR ldap_sync_poll (3)
returns as soon as the message is available.
.TP
.BI "ldap_sync_search_entry_f " ls_search_entry
A function that is called whenever an entry is returned.
The
.BR msg
argument is the
.BR LDAPMessage
that contains the searchResultEntry; it can be parsed using the regular 
client API routines, like 
.BR ldap_get_dn (3),
.BR ldap_first_attribute (3),
and so on.
The
.BR entryUUID
argument contains the entryUUID of the entry.
The
.BR phase
argument indicates the type of operation: one of
.BR LDAP_SYNC_CAPI_PRESENT ,
.BR LDAP_SYNC_CAPI_ADD ,
.BR LDAP_SYNC_CAPI_MODIFY ,
.BR LDAP_SYNC_CAPI_DELETE ;
in case of
.BR LDAP_SYNC_CAPI_PRESENT
or
.BR LDAP_SYNC_CAPI_DELETE ,
only the DN is contained in the 
.IR LDAPMessage ;
in case of 
.BR LDAP_SYNC_CAPI_MODIFY ,
the whole entry is contained in the 
.IR LDAPMessage ,
and the application is responsible of determining the differences
between the new view of the entry provided by the caller and the data
already known.
.TP
.BI "ldap_sync_search_reference_f " ls_search_reference
A function that is called whenever a search reference is returned.
The
.BR msg
argument is the
.BR LDAPMessage
that contains the searchResultReference; it can be parsed using 
the regular client API routines, like 
.BR ldap_parse_reference (3).
.TP
.BI "ldap_sync_intermediate_f " ls_intermediate
A function that is called whenever something relevant occurs during 
the refresh phase of the search, which is marked by
an \fIintermediateResponse\fP message type.
The
.BR msg
argument is the
.BR LDAPMessage
that contains the intermediate response; it can be parsed using 
the regular client API routines, like 
.BR ldap_parse_intermediate (3).
The
.BR syncUUIDs
argument contains an array of UUIDs of the entries that depends
on the value of the
.BR phase
argument.
In case of
.BR LDAP_SYNC_CAPI_PRESENTS ,
the "present" phase is being entered;
this means that the following sequence of results will consist
in entries in "present" sync state.
In case of
.BR LDAP_SYNC_CAPI_DELETES ,
the "deletes" phase is being entered;
this means that the following sequence of results will consist
in entries in "delete" sync state.
In case of
.BR LDAP_SYNC_CAPI_PRESENTS_IDSET ,
the message contains a set of UUIDs of entries that are present;
it replaces a "presents" phase.
In case of
.BR LDAP_SYNC_CAPI_DELETES_IDSET ,
the message contains a set of UUIDs of entries that have been deleted;
it replaces a "deletes" phase.
In case of
.BR LDAP_SYNC_CAPI_DONE,
a "presents" phase with "refreshDone" set to "TRUE" has been returned
to indicate that the refresh phase of refreshAndPersist is over, and
the client should start polling.
Except for the
.BR LDAP_SYNC_CAPI_PRESENTS_IDSET
and
.BR LDAP_SYNC_CAPI_DELETES_IDSET
cases,
.BR syncUUIDs
is NULL.
.BR
.TP
.BI "ldap_sync_search_result_f " ls_search_result
A function that is called whenever a searchResultDone is returned.
In refreshAndPersist this can only occur when the server decides
that the search must be interrupted.
The
.BR msg
argument is the
.BR LDAPMessage
that contains the response; it can be parsed using 
the regular client API routines, like 
.BR ldap_parse_result (3).
The
.BR refreshDeletes
argument is not relevant in this case; it should always be \-1.
.TP
.BI "void *" ls_private
A pointer to private data.  The client may register here
a pointer to data the handlers above may need.
.TP
.BI "LDAP *" ls_ld
A pointer to a LDAP structure that is used to connect to the server.
It is the responsibility of the client to initialize the structure
and to provide appropriate authentication and security in place.

.SH "GENERAL USE"
A
.B ldap_sync_t
structure is initialized by calling
.BR ldap_sync_initialize(3).
This simply clears out the contents of an already existing
.B ldap_sync_t
structure, and sets appropriate values for some members.
After that, the caller is responsible for setting up the
connection (member
.BR ls_ld ),
eventually setting up transport security (TLS),
for binding and any other initialization.
The caller must also fill all the documented search-related fields
of the
.B ldap_sync_t
structure.

At the end of a session, the structure can be cleaned up by calling
.BR ldap_sync_destroy (3),
which takes care of freeing all data assuming it was allocated by
.BR ldap_mem* (3)
routines.
Otherwise, the caller should take care of destroying and zeroing out
the documented search-related fields, and call
.BR ldap_sync_destroy (3)
to free undocumented members set by the API.

.SH "REFRESH ONLY"
The
.BR refreshOnly
functionality is obtained by periodically calling
.BR ldap_sync_init (3)
with mode set to
.BR LDAP_SYNC_REFRESH_ONLY ,
or, which is equivalent, by directly calling
.BR ldap_sync_init_refresh_only (3).
The state of the search, and the consistency of the search parameters,
is preserved across calls by passing the 
.B ldap_sync_t
structure as left by the previous call.

.SH "REFRESH AND PERSIST"
The
.BR refreshAndPersist
functionality is obtained by calling
.BR ldap_sync_init (3)
with mode set to
.BR LDAP_SYNC_REFRESH_AND_PERSIST ,
or, which is equivalent, by directly calling
.BR ldap_sync_init_refresh_and_persist (3)
and, after a successful return, by repeatedly polling with
.BR ldap_sync_poll (3)
according to the desired pattern.

A client may insert a call to 
.BR ldap_sync_poll (3)
into an external loop to check if any modification was returned;
in this case, it might be appropriate to set
.BR ls_timeout
to 0, or to set it to a finite, small value.
Otherwise, if the client's main purpose consists in waiting for
responses, a timeout of \-1 is most suitable, so that the function
only returns after some data has been received and handled.

.SH ERRORS
All routines return any LDAP error resulting from a lower-level error
in the API calls they are based on, or LDAP_SUCCESS in case of success.
.BR ldap_sync_poll (3) 
may return 
.BR LDAP_SYNC_REFRESH_REQUIRED
if a full refresh is requested by the server.
In this case, it is appropriate to call
.BR ldap_sync_init (3)
again, passing the same
.B ldap_sync_t
structure as resulted from any previous call.
.SH NOTES
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search_ext (3),
.BR ldap_result (3) ;
.B RFC 4533
(http://www.rfc-editor.org),
.SH AUTHOR
Designed and implemented by Pierangelo Masarati, based on RFC 4533
and loosely inspired by syncrepl code in
.BR slapd (8).
.SH ACKNOWLEDGEMENTS
Initially developed by
.BR "SysNet s.n.c."
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release.  
PK�����kSi\'�t!��������man3/ldap_install_tls.3nu��[�����������.lf 1 stdin
.TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_start_tls(LDAP *" ld ");"
.LP
.BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");"
.LP
.BI "int ldap_tls_inplace(LDAP *" ld ");"
.LP
.BI "int ldap_install_tls(LDAP *" ld ");"
.SH DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session.
.BR ldap_start_tls_s ()
sends a StartTLS request to a server, waits for the reply, and then installs
TLS handlers on the session if the request succeeded. The routine returns
.B LDAP_SUCCESS
if everything succeeded, otherwise it returns an LDAP error code.
.BR ldap_start_tls ()
sends a StartTLS request to a server and does nothing else. It returns
.B LDAP_SUCCESS
if the request was sent successfully.
.BR ldap_tls_inplace ()
returns 1 if TLS handlers have been installed on the specified session, 0
otherwise.
.BR ldap_install_tls ()
installs the TLS handlers on the given session. It returns
.B LDAP_LOCAL_ERROR
if TLS is already installed.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 42 stdin
PK�����kSi\�c%u��u����man3/ldap_search_ext_s.3nu��[�����������.lf 1 stdin
.TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <sys/types.h>
#include <ldap.h>
.LP
.ft B
int ldap_search_ext(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_search_ext_s(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
LDAPMessage **\fIres\fB );
.RE
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
The
.B ldap_search_ext_s()
routine
does the search synchronously (i.e., not
returning until the operation completes), providing a pointer
to the resulting LDAP messages at the location pointed to by
the \fIres\fP parameter.
.LP
The
.B ldap_search_ext()
routine is the asynchronous version, initiating the search and returning
the message id of the operation it initiated in the integer
pointed to by the \fImsgidp\fP parameter.
.LP
The \fIbase\fP parameter is the DN of the entry at which to start the search.
.LP
The \fIscope\fP parameter is the scope of the search and should be one
of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL,
to search the object's immediate children, LDAP_SCOPE_SUBTREE, to
search the object and all its descendants, or LDAP_SCOPE_CHILDREN,
to search all of the descendants.   Note that the latter requires
the server support the LDAP Subordinates Search Scope extension.
.LP
The \fIfilter\fP is a string representation of the filter to
apply in the search.  The string should conform to the format
specified in RFC 4515 as extended by RFC 4526.  For instance,
"(cn=Jane Doe)".  Note that use of the extension requires the
server to support the LDAP Absolute True/False Filter extension.
NULL may be specified to indicate the library should send the
filter (objectClass=*).
.LP
The \fIattrs\fP parameter is a null-terminated array of attribute
descriptions to return from matching entries.
If NULL is specified, the return of all user attributes is requested.
The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
all user attributes to be returned.
The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to
request all operational attributes to be returned.  Note that this
requires the server to support the LDAP All Operational Attribute
extension.
To request no attributes, the description "1.1" (LDAP_NO_ATTRS)
should be listed by itself.
.LP
The \fIattrsonly\fP parameter should be set to a non-zero value
if only attribute descriptions are wanted.  It should be set to zero (0)
if both attributes descriptions and attribute values are wanted.
.LP
The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used
to specify server and client controls, respectively.
.LP
The
.B ldap_search_ext_s()
routine is the synchronous version of
.BR ldap_search_ext().
.LP
It also returns a code indicating success or, in the
case of failure, indicating the nature of the failure
of the operation.  See
.BR ldap_error (3)
for details.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
routines. Return values are contained in <ldap.h>.
.LP
Note that \fIres\fR parameter of
.B ldap_search_ext_s()
and
.B ldap_search_s()
should be freed with
.B ldap_msgfree()
regardless of return value of these functions.
.SH DEPRECATED INTERFACES
The 
.B ldap_search()
routine is deprecated in favor of the
.B ldap_search_ext()
routine.  The 
.B ldap_search_s()
and
.B ldap_search_st()
routines are deprecated in favor of the
.B ldap_search_ext_s()
routine.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 139 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 145 stdin
PK�����kSi\
ݴ�������man3/ldap_url.3nu��[�����������.lf 1 stdin
.TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_is_ldap_url( const char *url )
.LP
.ft B
int ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
.LP
typedef struct ldap_url_desc {
    char *      lud_scheme;     /* URI scheme */
    char *      lud_host;       /* LDAP host to contact */
    int         lud_port;       /* port on host */
    char *      lud_dn;         /* base for search */
    char **     lud_attrs;      /* list of attributes */
    int         lud_scope;      /* a LDAP_SCOPE_... value */
    char *      lud_filter;     /* LDAP search filter */
    char **     lud_exts;       /* LDAP extensions */
    int         lud_crit_exts;  /* true if any extension is critical */
    /* may contain additional fields for internal use */
} LDAPURLDesc;
.LP
.ft B
void ldap_free_urldesc( LDAPURLDesc *ludp );
.SH DESCRIPTION
These routines support the use of LDAP URLs (Uniform Resource Locators)
as detailed in RFC 4516.  LDAP URLs look like this:
.nf

  \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]

where:
  \fIhostport\fP is a host name with an optional ":portnumber"
  \fIdn\fP is the search base
  \fIattrs\fP is a comma separated list of attributes to request
  \fIscope\fP is one of these three strings:
    base one sub (default=base)
  \fIfilter\fP is filter
  \fIexts\fP are recognized set of LDAP and/or API extensions.

Example:
  ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*)

.fi
.LP
URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also
tolerated.  Alternative LDAP schemes such as ldaps:// and ldapi:// may be
parsed using the below routines as well.
.LP
.B ldap_is_ldap_url()
returns a non-zero value if \fIurl\fP looks like an LDAP URL (as
opposed to some other kind of URL).  It can be used as a quick check
for an LDAP URL; the
.B ldap_url_parse()
routine should be used if a more thorough check is needed.
.LP
.B ldap_url_parse()
breaks down an LDAP URL passed in \fIurl\fP into its component pieces.
If successful, zero is returned, an LDAP URL description is
allocated, filled in, and \fIludpp\fP is set to point to it.  If an
error occurs, a non-zero URL error code is returned.
.LP
.B ldap_free_urldesc()
should be called to free an LDAP URL description that was obtained from
a call to
.B ldap_url_parse().
.SH SEE ALSO
.nf
.BR ldap (3)
.BR "RFC 4516" " <http://www.rfc-editor.org/rfc/rfc4516.txt>"
.SH ACKNOWLEDGEMENTS
.fi
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 84 stdin
PK�����kSi\���.���.����man3/ldap_sasl_bind.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����kSi\�w;+-	��-	����man3/ldap_count_references.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_references( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference )
.SH DESCRIPTION
.LP
These routines are used to step through the continuation references in a
result chain received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines.
.LP
The
.B ldap_first_reference()
routine is used to retrieve the first reference message in a
result chain.  It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first reference message in the
result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_reference()
to get the next reference message, the result of which should be
supplied to the next call to
.BR ldap_next_reference() ,
etc.
.B ldap_next_reference()
will return NULL when there are no more reference messages.
The reference messages returned from these calls are used by
.BR ldap_parse_reference (3)
to extract referrals and controls.
.LP
A count of the number of reference messages in the search result can be
obtained by calling
.BR ldap_count_references() .
It can also be used to count the number of reference messages remaining
in a result chain.
.SH ERRORS
If an error occurs in
.B ldap_first_reference()
or
.BR ldap_next_reference() ,
NULL is returned.  If an error occurs in
.BR ldap_count_references() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_parse_reference (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 72 stdin
PK�����kSi\���	���	����man3/ldap_extended_operation.3nu��[�����������.lf 1 stdin
.TH LDAP_EXTENDED_OPERATION 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_extended_operation(
.RS
.ft B
LDAP *\fIld\fB,
const char *\fIrequestoid\fB,
const struct berval *\fIrequestdata\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_extended_operation_s(
.RS
.ft B
LDAP *\fIld\fB,
const char *\fIrequestoid\fB,
const struct berval *\fIrequestdata\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
char **\fIretoidp\fB,
struct berval **\fIretdatap\fB );
.RE
.SH DESCRIPTION
The
.B ldap_extended_operation_s()
routine is used to synchronously perform an LDAP extended operation.
It takes \fIrequestoid\fP, which points to a dotted-decimal OID string
identifying the extended operation to perform. \fIrequestdata\fP is the
data required for the request, \fIsctrls\fP is an array of LDAPControl
structures to use with this extended operation, \fIcctrls\fP is an array
of LDAPControl structures that list the client controls to use with
this extended operation.
.LP
The output parameter \fIretoidp\fP points to a dotted-decimal OID
string returned by the LDAP server.  The memory used by the string
should be freed with the
.BR ldap_memfree (3)
function.
The output parameter \fIretdatap\fP points to a pointer to a berval
structure that contains the returned data.  If no data is returned
by the server, the pointer is set this to NULL.  The memory used by
this structure should be freed with the
.BR ber_bvfree (3)
function.
.LP
The
.B ldap_extended_operation()
works just like
.BR ldap_extended_operation_s() ,
but the operation is asynchronous.  It provides the message id of
the request it initiated in the integer pointed to be \fImsgidp\fP.
The result of this operation can be obtained by calling
.BR ldap_result(3).
.SH SEE ALSO
.BR ber_bvfree (3),
.BR ldap_memfree (3),
.BR ldap_parse_extended_result (3),
.BR ldap_result (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 76 stdin
PK�����kSi\�4���������man3/ldap_modify_ext_s.3nu��[�����������.lf 1 stdin
.TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modify_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.nf
.ft B
int ldap_modify_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.LP
.nf
.ft B
void ldap_mods_free(
.RS
.ft B
LDAPMod **\fImods\fB,
int \fIfreemods\fB );
.RE
.SH DESCRIPTION
The routine
.B ldap_modify_ext_s()
is used to perform an LDAP modify operation.
\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
null-terminated array of modifications to make to the entry.  Each element
of the \fImods\fP array is a pointer to an LDAPMod structure, which is
defined below.
.LP
.nf
	typedef struct ldapmod {
	    int mod_op;
	    char *mod_type;
	    union {
	        char **modv_strvals;
	        struct berval **modv_bvals;
	    } mod_vals;
	    struct ldapmod *mod_next;
	} LDAPMod;
	#define mod_values mod_vals.modv_strvals
	#define mod_bvalues mod_vals.modv_bvals
.ft
.fi
.LP
The \fImod_op\fP field is used to specify the type of modification to
perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
LDAP_MOD_REPLACE.  The \fImod_type\fP and \fImod_values\fP fields
specify the attribute type to modify and a null-terminated array of
values to add, delete, or replace respectively.  The \fImod_next\fP
field is used only by the LDAP server and may be ignored by the
client.
.LP
If you need to specify a non-string value (e.g., to add a
photo or audio attribute value), you should set \fImod_op\fP to the
logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
and the constant LDAP_MOD_BVALUES.  In this case, \fImod_bvalues\fP
should be used instead of \fImod_values\fP, and it should point to
a null-terminated array of struct bervals, as defined in <lber.h>.
.LP
For LDAP_MOD_ADD modifications, the given values are added to the
entry, creating the attribute if necessary.  For LDAP_MOD_DELETE
modifications, the given values are deleted from the entry, removing
the attribute if no values remain.  If the entire attribute is to be deleted,
the \fImod_values\fP field should be set to NULL.  For LDAP_MOD_REPLACE
modifications, the attribute will have the listed values after the
modification, having been created if necessary.  All modifications are
performed in the order in which they are listed.
.LP
.B ldap_mods_free()
can be used to free each element of a NULL-terminated
array of mod structures.  If \fIfreemods\fP is non-zero, the
\fImods\fP pointer itself is freed as well.
.LP
.B ldap_modify_ext_s()
returns a code indicating success or, in the case of failure,
indicating the nature of the failure.  See
.BR ldap_error (3)
for details
.LP
The
.B ldap_modify_ext()
operation works the same way as
.BR ldap_modify_ext_s() ,
except that it is asynchronous. The integer that \fImsgidp\fP points
to is set to the message id of the modify request.  The result of
the operation can be obtained by calling
.BR ldap_result (3).
.LP
Both
.B ldap_modify_ext() 
and
.B ldap_modify_ext_s() 
allows server and client controls to be passed in
via the sctrls and cctrls parameters, respectively.
.SH DEPRECATED INTERFACES
The
.B ldap_modify()
and
.B ldap_modify_s()
routines are deprecated in favor of the
.B ldap_modify_ext()
and
.B ldap_modify_ext_s()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 132 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin

PK�����kSi\��q��q����man3/ldap_dn2ad_canonical.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����kSi\g�d"#��"#����man3/ldap_scherr2str.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\�4���������man3/ldap_modify.3nu��[�����������.lf 1 stdin
.TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modify_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.nf
.ft B
int ldap_modify_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.LP
.nf
.ft B
void ldap_mods_free(
.RS
.ft B
LDAPMod **\fImods\fB,
int \fIfreemods\fB );
.RE
.SH DESCRIPTION
The routine
.B ldap_modify_ext_s()
is used to perform an LDAP modify operation.
\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
null-terminated array of modifications to make to the entry.  Each element
of the \fImods\fP array is a pointer to an LDAPMod structure, which is
defined below.
.LP
.nf
	typedef struct ldapmod {
	    int mod_op;
	    char *mod_type;
	    union {
	        char **modv_strvals;
	        struct berval **modv_bvals;
	    } mod_vals;
	    struct ldapmod *mod_next;
	} LDAPMod;
	#define mod_values mod_vals.modv_strvals
	#define mod_bvalues mod_vals.modv_bvals
.ft
.fi
.LP
The \fImod_op\fP field is used to specify the type of modification to
perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
LDAP_MOD_REPLACE.  The \fImod_type\fP and \fImod_values\fP fields
specify the attribute type to modify and a null-terminated array of
values to add, delete, or replace respectively.  The \fImod_next\fP
field is used only by the LDAP server and may be ignored by the
client.
.LP
If you need to specify a non-string value (e.g., to add a
photo or audio attribute value), you should set \fImod_op\fP to the
logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
and the constant LDAP_MOD_BVALUES.  In this case, \fImod_bvalues\fP
should be used instead of \fImod_values\fP, and it should point to
a null-terminated array of struct bervals, as defined in <lber.h>.
.LP
For LDAP_MOD_ADD modifications, the given values are added to the
entry, creating the attribute if necessary.  For LDAP_MOD_DELETE
modifications, the given values are deleted from the entry, removing
the attribute if no values remain.  If the entire attribute is to be deleted,
the \fImod_values\fP field should be set to NULL.  For LDAP_MOD_REPLACE
modifications, the attribute will have the listed values after the
modification, having been created if necessary.  All modifications are
performed in the order in which they are listed.
.LP
.B ldap_mods_free()
can be used to free each element of a NULL-terminated
array of mod structures.  If \fIfreemods\fP is non-zero, the
\fImods\fP pointer itself is freed as well.
.LP
.B ldap_modify_ext_s()
returns a code indicating success or, in the case of failure,
indicating the nature of the failure.  See
.BR ldap_error (3)
for details
.LP
The
.B ldap_modify_ext()
operation works the same way as
.BR ldap_modify_ext_s() ,
except that it is asynchronous. The integer that \fImsgidp\fP points
to is set to the message id of the modify request.  The result of
the operation can be obtained by calling
.BR ldap_result (3).
.LP
Both
.B ldap_modify_ext() 
and
.B ldap_modify_ext_s() 
allows server and client controls to be passed in
via the sctrls and cctrls parameters, respectively.
.SH DEPRECATED INTERFACES
The
.B ldap_modify()
and
.B ldap_modify_s()
routines are deprecated in favor of the
.B ldap_modify_ext()
and
.B ldap_modify_ext_s()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 132 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin

PK�����kSi\V�H-	��-	����man3/ldap_abandon.3nu��[�����������.lf 1 stdin
.TH LDAP_ABANDON 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_abandon_ext \- Abandon an LDAP operation in progress
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B
#include <ldap.h>
.LP
.ft B
int ldap_abandon_ext(
.RS
.ft B
LDAP *\fIld\fB,
Bint \fImsgid\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.fi
.SH DESCRIPTION
The
.B ldap_abandon_ext()
routine is used to send a LDAP Abandon request for an
operation in progress.  The \fImsgid\fP passed should be the
message id of an outstanding LDAP operation, such as returned by
.BR ldap_search_ext (3).
.LP
.BR ldap_abandon_ext ()
checks to see if the result of the operation has already come in.  If it
has, it deletes it from the queue of pending messages.  If not,
it sends an LDAP abandon request to the LDAP server.
.LP
The caller can expect that the result of an abandoned operation
will not be returned from a future call to
.BR ldap_result (3).
.LP
.B ldap_abandon_ext()
allows server and client controls to be passed in via the
.I sctrls
and
.I cctrls
parameters, respectively.
.LP
.B ldap_abandon_ext()
returns a code indicating success or, in the case of failure, the
nature of the failure.  See
.BR ldap_error (3)
for details.
.SH DEPRECATED INTERFACES
The
.B ldap_abandon()
routine is deprecated in favor of the
.B ldap_abandon_ext()
routine. 
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 61 stdin

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_result (3),
.BR ldap_search_ext (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 69 stdin

PK�����kSi\Y��X<L��<L����man3/ldap_set_option.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_OPTION 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_option, ldap_set_option \- LDAP option handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_get_option(LDAP *" ld ", int " option ", void *" outvalue ");"
.LP
.BI "int ldap_set_option(LDAP *" ld ", int " option ", const void *" invalue ");"
.SH DESCRIPTION
.LP
These routines provide access to options stored either in a LDAP handle
or as global options, where applicable.
They make use of a neutral interface, where the type of the value
either retrieved by 
.BR ldap_get_option (3)
or set by
.BR ldap_set_option (3)
is cast to 
.BR "void *" .
The actual type is determined based on the value of the
.B option
argument.
Global options are set/retrieved by passing a NULL LDAP handle. LDAP handles
inherit their default settings from the global options in effect at the time
the handle is created.
.TP
.B LDAP_OPT_API_FEATURE_INFO
Fills-in a 
.BR "LDAPAPIFeatureInfo" ;
.BR outvalue 
must be a 
.BR "LDAPAPIFeatureInfo *" ,
pointing to an already allocated struct.
The
.B ldapaif_info_version
field of the struct must be initialized to
.B LDAP_FEATURE_INFO_VERSION
before making the call. The
.B ldapaif_name
field must be set to the name of a feature to query.
This is a read-only option.
.TP
.B LDAP_OPT_API_INFO
Fills-in a 
.BR "LDAPAPIInfo" ;
.BR outvalue 
must be a 
.BR "LDAPAPIInfo *" ,
pointing to an already allocated struct. The
.B ldapai_info_version
field of the struct must be initialized to
.B LDAP_API_INFO_VERSION
before making the call.
If the version passed in does not match the current library
version, the expected version number will be stored in the
struct and the call will fail.
The caller is responsible for freeing the elements of the
.B ldapai_extensions
array and the array itself using
.BR ldap_memfree (3).
The caller must also free the
.BR ldapi_vendor_name .
This is a read-only option.
.TP
.B LDAP_OPT_CLIENT_CONTROLS
Sets/gets the client-side controls to be used for all operations.
This is now deprecated as modern LDAP C API provides replacements
for all main operations which accepts client-side controls as
explicit arguments; see for example
.BR ldap_search_ext (3),
.BR ldap_add_ext (3),
.BR ldap_modify_ext (3)
and so on.
.BR outvalue
must be 
.BR "LDAPControl ***" ,
and the caller is responsible of freeing the returned controls, if any,
by calling 
.BR ldap_controls_free (3),
while
.BR invalue
must be 
.BR "LDAPControl *const *" ;
the library duplicates the controls passed via
.BR invalue .
.TP
.B LDAP_OPT_CONNECT_ASYNC
Sets/gets the status of the asynchronous connect flag.
.BR invalue
should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON ;
.BR outvalue
must be
.BR "int *" .
When set, the library will call
.BR connect (2)
and return, without waiting for response.
This leaves the handle in a connecting state.
Subsequent calls to library routines will poll for completion
of the connect before performing further operations.
As a consequence, library calls that need to establish a connection
with a DSA do not block even for the network timeout
(option
.BR LDAP_OPT_NETWORK_TIMEOUT ).
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_CONNECT_CB
This option allows to set a connect callback.
.B invalue
must be a 
.BR "const struct ldap_conncb *" .
Callbacks are executed in last in-first served order.
Handle-specific callbacks are executed first, followed by global ones.
Right before freeing the callback structure, the
.B lc_del
callback handler is passed a 
.B NULL
.BR Sockbuf .
Calling
.BR ldap_get_option (3)
for this option removes the callback whose pointer matches
.BR outvalue .
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_DEBUG_LEVEL
Sets/gets the debug level of the client library.
.BR invalue
must be a 
.BR "const int *" ;
.BR outvalue
must be a
.BR "int *" .
Valid debug levels are 
.BR LDAP_DEBUG_ANY ,
.BR LDAP_DEBUG_ARGS ,
.BR LDAP_DEBUG_BER ,
.BR LDAP_DEBUG_CONNS ,
.BR LDAP_DEBUG_NONE ,
.BR LDAP_DEBUG_PACKETS ,
.BR LDAP_DEBUG_PARSE ,
and
.BR LDAP_DEBUG_TRACE .
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_DEFBASE
Sets/gets a string containing the DN to be used as default base
for search operations.
.BR outvalue
must be a
.BR "char **" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library duplicates the corresponding string.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_DEREF
Sets/gets the value that defines when alias dereferencing must occur.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue 
must be
.BR "int *" .
They cannot be NULL.
The value of 
.BR *invalue
should be one of
.BR LDAP_DEREF_NEVER
(the default),
.BR LDAP_DEREF_SEARCHING ,
.BR LDAP_DEREF_FINDING ,
or
.BR LDAP_DEREF_ALWAYS .
Note that this has ever been the only means to determine alias dereferencing
within search operations.
.TP
.B LDAP_OPT_DESC
Returns the file descriptor associated to the socket buffer
of the LDAP handle passed in as 
.BR ld ;
.BR outvalue
must be a 
.BR "int *" .
This is a read-only, handle-specific option.
.TP
.B LDAP_OPT_DIAGNOSTIC_MESSAGE
Sets/gets a string containing the error string associated to the LDAP handle.
This option was formerly known as 
.BR LDAP_OPT_ERROR_STRING .
.BR outvalue
must be a
.BR "char **" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "char *" ;
the library duplicates the corresponding string.
.TP
.B LDAP_OPT_HOST_NAME
Sets/gets a space-separated list of hosts to be contacted by the library 
when trying to establish a connection.
This is now deprecated in favor of
.BR LDAP_OPT_URI .
.BR outvalue
must be a 
.BR "char **" ,
and the caller is responsible of freeing the resulting string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library duplicates the corresponding string.
.TP
.B LDAP_OPT_MATCHED_DN
Sets/gets a string containing the matched DN associated to the LDAP handle.
.BR outvalue
must be a
.BR "char **" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library duplicates the corresponding string.
.TP
.B LDAP_OPT_NETWORK_TIMEOUT
Sets/gets the network timeout value after which
.BR poll (2)/ select (2) 
following a 
.BR connect (2) 
returns in case of no activity.
.B outvalue
must be a 
.BR "struct timeval **"
(the caller has to free
.BR *outvalue ) ,
and
.B invalue
must be a 
.BR "const struct timeval *" .
They cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_PROTOCOL_VERSION
Sets/gets the protocol version.
.BR outvalue
and
.BR invalue
must be 
.BR "int *" .
.TP
.B LDAP_OPT_REFERRAL_URLS
Sets/gets an array containing the referral URIs associated to the LDAP handle.
.BR outvalue
must be a
.BR "char ***" ,
and the caller is responsible of freeing the returned string by calling
.BR ldap_memvfree (3),
while
.BR invalue
must be a NULL-terminated
.BR "char *const *" ;
the library duplicates the corresponding string.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_REFERRALS
Determines whether the library should implicitly chase referrals or not.
.BR invalue
must be 
.BR "const int *" ;
its value should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON .
.BR outvalue
must be
.BR "int *" .
.\".TP
.\".B LDAP_OPT_REFHOPLIMIT
.\"This option is OpenLDAP specific.
.\"It is not currently implemented.
.TP
.B LDAP_OPT_RESTART
Determines whether the library should implicitly restart connections (FIXME).
.BR invalue
must be 
.BR "const int *" ;
its value should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON .
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_RESULT_CODE
Sets/gets the LDAP result code associated to the handle.
This option was formerly known as
.BR LDAP_OPT_ERROR_NUMBER .
.BR invalue
must be a 
.BR "const int *" .
.BR outvalue
must be a
.BR "int *" .
.TP
.B LDAP_OPT_SERVER_CONTROLS
Sets/gets the server-side controls to be used for all operations.
This is now deprecated as modern LDAP C API provides replacements
for all main operations which accepts server-side controls as
explicit arguments; see for example
.BR ldap_search_ext (3),
.BR ldap_add_ext (3),
.BR ldap_modify_ext (3)
and so on.
.BR outvalue
must be 
.BR "LDAPControl ***" ,
and the caller is responsible of freeing the returned controls, if any,
by calling 
.BR ldap_controls_free (3),
while
.BR invalue
must be 
.BR "LDAPControl *const *" ;
the library duplicates the controls passed via
.BR invalue .
.TP
.B LDAP_OPT_SESSION_REFCNT
Returns the reference count associated with the LDAP handle passed in as
.BR ld ;
.BR outvalue
must be a
.BR "int *" .
This is a read-only, handle-specific option.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_SIZELIMIT
Sets/gets the value that defines the maximum number of entries
to be returned by a search operation.
.BR invalue
must be
.BR "const int *" ,
while
.BR outvalue
must be
.BR "int *" ;
They cannot be NULL.
.TP
.B LDAP_OPT_SOCKBUF
Returns a pointer to the socket buffer of the LDAP handle passed in as
.BR ld ;
.BR outvalue
must be a 
.BR "Sockbuf **" .
This is a read-only, handle-specific option.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_TIMELIMIT
Sets/gets the value that defines the time limit after which
a search operation should be terminated by the server.
.BR invalue
must be
.BR "const int *" ,
while
.BR outvalue
must be
.BR "int *" ,
and they cannot be NULL.
.TP
.B LDAP_OPT_TIMEOUT
Sets/gets a timeout value for the synchronous API calls.
.B outvalue
must be a 
.BR "struct timeval **"
(the caller has to free
.BR *outvalue ) ,
and
.B invalue
must be a 
.BR "struct timeval *" ,
and they cannot be NULL. Using a struct with seconds set to \-1 results
in an infinite timeout, which is the default.
This option is OpenLDAP specific.
.TP
.B LDAP_OPT_URI
Sets/gets a comma- or space-separated list of URIs to be contacted by the library 
when trying to establish a connection.
.BR outvalue
must be a 
.BR "char **" ,
and the caller is responsible of freeing the resulting string by calling
.BR ldap_memfree (3),
while
.BR invalue
must be a 
.BR "const char *" ;
the library parses the string into a list of 
.BR LDAPURLDesc
structures, so the invocation of 
.BR ldap_set_option (3)
may fail if URL parsing fails.
URIs may only contain the
.BR schema ,
the
.BR host ,
and the
.BR port
fields.
This option is OpenLDAP specific.
.SH SASL OPTIONS
The SASL options are OpenLDAP specific.
.TP
.B LDAP_OPT_X_SASL_AUTHCID
Gets the SASL authentication identity;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_AUTHZID
Gets the SASL authorization identity;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_MAXBUFSIZE
Gets/sets SASL maximum buffer size;
.BR invalue
must be
.BR "const ber_len_t *" ,
while
.BR outvalue
must be
.BR "ber_len_t *" .
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_MECH
Gets the SASL mechanism;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_MECHLIST
Gets the list of the available mechanisms,
in form of a NULL-terminated array of strings;
.BR outvalue
must be
.BR "char ***" .
The caller must not free or otherwise muck with it.
.TP
.B LDAP_OPT_X_SASL_NOCANON
Sets/gets the NOCANON flag.
When unset, the hostname is canonicalized.
.BR invalue
must be
.BR "const int *" ;
its value should either be
.BR LDAP_OPT_OFF
or
.BR LDAP_OPT_ON .
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_SASL_REALM
Gets the SASL realm;
.BR outvalue
must be a
.BR "char **" ,
its content needs to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_SASL_SECPROPS
Sets the SASL secprops;
.BR invalue
must be a
.BR "char *" ,
containing a comma-separated list of properties.
Legal values are:
.BR none ,
.BR nodict ,
.BR noplain ,
.BR noactive ,
.BR passcred ,
.BR forwardsec ,
.BR noanonymous ,
.BR minssf=<minssf> ,
.BR maxssf=<maxssf> ,
.BR maxbufsize=<maxbufsize> .
.TP
.B LDAP_OPT_X_SASL_SSF
Gets the SASL SSF;
.BR outvalue
must be a
.BR "ber_len_t *" .
.TP
.B LDAP_OPT_X_SASL_SSF_EXTERNAL
Sets the SASL SSF value related to an authentication
performed using an EXTERNAL mechanism;
.BR invalue
must be a
.BR "const ber_len_t *" .
.TP
.B LDAP_OPT_X_SASL_SSF_MAX
Gets/sets SASL maximum SSF;
.BR invalue
must be
.BR "const ber_len_t *" ,
while
.BR outvalue
must be
.BR "ber_len_t *" .
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_SSF_MIN
Gets/sets SASL minimum SSF;
.BR invalue
must be
.BR "const ber_len_t *" ,
while
.BR outvalue
must be
.BR "ber_len_t *" .
See also
.BR LDAP_OPT_X_SASL_SECPROPS .
.TP
.B LDAP_OPT_X_SASL_USERNAME
Gets the SASL username;
.BR outvalue
must be a
.BR "char **" .
Its content needs to be freed by the caller using
.BR ldap_memfree (3).
.SH TCP OPTIONS
The TCP options are OpenLDAP specific.
Mainly intended for use with Linux, they may not be portable.
.TP
.B LDAP_OPT_X_KEEPALIVE_IDLE
Sets/gets the number of seconds a connection needs to remain idle
before TCP starts sending keepalive probes.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_KEEPALIVE_PROBES
Sets/gets the maximum number of keepalive probes TCP should send
before dropping the connection.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_KEEPALIVE_INTERVAL
Sets/gets the interval in seconds between individual keepalive probes.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.SH TLS OPTIONS
The TLS options are OpenLDAP specific.
.\".TP
.\".B LDAP_OPT_X_TLS
.\"Sets/gets the TLS mode.
.TP
.B LDAP_OPT_X_TLS_CACERTDIR
Sets/gets the path of the directory containing CA certificates.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CACERTFILE
Sets/gets the full-path of the CA certificate file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CERTFILE
Sets/gets the full-path of the certificate file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CIPHER_SUITE
Sets/gets the allowed cipher suite.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_CONNECT_ARG
Sets/gets the connection callback argument.
.BR invalue
must be
.BR "const void *" ;
.BR outvalue
must be
.BR "void **" .
.TP
.B LDAP_OPT_X_TLS_CONNECT_CB
Sets/gets the connection callback handle.
.BR invalue
must be
.BR "const LDAP_TLS_CONNECT_CB *" ;
.BR outvalue
must be
.BR "LDAP_TLS_CONNECT_CB **" .
.TP
.B LDAP_OPT_X_TLS_CRLCHECK
Sets/gets the CRL evaluation strategy, one of
.BR LDAP_OPT_X_TLS_CRL_NONE ,
.BR LDAP_OPT_X_TLS_CRL_PEER ,
or
.BR LDAP_OPT_X_TLS_CRL_ALL .
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
Requires OpenSSL.
.TP
.B LDAP_OPT_X_TLS_CRLFILE
Sets/gets the full-path of the CRL file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
This option is only valid for GnuTLS.
.TP
.B LDAP_OPT_X_TLS_CTX
Sets/gets the TLS library context. New TLS sessions will inherit their
default settings from this library context.
.BR invalue
must be
.BR "const void *" ;
.BR outvalue
must be
.BR "void **" .
When using the OpenSSL library this is an SSL_CTX*. When using other
crypto libraries this is a pointer to an OpenLDAP private structure.
Applications generally should not use this option or attempt to
manipulate this structure.
.TP
.B LDAP_OPT_X_TLS_DHFILE
Gets/sets the full-path of the file containing the parameters
for Diffie-Hellman ephemeral key exchange.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
Ignored by GnuTLS and Mozilla NSS.
.TP
.B LDAP_OPT_X_TLS_KEYFILE
Sets/gets the full-path of the certificate key file.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
.TP
.B LDAP_OPT_X_TLS_NEWCTX
Instructs the library to create a new TLS library context.
.BR invalue
must be
.BR "const int *" .
A non-zero value pointed to by
.BR invalue
tells the library to create a context for a server.
.TP
.B LDAP_OPT_X_TLS_PROTOCOL_MIN
Sets/gets the minimum protocol version.
.BR invalue
must be
.BR "const int *" ;
.BR outvalue
must be
.BR "int *" .
.TP
.B LDAP_OPT_X_TLS_RANDOM_FILE
Sets/gets the random file when
.B /dev/random
and
.B /dev/urandom
are not available.
.BR invalue
must be
.BR "const char *" ;
.BR outvalue
must be
.BR "char **" ,
and its contents need to be freed by the caller using
.BR ldap_memfree (3).
Ignored by GnuTLS older than version 2.2.  Ignored by Mozilla NSS.
.TP
.B LDAP_OPT_X_TLS_REQUIRE_CERT
Sets/gets the peer certificate checking strategy,
one of
.BR LDAP_OPT_X_TLS_NEVER ,
.BR LDAP_OPT_X_TLS_HARD ,
.BR LDAP_OPT_X_TLS_DEMAND ,
.BR LDAP_OPT_X_TLS_ALLOW ,
.BR LDAP_OPT_X_TLS_TRY .
.TP
.B LDAP_OPT_X_TLS_SSL_CTX
Gets the TLS session context associated with this handle.
.BR outvalue
must be
.BR "void **" .
When using the OpenSSL library this is an SSL*. When using other
crypto libraries this is a pointer to an OpenLDAP private structure.
Applications generally should not use this option.
.SH ERRORS
On success, the functions return
.BR LDAP_OPT_SUCCESS ,
while they may return
.B LDAP_OPT_ERROR
to indicate a generic option handling error.
Occasionally, more specific errors can be returned, like
.B LDAP_NO_MEMORY
to indicate a failure in memory allocation.
.SH NOTES
The LDAP libraries with the
.B LDAP_OPT_REFERRALS 
option set to
.B LDAP_OPT_ON
(default value) automatically follow referrals using an anonymous bind.
Application developers are encouraged to either implement consistent
referral chasing features, or explicitly disable referral chasing
by setting that option to
.BR LDAP_OPT_OFF .
.P
The protocol version used by the library defaults to LDAPv2 (now historic),
which corresponds to the
.B LDAP_VERSION2
macro.
Application developers are encouraged to explicitly set
.B LDAP_OPT_PROTOCOL_VERSION
to LDAPv3, using the 
.B LDAP_VERSION3
macro, or to allow users to select the protocol version.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.B RFC 4422
(http://www.rfc-editor.org),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 811 stdin
PK�����kSi\	ȵ���������man3/ldap_sort_strcasecmp.3nu��[�����������.lf 1 stdin
.TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
.BR ldap_sort_values (),
and
.BR ldap_sort_strcasecmp ()
are deprecated.  
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 18 stdin
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 22 stdin
PK�����kSi\�5^#v1��v1����man3/ber_get_null.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����kSi\]�Ib�	���	����man3/ldap_delete_s.3nu��[�����������.lf 1 stdin
.TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_delete_s(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
int *msgidp;
.LP
.ft B
int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
asynchronously. It takes the same parameters as
.BR ldap_delete_s(),
but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
The
.B ldap_delete_ext()
routine  allows  server  and client controls to be 
specified to extend the delete request. This routine is asynchronous like 
ldap_delete(), but its return value is an LDAP error code. It stores the 
message id of the request in the integer pointed to by msgidp.
.LP
The
.B ldap_delete_ext_s()
routine is the synchronous version of
.BR ldap_delete_ext().
It also returns an LDAP error code indicating success 
or failure of the operation.
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
and
.B ldap_delete_ext_s()
return some Non-zero value if
something  went wrong initiating the request, else return 0.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 90 stdin
PK�����kSi\��MK$��K$����man3/ber_put_seq.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\t5d���������man3/lber-sockbuf.3nu��[�����������.lf 1 stdin
.TH LBER_SOCKBUF 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io, ber_sockbuf_remove_io, Sockbuf_IO \- OpenLDAP LBER I/O infrastructure
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.B Sockbuf *ber_sockbuf_alloc( void );
.LP
.BI "void ber_sockbuf_free(Sockbuf *" sb ");"
.LP
.BI "int ber_sockbuf_ctrl(Sockbuf *" sb ", int " opt ", void *" arg ");"
.LP
.BI "int ber_sockbuf_add_io(Sockbuf *" sb ", Sockbuf_IO *" sbio ", int " layer ", void *" arg ");"
.LP
.BI "int ber_sockbuf_remove_io(Sockbuf *" sb ", Sockbuf_IO *" sbio ", int " layer ");"
.LP
.nf
.B typedef struct sockbuf_io_desc {
.BI "int " sbiod_level ";"
.BI "Sockbuf *" sbiod_sb ";"
.BI "Sockbuf_IO *" sbiod_io ";"
.BI "void *" sbiod_pvt ";"
.BI "struct sockbuf_io_desc *" sbiod_next ";"
.B } Sockbuf_IO_Desc;
.LP
.B typedef struct sockbuf_io {
.BI "int (*" sbi_setup ")(Sockbuf_IO_Desc *" sbiod ", void *" arg ");"
.BI "int (*" sbi_remove ")(Sockbuf_IO_Desc *" sbiod ");"
.BI "int (*" sbi_ctrl ")(Sockbuf_IO_Desc *" sbiod ", int " opt ", void *" arg ");"
.BI "ber_slen_t (*" sbi_read ")(Sockbuf_IO_Desc *" sbiod ", void *" buf ", ber_len_t " len ");"
.BI "ber_slen_t (*" sbi_write ")(Sockbuf_IO_Desc *" sbiod ", void *" buf ", ber_len_t " len ");"
.BI "int (*" sbi_close ")(Sockbuf_IO_Desc *" sbiod ");"
.B } Sockbuf_IO;

.SH DESCRIPTION
.LP
These routines are used to manage the low level I/O operations performed
by the Lightweight BER library. They are called implicitly by the other
libraries and usually do not need to be called directly from applications.
The I/O framework is modularized and new transport layers can be supported
by appropriately defining a
.B Sockbuf_IO
structure and installing it onto an existing
.BR Sockbuf .
.B Sockbuf
structures are allocated and freed by
.BR ber_sockbuf_alloc ()
and
.BR ber_sockbuf_free (),
respectively. The
.BR ber_sockbuf_ctrl ()
function is used to get and set options related to a
.B Sockbuf
or to a specific I/O layer of the
.BR Sockbuf .
The
.BR ber_sockbuf_add_io ()
and
.BR ber_sockbuf_remove_io ()
functions are used to add and remove specific I/O layers on a
.BR Sockbuf .

Options for
.BR ber_sockbuf_ctrl ()
include:
.TP
.B LBER_SB_OPT_HAS_IO
Takes a
.B Sockbuf_IO *
argument and returns 1 if the given handler is installed
on the
.BR Sockbuf ,
otherwise returns 0.
.TP
.B LBER_SB_OPT_GET_FD
Retrieves the file descriptor associated to the
.BR Sockbuf ;
.B arg
must be a
.BR "ber_socket_t *" .
The return value will be 1 if a valid descriptor was present, \-1 otherwise.
.TP
.B LBER_SB_OPT_SET_FD
Sets the file descriptor of the
.B Sockbuf
to the descriptor pointed to by
.BR arg ;
.B arg
must be a
.BR "ber_socket_t *" .
The return value will always be 1.
.TP
.B LBER_SB_OPT_SET_NONBLOCK
Toggles the non-blocking state of the file descriptor associated to
the
.BR Sockbuf .
.B arg
should be NULL to disable and non-NULL to enable the non-blocking state.
The return value will be 1 for success, \-1 otherwise.
.TP
.B LBER_SB_OPT_DRAIN
Flush (read and discard) all available input on the
.BR Sockbuf .
The return value will be 1.
.TP
.B LBER_SB_OPT_NEEDS_READ
Returns non-zero if input is waiting to be read.
.TP
.B LBER_SB_OPT_NEEDS_WRITE
Returns non-zero if the
.B Sockbuf
is ready to be written.
.TP
.B LBER_SB_OPT_GET_MAX_INCOMING
Returns the maximum allowed size of an incoming message;
.B arg
must be a
.BR "ber_len_t *" .
The return value will be 1.
.TP
.B LBER_SB_OPT_SET_MAX_INCOMING
Sets the maximum allowed size of an incoming message;
.B arg
must be a
.BR "ber_len_t *" .
The return value will be 1.

.LP
Options not in this list will be passed down to each
.B Sockbuf_IO
handler in turn until one of them processes it. If the option is not handled
.BR ber_sockbuf_ctrl ()
will return 0.

.LP
Multiple
.B Sockbuf_IO
handlers can be stacked in multiple layers to provide various functionality.
Currently defined layers include
.TP
.B LBER_SBIOD_LEVEL_PROVIDER
the lowest layer, talking directly to a network 
.TP
.B LBER_SBIOD_LEVEL_TRANSPORT
an intermediate layer
.TP
.B LBER_SBIOD_LEVEL_APPLICATION
a higher layer
.LP
Currently defined
.B Sockbuf_IO
handlers in liblber include
.TP
.B ber_sockbuf_io_tcp
The default stream-oriented provider
.TP
.B ber_sockbuf_io_fd
A stream-oriented provider for local IPC sockets
.TP
.B ber_sockbuf_io_dgram
A datagram-oriented provider. This handler is only present if the liblber
library was built with LDAP_CONNECTIONLESS defined.
.TP
.B ber_sockbuf_io_readahead
A buffering layer, usually used with a datagram provider to hide the
datagram semantics from upper layers.
.TP
.B ber_sockbuf_io_debug
A generic handler that outputs hex dumps of all traffic. This handler
may be inserted multiple times at arbitrary layers to show the flow
of data between other handlers.
.LP
Additional handlers may be present in libldap if support for them was
enabled:
.TP
.B ldap_pvt_sockbuf_io_sasl
An application layer handler for SASL encoding/decoding.
.TP
.B sb_tls_sbio
A transport layer handler for SSL/TLS encoding/decoding. Note that this
handler is private to the library and is not exposed in the API.
.LP
The provided handlers are all instantiated implicitly by libldap, and
applications generally will not need to directly manipulate them.

.SH SEE ALSO
.BR lber-decode (3),
.BR lber-encode (3),
.BR lber-types (3),
.BR ldap_get_option (3)

.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 200 stdin
PK�����kSi\�E͡�������man3/ldap_result.3nu��[�����������.lf 1 stdin
.TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_result( LDAP *ld, int msgid, int all,
	struct timeval *timeout, LDAPMessage **result );

int ldap_msgfree( LDAPMessage *msg );

int ldap_msgtype( LDAPMessage *msg );

int ldap_msgid( LDAPMessage *msg );
.ft
.SH DESCRIPTION
The
.B ldap_result()
routine is used to wait for and return the result of
an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
etc.).  Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session.  It can be used to request the result
of a specific operation from
.B ldap_result()
through the \fImsgid\fP parameter.
.LP
The
.B ldap_result()
routine will block or not, depending upon the setting
of the \fItimeout\fP parameter.
If timeout is not a NULL pointer,  it  specifies  a  maximum
interval  to wait for the selection to complete.  If timeout
is a NULL  pointer, the LDAP_OPT_TIMEOUT value set by
.BR ldap_set_option (3)
is used. With the default setting,
the  select  blocks  indefinitely.   To
effect  a  poll,  the  timeout argument should be a non-NULL
pointer, pointing to a zero-valued timeval structure.
To obtain the behavior of the default setting, bypassing any value set by 
.BR ldap_set_option (3),
set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter.
See
.BR select (2)
for further details.
.LP
If the result of a specific operation is required, \fImsgid\fP should
be set to the invocation identifier returned when the operation was
initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be
supplied to wait for any or unsolicited response.
.LP
The \fIall\fP parameter, if non-zero, causes
.B ldap_result()
to return all responses with msgid, otherwise only the
next response is returned.  This is commonly used to obtain all
the responses of a search operation.
.LP
A search response is made up of zero or
more search entries, zero or more search references, and zero or
more extended partial responses followed by a search result.  If
\fIall\fP is set to 0, search entries will be returned one at a
time as they come in, via separate calls to
.BR ldap_result() .
If it's set to 1, the search
response will only be returned in its entirety, i.e., after all entries,
all references, all extended partial responses, and the final search
result have been received.
.SH RETURN VALUE
Upon success, the type of the result received is returned and the
\fIresult\fP parameter will contain the result of the operation;
otherwise, the \fIresult\fP parameter is undefined.  This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
.LP
The possible result types returned are:
.LP
.nf
	LDAP_RES_BIND (0x61)
	LDAP_RES_SEARCH_ENTRY (0x64)
	LDAP_RES_SEARCH_REFERENCE (0x73)
	LDAP_RES_SEARCH_RESULT (0x65)
	LDAP_RES_MODIFY (0x67)
	LDAP_RES_ADD (0x69)
	LDAP_RES_DELETE (0x6b)
	LDAP_RES_MODDN (0x6d)
	LDAP_RES_COMPARE (0x6f)
	LDAP_RES_EXTENDED (0x78)
	LDAP_RES_INTERMEDIATE (0x79)
.fi
.LP
The
.B ldap_msgfree()
routine is used to free the memory allocated for
result(s) by
.B ldap_result()
or
.BR ldap_search_ext_s (3)
and friends.
It takes a pointer to the result or result chain to be freed and returns
the type of the last message in the chain.
If the parameter is NULL, the function does nothing and returns zero.
.LP
The
.B ldap_msgtype()
routine returns the type of a message.
.LP
The
.B ldap_msgid()
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
.BR select (2)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin
PK�����kSi\NO
��O
����man3/ldap_first_message.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_MESSAGE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_messages( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message )
.SH DESCRIPTION
.LP
These routines are used to step through the messages in a result chain
received from
.BR ldap_result (3) .
For search operations, the result chain can contain referral, entry
and result messages. The
.BR ldap_msgtype (3)
function can be used to distinguish between the different message types.
.LP
The
.B ldap_first_message()
routine is used to retrieve the first message in a result chain.
It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first message in the result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_message()
to get the next message, the result of which should be
supplied to the next call to
.BR ldap_next_message() ,
etc.
.B ldap_next_message()
will return NULL when there are no more messages.
.LP
These functions are useful when using routines like
.BR ldap_parse_result (3)
that only operate on the first result in the chain.
.LP
A count of the number of messages in the result chain can be obtained
by calling
.BR ldap_count_messages() .
It can also be used to count the number of remaining messages in a chain
if called with a message, entry or reference returned by
.B ldap_first_message() ,
.B ldap_next_message() ,
.BR ldap_first_entry (3) ,
.BR ldap_next_entry (3) ,
.BR ldap_first_reference (3) ,
.BR ldap_next_reference (3) .
.SH ERRORS
If an error occurs in
.B ldap_first_message()
or
.BR ldap_next_message() ,
NULL is returned.  If an error occurs in
.BR ldap_count_messages() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search (3),
.BR ldap_result (3),
.BR ldap_parse_result (3),
.BR ldap_first_entry (3),
.BR ldap_first_reference (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 83 stdin
PK�����kSi\���0��0����man3/ldap_memalloc.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����kSi\���.���.����man3/ldap_simple_bind.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����kSi\��A
	��	����man3/ldap_modrdn_s.3nu��[�����������.lf 1 stdin
.TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modrdn(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
.LP
.ft B
int ldap_modrdn_s(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.LP
.ft B
int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.SH DESCRIPTION
The
.B ldap_modrdn()
and
.B ldap_modrdn_s()
routines perform an LDAP modify
RDN operation.  They both take \fIdn\fP, the DN of the entry whose
RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry.
The old RDN of the entry is never kept as an attribute of the entry.
.B ldap_modrdn()
is asynchronous, returning the message id of the operation
it initiates.
.B ldap_modrdn_s()
is synchronous, returning the LDAP error
code indicating the success or failure of the operation.  Use of
these routines is deprecated.  Use the versions described below
instead.
.LP
The
.B ldap_modrdn2()
and
.B ldap_modrdn2_s()
routines also perform an LDAP
modify RDN operation, taking the same parameters as above.  In addition,
they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean
value to indicate whether the old RDN values should be deleted from
the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP.  See
.BR ldap_error (3)
for more details.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����kSi\�շY��������man3/ber_free.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����kSi\�w;+-	��-	����man3/ldap_next_reference.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_references( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference )
.SH DESCRIPTION
.LP
These routines are used to step through the continuation references in a
result chain received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines.
.LP
The
.B ldap_first_reference()
routine is used to retrieve the first reference message in a
result chain.  It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first reference message in the
result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_reference()
to get the next reference message, the result of which should be
supplied to the next call to
.BR ldap_next_reference() ,
etc.
.B ldap_next_reference()
will return NULL when there are no more reference messages.
The reference messages returned from these calls are used by
.BR ldap_parse_reference (3)
to extract referrals and controls.
.LP
A count of the number of reference messages in the search result can be
obtained by calling
.BR ldap_count_references() .
It can also be used to count the number of reference messages remaining
in a result chain.
.SH ERRORS
If an error occurs in
.B ldap_first_reference()
or
.BR ldap_next_reference() ,
NULL is returned.  If an error occurs in
.BR ldap_count_references() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_parse_reference (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 72 stdin
PK�����kSi\�c%u��u����man3/ldap_search_s.3nu��[�����������.lf 1 stdin
.TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <sys/types.h>
#include <ldap.h>
.LP
.ft B
int ldap_search_ext(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_search_ext_s(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
LDAPMessage **\fIres\fB );
.RE
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
The
.B ldap_search_ext_s()
routine
does the search synchronously (i.e., not
returning until the operation completes), providing a pointer
to the resulting LDAP messages at the location pointed to by
the \fIres\fP parameter.
.LP
The
.B ldap_search_ext()
routine is the asynchronous version, initiating the search and returning
the message id of the operation it initiated in the integer
pointed to by the \fImsgidp\fP parameter.
.LP
The \fIbase\fP parameter is the DN of the entry at which to start the search.
.LP
The \fIscope\fP parameter is the scope of the search and should be one
of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL,
to search the object's immediate children, LDAP_SCOPE_SUBTREE, to
search the object and all its descendants, or LDAP_SCOPE_CHILDREN,
to search all of the descendants.   Note that the latter requires
the server support the LDAP Subordinates Search Scope extension.
.LP
The \fIfilter\fP is a string representation of the filter to
apply in the search.  The string should conform to the format
specified in RFC 4515 as extended by RFC 4526.  For instance,
"(cn=Jane Doe)".  Note that use of the extension requires the
server to support the LDAP Absolute True/False Filter extension.
NULL may be specified to indicate the library should send the
filter (objectClass=*).
.LP
The \fIattrs\fP parameter is a null-terminated array of attribute
descriptions to return from matching entries.
If NULL is specified, the return of all user attributes is requested.
The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
all user attributes to be returned.
The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to
request all operational attributes to be returned.  Note that this
requires the server to support the LDAP All Operational Attribute
extension.
To request no attributes, the description "1.1" (LDAP_NO_ATTRS)
should be listed by itself.
.LP
The \fIattrsonly\fP parameter should be set to a non-zero value
if only attribute descriptions are wanted.  It should be set to zero (0)
if both attributes descriptions and attribute values are wanted.
.LP
The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used
to specify server and client controls, respectively.
.LP
The
.B ldap_search_ext_s()
routine is the synchronous version of
.BR ldap_search_ext().
.LP
It also returns a code indicating success or, in the
case of failure, indicating the nature of the failure
of the operation.  See
.BR ldap_error (3)
for details.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
routines. Return values are contained in <ldap.h>.
.LP
Note that \fIres\fR parameter of
.B ldap_search_ext_s()
and
.B ldap_search_s()
should be freed with
.B ldap_msgfree()
regardless of return value of these functions.
.SH DEPRECATED INTERFACES
The 
.B ldap_search()
routine is deprecated in favor of the
.B ldap_search_ext()
routine.  The 
.B ldap_search_s()
and
.B ldap_search_st()
routines are deprecated in favor of the
.B ldap_search_ext_s()
routine.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 139 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 145 stdin
PK�����kSi\�c%u��u����man3/ldap_search_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <sys/types.h>
#include <ldap.h>
.LP
.ft B
int ldap_search_ext(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_search_ext_s(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
LDAPMessage **\fIres\fB );
.RE
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
The
.B ldap_search_ext_s()
routine
does the search synchronously (i.e., not
returning until the operation completes), providing a pointer
to the resulting LDAP messages at the location pointed to by
the \fIres\fP parameter.
.LP
The
.B ldap_search_ext()
routine is the asynchronous version, initiating the search and returning
the message id of the operation it initiated in the integer
pointed to by the \fImsgidp\fP parameter.
.LP
The \fIbase\fP parameter is the DN of the entry at which to start the search.
.LP
The \fIscope\fP parameter is the scope of the search and should be one
of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL,
to search the object's immediate children, LDAP_SCOPE_SUBTREE, to
search the object and all its descendants, or LDAP_SCOPE_CHILDREN,
to search all of the descendants.   Note that the latter requires
the server support the LDAP Subordinates Search Scope extension.
.LP
The \fIfilter\fP is a string representation of the filter to
apply in the search.  The string should conform to the format
specified in RFC 4515 as extended by RFC 4526.  For instance,
"(cn=Jane Doe)".  Note that use of the extension requires the
server to support the LDAP Absolute True/False Filter extension.
NULL may be specified to indicate the library should send the
filter (objectClass=*).
.LP
The \fIattrs\fP parameter is a null-terminated array of attribute
descriptions to return from matching entries.
If NULL is specified, the return of all user attributes is requested.
The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
all user attributes to be returned.
The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to
request all operational attributes to be returned.  Note that this
requires the server to support the LDAP All Operational Attribute
extension.
To request no attributes, the description "1.1" (LDAP_NO_ATTRS)
should be listed by itself.
.LP
The \fIattrsonly\fP parameter should be set to a non-zero value
if only attribute descriptions are wanted.  It should be set to zero (0)
if both attributes descriptions and attribute values are wanted.
.LP
The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used
to specify server and client controls, respectively.
.LP
The
.B ldap_search_ext_s()
routine is the synchronous version of
.BR ldap_search_ext().
.LP
It also returns a code indicating success or, in the
case of failure, indicating the nature of the failure
of the operation.  See
.BR ldap_error (3)
for details.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
routines. Return values are contained in <ldap.h>.
.LP
Note that \fIres\fR parameter of
.B ldap_search_ext_s()
and
.B ldap_search_s()
should be freed with
.B ldap_msgfree()
regardless of return value of these functions.
.SH DEPRECATED INTERFACES
The 
.B ldap_search()
routine is deprecated in favor of the
.B ldap_search_ext()
routine.  The 
.B ldap_search_s()
and
.B ldap_search_st()
routines are deprecated in favor of the
.B ldap_search_ext_s()
routine.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 139 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 145 stdin
PK�����kSi\�C�B�
���
����man3/ldap_compare.3nu��[�����������.lf 1 stdin
.TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_compare_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_compare_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB );
.RE
.SH DESCRIPTION
The
.B ldap_compare_ext_s()
routine is used to perform an LDAP compare operation synchronously.
It takes \fIdn\fP, the DN of the entry upon which to perform the
compare, and \fIattr\fP and \fIvalue\fP, the attribute description and
value to compare to those found in the entry.  It returns a code, which
will be LDAP_COMPARE_TRUE if the entry contains the attribute value and
LDAP_COMPARE_FALSE if it does not.  Otherwise, an error code is
returned that indicates the nature of the problem.  See
.BR ldap (3)
for details.
.LP
The
.B ldap_compare_ext()
routine is used to perform an LDAP compare operation
asynchronously.  It takes the same parameters as
.BR ldap_compare_ext_s() ,
but provides the message id of the request it initiated in the
integer pointed to \fImsgidp\fP.  The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
Both routines allow server and client controls to be specified to
extend the compare request.
.SH DEPRECATED INTERFACES
The routines
.BR ldap_compare ()
and
.BR ldap_compare_s ()
are deprecated in favor of
.BR ldap_compare_ext ()
and
.BR ldap_compare_ext_s (),
respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 75 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 80 stdin
PK�����kSi\�շY��������man3/ber_bvarray_free.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����kSi\g�d"#��"#����man3/ldap_objectclass2name.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\�շY��������man3/ber_str2bv.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����kSi\	ȵ���������man3/ldap_sort.3nu��[�����������.lf 1 stdin
.TH LDAP_SORT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH DESCRIPTION
The
.BR ldap_sort_entries (),
.BR ldap_sort_values (),
and
.BR ldap_sort_strcasecmp ()
are deprecated.  
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 18 stdin
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 22 stdin
PK�����kSi\�4���������man3/ldap_modify_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modify_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.nf
.ft B
int ldap_modify_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.LP
.nf
.ft B
void ldap_mods_free(
.RS
.ft B
LDAPMod **\fImods\fB,
int \fIfreemods\fB );
.RE
.SH DESCRIPTION
The routine
.B ldap_modify_ext_s()
is used to perform an LDAP modify operation.
\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
null-terminated array of modifications to make to the entry.  Each element
of the \fImods\fP array is a pointer to an LDAPMod structure, which is
defined below.
.LP
.nf
	typedef struct ldapmod {
	    int mod_op;
	    char *mod_type;
	    union {
	        char **modv_strvals;
	        struct berval **modv_bvals;
	    } mod_vals;
	    struct ldapmod *mod_next;
	} LDAPMod;
	#define mod_values mod_vals.modv_strvals
	#define mod_bvalues mod_vals.modv_bvals
.ft
.fi
.LP
The \fImod_op\fP field is used to specify the type of modification to
perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
LDAP_MOD_REPLACE.  The \fImod_type\fP and \fImod_values\fP fields
specify the attribute type to modify and a null-terminated array of
values to add, delete, or replace respectively.  The \fImod_next\fP
field is used only by the LDAP server and may be ignored by the
client.
.LP
If you need to specify a non-string value (e.g., to add a
photo or audio attribute value), you should set \fImod_op\fP to the
logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
and the constant LDAP_MOD_BVALUES.  In this case, \fImod_bvalues\fP
should be used instead of \fImod_values\fP, and it should point to
a null-terminated array of struct bervals, as defined in <lber.h>.
.LP
For LDAP_MOD_ADD modifications, the given values are added to the
entry, creating the attribute if necessary.  For LDAP_MOD_DELETE
modifications, the given values are deleted from the entry, removing
the attribute if no values remain.  If the entire attribute is to be deleted,
the \fImod_values\fP field should be set to NULL.  For LDAP_MOD_REPLACE
modifications, the attribute will have the listed values after the
modification, having been created if necessary.  All modifications are
performed in the order in which they are listed.
.LP
.B ldap_mods_free()
can be used to free each element of a NULL-terminated
array of mod structures.  If \fIfreemods\fP is non-zero, the
\fImods\fP pointer itself is freed as well.
.LP
.B ldap_modify_ext_s()
returns a code indicating success or, in the case of failure,
indicating the nature of the failure.  See
.BR ldap_error (3)
for details
.LP
The
.B ldap_modify_ext()
operation works the same way as
.BR ldap_modify_ext_s() ,
except that it is asynchronous. The integer that \fImsgidp\fP points
to is set to the message id of the modify request.  The result of
the operation can be obtained by calling
.BR ldap_result (3).
.LP
Both
.B ldap_modify_ext() 
and
.B ldap_modify_ext_s() 
allows server and client controls to be passed in
via the sctrls and cctrls parameters, respectively.
.SH DEPRECATED INTERFACES
The
.B ldap_modify()
and
.B ldap_modify_s()
routines are deprecated in favor of the
.B ldap_modify_ext()
and
.B ldap_modify_ext_s()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 132 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin

PK�����kSi\�����
���
����man3/ldap_get_values_len.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>

.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
int ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
int ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
void ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
void ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values.  \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead.  It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 103 stdin
PK�����kSi\�E͡�������man3/ldap_msgfree.3nu��[�����������.lf 1 stdin
.TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_result( LDAP *ld, int msgid, int all,
	struct timeval *timeout, LDAPMessage **result );

int ldap_msgfree( LDAPMessage *msg );

int ldap_msgtype( LDAPMessage *msg );

int ldap_msgid( LDAPMessage *msg );
.ft
.SH DESCRIPTION
The
.B ldap_result()
routine is used to wait for and return the result of
an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
etc.).  Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session.  It can be used to request the result
of a specific operation from
.B ldap_result()
through the \fImsgid\fP parameter.
.LP
The
.B ldap_result()
routine will block or not, depending upon the setting
of the \fItimeout\fP parameter.
If timeout is not a NULL pointer,  it  specifies  a  maximum
interval  to wait for the selection to complete.  If timeout
is a NULL  pointer, the LDAP_OPT_TIMEOUT value set by
.BR ldap_set_option (3)
is used. With the default setting,
the  select  blocks  indefinitely.   To
effect  a  poll,  the  timeout argument should be a non-NULL
pointer, pointing to a zero-valued timeval structure.
To obtain the behavior of the default setting, bypassing any value set by 
.BR ldap_set_option (3),
set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter.
See
.BR select (2)
for further details.
.LP
If the result of a specific operation is required, \fImsgid\fP should
be set to the invocation identifier returned when the operation was
initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be
supplied to wait for any or unsolicited response.
.LP
The \fIall\fP parameter, if non-zero, causes
.B ldap_result()
to return all responses with msgid, otherwise only the
next response is returned.  This is commonly used to obtain all
the responses of a search operation.
.LP
A search response is made up of zero or
more search entries, zero or more search references, and zero or
more extended partial responses followed by a search result.  If
\fIall\fP is set to 0, search entries will be returned one at a
time as they come in, via separate calls to
.BR ldap_result() .
If it's set to 1, the search
response will only be returned in its entirety, i.e., after all entries,
all references, all extended partial responses, and the final search
result have been received.
.SH RETURN VALUE
Upon success, the type of the result received is returned and the
\fIresult\fP parameter will contain the result of the operation;
otherwise, the \fIresult\fP parameter is undefined.  This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
.LP
The possible result types returned are:
.LP
.nf
	LDAP_RES_BIND (0x61)
	LDAP_RES_SEARCH_ENTRY (0x64)
	LDAP_RES_SEARCH_REFERENCE (0x73)
	LDAP_RES_SEARCH_RESULT (0x65)
	LDAP_RES_MODIFY (0x67)
	LDAP_RES_ADD (0x69)
	LDAP_RES_DELETE (0x6b)
	LDAP_RES_MODDN (0x6d)
	LDAP_RES_COMPARE (0x6f)
	LDAP_RES_EXTENDED (0x78)
	LDAP_RES_INTERMEDIATE (0x79)
.fi
.LP
The
.B ldap_msgfree()
routine is used to free the memory allocated for
result(s) by
.B ldap_result()
or
.BR ldap_search_ext_s (3)
and friends.
It takes a pointer to the result or result chain to be freed and returns
the type of the last message in the chain.
If the parameter is NULL, the function does nothing and returns zero.
.LP
The
.B ldap_msgtype()
routine returns the type of a message.
.LP
The
.B ldap_msgid()
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
.BR select (2)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin
PK�����kSi\g�d"#��"#����man3/ldap_str2attributetype.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\NO
��O
����man3/ldap_count_messages.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_MESSAGE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_messages( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message )
.SH DESCRIPTION
.LP
These routines are used to step through the messages in a result chain
received from
.BR ldap_result (3) .
For search operations, the result chain can contain referral, entry
and result messages. The
.BR ldap_msgtype (3)
function can be used to distinguish between the different message types.
.LP
The
.B ldap_first_message()
routine is used to retrieve the first message in a result chain.
It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first message in the result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_message()
to get the next message, the result of which should be
supplied to the next call to
.BR ldap_next_message() ,
etc.
.B ldap_next_message()
will return NULL when there are no more messages.
.LP
These functions are useful when using routines like
.BR ldap_parse_result (3)
that only operate on the first result in the chain.
.LP
A count of the number of messages in the result chain can be obtained
by calling
.BR ldap_count_messages() .
It can also be used to count the number of remaining messages in a chain
if called with a message, entry or reference returned by
.B ldap_first_message() ,
.B ldap_next_message() ,
.BR ldap_first_entry (3) ,
.BR ldap_next_entry (3) ,
.BR ldap_first_reference (3) ,
.BR ldap_next_reference (3) .
.SH ERRORS
If an error occurs in
.B ldap_first_message()
or
.BR ldap_next_message() ,
NULL is returned.  If an error occurs in
.BR ldap_count_messages() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search (3),
.BR ldap_result (3),
.BR ldap_parse_result (3),
.BR ldap_first_entry (3),
.BR ldap_first_reference (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 83 stdin
PK�����kSi\��1ܽ�������man3/ldap_controls_free.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����kSi\�5^#v1��v1����man3/ber_scanf.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����kSi\g�d"#��"#����man3/ldap_matchingrule2str.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\g�d"#��"#����man3/ldap_objectclass_free.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\��MK$��K$����man3/ber_put_ostring.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\OPh��
���
����man3/ldap_rename.3nu��[�����������.lf 1 stdin
.TH LDAP_RENAME 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_rename, ldap_rename_s \- Renames the specified entry.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp );
.ft
LDAP *ld;
const char *dn, *newrdn, *newparent;
int deleteoldrdn;
LDAPControl *sctrls[], *cctrls[];
int *msgidp);
.LP
.ft B
int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] );
.ft
LDAP *ld;
const char *dn, *newrdn, *newparent;
int deleteoldrdn;
LDAPControl *sctrls[], *cctrls[];
.SH DESCRIPTION
These routines are used to perform a LDAP rename operation.
The function changes the leaf component of an entry's distinguished
name and  optionally moves the entry to a new parent container. The 
.B ldap_rename_s
performs a rename operation synchronously.
The method takes \fIdn\fP, which points to the distinguished name of
the entry whose attribute is being compared, \fInewparent\fP,the distinguished
name of the entry's new parent. If this parameter is NULL, only the RDN is changed.
The root DN is specified by passing a zero length string, "". 
\fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted.
Zero indicates that the old RDN should be retained. If you choose this option,
the attribute will contain both names (the old and the new).
Non-zero indicates that the old RDN should be deleted.
\fIserverctrls\fP points to an array of LDAPControl structures that list the
client controls to use with this extended operation. Use NULL to specify
no client controls. \fIclientctrls\fP points to an array of LDAPControl 
structures that list the client controls to use with the search.
.LP
.B ldap_rename
works just like
.B ldap_rename_s,
but the operation is asynchronous. It returns the message id of the request
it initiated. The result of this operation can be obtained by calling
.BR ldap_result(3).
.SH ERRORS
.B ldap_rename()
returns \-1 in case of error initiating the request, and
will set the \fIld_errno\fP field in the \fIld\fP parameter to
indicate the error.
.BR ldap_rename_s()
returns the LDAP error code resulting from the rename operation.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 67 stdin
PK�����kSi\g�d"#��"#����man3/ldap_attributetype_free.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\���.���.����man3/ldap_set_rebind_proc.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����kSi\�����
���
����man3/ldap_value_free_len.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>

.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
int ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
int ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
void ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
void ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values.  \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead.  It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 103 stdin
PK�����kSi\��MK$��K$����man3/ber_printf.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\��q��q����man3/ldap_dn2str.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����kSi\g�d"#��"#����man3/ldap_matchingrule_free.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\���.���.����man3/ldap_sasl_bind_s.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����kSi\��n��������man3/ldap_open.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_open(host, port)
.ft
char *host;
int port;
.LP
.ft B
LDAP *ldap_init(host, port)
.ft
char *host;
int port;
.LP
.ft B
int ldap_initialize(ldp, uri)
.ft
LDAP **ldp;
char *uri;
.LP
.ft B
int ldap_set_urllist_proc(ld, proc, params)
.ft
LDAP *ld;
LDAP_URLLIST_PROC *proc;
void *params;
.LP
.ft B
int (LDAP_URLLIST_PROC)(ld, urllist, url, params);
.ft
LDAP *ld;
LDAPURLDesc **urllist;
LDAPURLDesc **url;
void *params;
.LP
.ft B
#include <ldap_pvt.h>
.LP
.ft B
int ldap_init_fd(fd, proto, uri, ldp)
.ft
ber_socket_t fd;
int proto;
char *uri;
LDAP **ldp;
.SH DESCRIPTION
.LP
.B ldap_open()
opens a connection to an LDAP server and allocates an LDAP
structure which is used to identify
the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection.
.B ldap_initialize()
allocates an LDAP structure but does not open an initial connection.
.B ldap_init_fd()
allocates an LDAP structure using an existing connection on the
provided socket.
One
of these routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
running, and \fIport\fP, the port number to which to connect.  If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
\fIport\fP.  The \fIhost\fP parameter may contain a blank-separated list
of hosts to try to connect to, and each host may optionally by of the form
\fIhost:port\fP.  If present, the \fI:port\fP overrides the \fIport\fP
parameter to
.BR ldap_open() .
Upon successfully making a connection to an
LDAP server,
.B ldap_open()
returns a pointer to an opaque LDAP structure, which should be passed
to subsequent calls to
.BR ldap_bind() ,
.BR ldap_search() ,
etc. Certain fields in the LDAP structure can be set to indicate size limit,
time limit, and how aliases are handled during operations; read and write access 
to those fields must occur by calling
.BR ldap_get_option (3) 
and
.BR ldap_set_option (3)
respectively, whenever possible.
.LP
.B
ldap_init()
acts just like
.BR ldap_open() ,
but does not open a connection
to the LDAP server.  The actual connection open will occur when the
first operation is attempted.
.LP
.B ldap_initialize()
acts like
.BR ldap_init() ,
but it returns an integer indicating either success or the failure reason,
and it allows to specify details for the connection in the schema portion
of the URI.
The
.I uri
parameter may be a comma- or whitespace-separated list of URIs
containing only the
.IR schema ,
the
.IR host ,
and the
.I port
fields.
Apart from
.BR ldap ,
other (non-standard) recognized values of the
.I schema
field are
.B ldaps
(LDAP over TLS),
.B ldapi
(LDAP over IPC),
and
.B cldap
(connectionless LDAP).
If other fields are present, the behavior is undefined.
.LP
At this time,
.B ldap_open()
and 
.B ldap_init()
are deprecated in favor of
.BR ldap_initialize() ,
essentially because the latter allows to specify a schema in the URI
and it explicitly returns an error code.
.LP
.B ldap_init_fd()
allows an LDAP structure to be initialized using an already-opened
connection. The
.I proto
parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP,
or LDAP_PROTO_IPC
for a connection using TCP, UDP, or IPC, respectively. The value
LDAP_PROTO_EXT
may also be specified if user-supplied sockbuf handlers are going to
be used. Note that support for UDP is not implemented unless libldap
was built with LDAP_CONNECTIONLESS defined.
The
.I uri
parameter may optionally be provided for informational purposes.
.LP
.B ldap_set_urllist_proc()
allows to set a function
.I proc
of type
.I LDAP_URLLIST_PROC
that is called when a successful connection can be established.
This function receives the list of URIs parsed from the
.I uri
string originally passed to
.BR ldap_initialize() ,
and the one that successfully connected.
The function may manipulate the URI list; the typical use consists
in moving the successful URI to the head of the list,
so that subsequent attempts to connect to one of the URIs using the same LDAP handle
will try it first.
If
.I ld
is null,
.I proc
is set as a global parameter that is inherited by all handlers
within the process that are created after the call to
.BR ldap_set_urllist_proc() .
By default, no 
.I LDAP_URLLIST_PROC
is set.
In a multithreaded environment,
.B ldap_set_urllist_proc()
must be called before any concurrent operation using the LDAP handle is started.

Note: the first call into the LDAP library also initializes the global
options for the library. As such the first call should be single-threaded
or otherwise protected to insure that only one call is active. It is
recommended that
.BR ldap_get_option ()
or
.BR ldap_set_option ()
be used in the program's main thread before any additional threads are created.
See
.BR ldap_get_option (3).

.SH ERRORS
If an error occurs,
.B ldap_open()
and
.B ldap_init()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_initialize()
and
.B ldap_init_fd()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.B ldap_set_urllist_proc()
returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_bind (3),
.BR ldap_get_option (3),
.BR ldap_set_option (3),
.BR lber-sockbuf (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 226 stdin
PK�����kSi\�c%u��u����man3/ldap_search.3nu��[�����������.lf 1 stdin
.TH LDAP_SEARCH 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <sys/types.h>
#include <ldap.h>
.LP
.ft B
int ldap_search_ext(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_search_ext_s(
.RS
LDAP *\fIld\fB,
char *\fIbase\fB,
int \fIscope\fB,
char *\fIfilter\fB,
char *\fIattrs\fB[],
int \fIattrsonly\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
struct timeval *\fItimeout\fB,
int \fIsizelimit\fB,
LDAPMessage **\fIres\fB );
.RE
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
The
.B ldap_search_ext_s()
routine
does the search synchronously (i.e., not
returning until the operation completes), providing a pointer
to the resulting LDAP messages at the location pointed to by
the \fIres\fP parameter.
.LP
The
.B ldap_search_ext()
routine is the asynchronous version, initiating the search and returning
the message id of the operation it initiated in the integer
pointed to by the \fImsgidp\fP parameter.
.LP
The \fIbase\fP parameter is the DN of the entry at which to start the search.
.LP
The \fIscope\fP parameter is the scope of the search and should be one
of LDAP_SCOPE_BASE, to search the object itself, LDAP_SCOPE_ONELEVEL,
to search the object's immediate children, LDAP_SCOPE_SUBTREE, to
search the object and all its descendants, or LDAP_SCOPE_CHILDREN,
to search all of the descendants.   Note that the latter requires
the server support the LDAP Subordinates Search Scope extension.
.LP
The \fIfilter\fP is a string representation of the filter to
apply in the search.  The string should conform to the format
specified in RFC 4515 as extended by RFC 4526.  For instance,
"(cn=Jane Doe)".  Note that use of the extension requires the
server to support the LDAP Absolute True/False Filter extension.
NULL may be specified to indicate the library should send the
filter (objectClass=*).
.LP
The \fIattrs\fP parameter is a null-terminated array of attribute
descriptions to return from matching entries.
If NULL is specified, the return of all user attributes is requested.
The description "*" (LDAP_ALL_USER_ATTRIBUTES) may be used to request
all user attributes to be returned.
The description "+"(LDAP_ALL_OPERATIONAL_ATTRIBUTES) may be used to
request all operational attributes to be returned.  Note that this
requires the server to support the LDAP All Operational Attribute
extension.
To request no attributes, the description "1.1" (LDAP_NO_ATTRS)
should be listed by itself.
.LP
The \fIattrsonly\fP parameter should be set to a non-zero value
if only attribute descriptions are wanted.  It should be set to zero (0)
if both attributes descriptions and attribute values are wanted.
.LP
The \fIserverctrls\fP and \fIclientctrls\fP parameters may be used
to specify server and client controls, respectively.
.LP
The
.B ldap_search_ext_s()
routine is the synchronous version of
.BR ldap_search_ext().
.LP
It also returns a code indicating success or, in the
case of failure, indicating the nature of the failure
of the operation.  See
.BR ldap_error (3)
for details.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
routines. Return values are contained in <ldap.h>.
.LP
Note that \fIres\fR parameter of
.B ldap_search_ext_s()
and
.B ldap_search_s()
should be freed with
.B ldap_msgfree()
regardless of return value of these functions.
.SH DEPRECATED INTERFACES
The 
.B ldap_search()
routine is deprecated in favor of the
.B ldap_search_ext()
routine.  The 
.B ldap_search_s()
and
.B ldap_search_st()
routines are deprecated in favor of the
.B ldap_search_ext_s()
routine.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 139 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 145 stdin
PK�����kSi\�5^#v1��v1����man3/ber_get_stringb.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����kSi\��n��������man3/ldap_set_urllist_proc.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_open(host, port)
.ft
char *host;
int port;
.LP
.ft B
LDAP *ldap_init(host, port)
.ft
char *host;
int port;
.LP
.ft B
int ldap_initialize(ldp, uri)
.ft
LDAP **ldp;
char *uri;
.LP
.ft B
int ldap_set_urllist_proc(ld, proc, params)
.ft
LDAP *ld;
LDAP_URLLIST_PROC *proc;
void *params;
.LP
.ft B
int (LDAP_URLLIST_PROC)(ld, urllist, url, params);
.ft
LDAP *ld;
LDAPURLDesc **urllist;
LDAPURLDesc **url;
void *params;
.LP
.ft B
#include <ldap_pvt.h>
.LP
.ft B
int ldap_init_fd(fd, proto, uri, ldp)
.ft
ber_socket_t fd;
int proto;
char *uri;
LDAP **ldp;
.SH DESCRIPTION
.LP
.B ldap_open()
opens a connection to an LDAP server and allocates an LDAP
structure which is used to identify
the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection.
.B ldap_initialize()
allocates an LDAP structure but does not open an initial connection.
.B ldap_init_fd()
allocates an LDAP structure using an existing connection on the
provided socket.
One
of these routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
running, and \fIport\fP, the port number to which to connect.  If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
\fIport\fP.  The \fIhost\fP parameter may contain a blank-separated list
of hosts to try to connect to, and each host may optionally by of the form
\fIhost:port\fP.  If present, the \fI:port\fP overrides the \fIport\fP
parameter to
.BR ldap_open() .
Upon successfully making a connection to an
LDAP server,
.B ldap_open()
returns a pointer to an opaque LDAP structure, which should be passed
to subsequent calls to
.BR ldap_bind() ,
.BR ldap_search() ,
etc. Certain fields in the LDAP structure can be set to indicate size limit,
time limit, and how aliases are handled during operations; read and write access 
to those fields must occur by calling
.BR ldap_get_option (3) 
and
.BR ldap_set_option (3)
respectively, whenever possible.
.LP
.B
ldap_init()
acts just like
.BR ldap_open() ,
but does not open a connection
to the LDAP server.  The actual connection open will occur when the
first operation is attempted.
.LP
.B ldap_initialize()
acts like
.BR ldap_init() ,
but it returns an integer indicating either success or the failure reason,
and it allows to specify details for the connection in the schema portion
of the URI.
The
.I uri
parameter may be a comma- or whitespace-separated list of URIs
containing only the
.IR schema ,
the
.IR host ,
and the
.I port
fields.
Apart from
.BR ldap ,
other (non-standard) recognized values of the
.I schema
field are
.B ldaps
(LDAP over TLS),
.B ldapi
(LDAP over IPC),
and
.B cldap
(connectionless LDAP).
If other fields are present, the behavior is undefined.
.LP
At this time,
.B ldap_open()
and 
.B ldap_init()
are deprecated in favor of
.BR ldap_initialize() ,
essentially because the latter allows to specify a schema in the URI
and it explicitly returns an error code.
.LP
.B ldap_init_fd()
allows an LDAP structure to be initialized using an already-opened
connection. The
.I proto
parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP,
or LDAP_PROTO_IPC
for a connection using TCP, UDP, or IPC, respectively. The value
LDAP_PROTO_EXT
may also be specified if user-supplied sockbuf handlers are going to
be used. Note that support for UDP is not implemented unless libldap
was built with LDAP_CONNECTIONLESS defined.
The
.I uri
parameter may optionally be provided for informational purposes.
.LP
.B ldap_set_urllist_proc()
allows to set a function
.I proc
of type
.I LDAP_URLLIST_PROC
that is called when a successful connection can be established.
This function receives the list of URIs parsed from the
.I uri
string originally passed to
.BR ldap_initialize() ,
and the one that successfully connected.
The function may manipulate the URI list; the typical use consists
in moving the successful URI to the head of the list,
so that subsequent attempts to connect to one of the URIs using the same LDAP handle
will try it first.
If
.I ld
is null,
.I proc
is set as a global parameter that is inherited by all handlers
within the process that are created after the call to
.BR ldap_set_urllist_proc() .
By default, no 
.I LDAP_URLLIST_PROC
is set.
In a multithreaded environment,
.B ldap_set_urllist_proc()
must be called before any concurrent operation using the LDAP handle is started.

Note: the first call into the LDAP library also initializes the global
options for the library. As such the first call should be single-threaded
or otherwise protected to insure that only one call is active. It is
recommended that
.BR ldap_get_option ()
or
.BR ldap_set_option ()
be used in the program's main thread before any additional threads are created.
See
.BR ldap_get_option (3).

.SH ERRORS
If an error occurs,
.B ldap_open()
and
.B ldap_init()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_initialize()
and
.B ldap_init_fd()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.B ldap_set_urllist_proc()
returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_bind (3),
.BR ldap_get_option (3),
.BR ldap_set_option (3),
.BR lber-sockbuf (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 226 stdin
PK�����kSi\m�&$��$����man3/ldap_perror.3nu��[�����������.lf 1 stdin
.TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_err2string( int \fIerr\fB );
.SH DESCRIPTION
The
.B ldap_err2string()
routine provides short description of the various codes returned by
routines in this library.  The returned string is a pointer to a
static area that should not be modified.

These codes are either negative,
indicating an API error code; positive, indicating an LDAP resultCode
other than \'success' (0), or - zero, indicating both successful use
of the API and the LDAP resultCode \'success' (0).

The code associated with an LDAP session is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).

.SH PROTOCOL RESULT CODES

This section provides a partial list of protocol codes recognized
by the library.  As LDAP is extensible, additional values may be
returned.  A complete listing of \fIregistered\fP LDAP result codes
can be obtained from the \fIInternet Assigned Numbers Authority\fP
<http://www.iana.org>.

.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.

.SH API ERROR CODES

This section provides a complete list of API error codes recognized
by the library.   Note that LDAP_SUCCESS indicates success of an
API call in addition to representing the return of the LDAP
\'success' resultCode.


.LP
.TP 20
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred.  This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap library routine.
.TP
.SM LDAP_USER_CANCELED
Indicates the user cancelled the operation.
.TP
.SM LDAP_CONNECT_ERROR
Indicates a connection problem.
.TP
.SM LDAP_NOT_SUPPORTED
Indicates the routine was called in a manner not supported by the library.
.TP
.SM LDAP_CONTROL_NOT_FOUND
Indicates the control provided is unknown to the client library.
.TP
.SM LDAP_NO_RESULTS_RETURNED
Indicates no results returned.
.TP
.SM LDAP_MORE_RESULTS_TO_RETURN
Indicates more results could be returned.
.TP
.SM LDAP_CLIENT_LOOP
Indicates the library has detected a loop in its processing.
.TP
.SM LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates the referral limit has been exceeded.

.SH DEPRECATED
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 220 stdin

.SH SEE ALSO
.BR ldap (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 225 stdin
PK�����kSi\'�t!��������man3/ldap_start_tls_s.3nu��[�����������.lf 1 stdin
.TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_start_tls(LDAP *" ld ");"
.LP
.BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");"
.LP
.BI "int ldap_tls_inplace(LDAP *" ld ");"
.LP
.BI "int ldap_install_tls(LDAP *" ld ");"
.SH DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session.
.BR ldap_start_tls_s ()
sends a StartTLS request to a server, waits for the reply, and then installs
TLS handlers on the session if the request succeeded. The routine returns
.B LDAP_SUCCESS
if everything succeeded, otherwise it returns an LDAP error code.
.BR ldap_start_tls ()
sends a StartTLS request to a server and does nothing else. It returns
.B LDAP_SUCCESS
if the request was sent successfully.
.BR ldap_tls_inplace ()
returns 1 if TLS handlers have been installed on the specified session, 0
otherwise.
.BR ldap_install_tls ()
installs the TLS handlers on the given session. It returns
.B LDAP_LOCAL_ERROR
if TLS is already installed.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 42 stdin
PK�����kSi\m�&$��$����man3/ldap_error.3nu��[�����������.lf 1 stdin
.TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_err2string( int \fIerr\fB );
.SH DESCRIPTION
The
.B ldap_err2string()
routine provides short description of the various codes returned by
routines in this library.  The returned string is a pointer to a
static area that should not be modified.

These codes are either negative,
indicating an API error code; positive, indicating an LDAP resultCode
other than \'success' (0), or - zero, indicating both successful use
of the API and the LDAP resultCode \'success' (0).

The code associated with an LDAP session is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).

.SH PROTOCOL RESULT CODES

This section provides a partial list of protocol codes recognized
by the library.  As LDAP is extensible, additional values may be
returned.  A complete listing of \fIregistered\fP LDAP result codes
can be obtained from the \fIInternet Assigned Numbers Authority\fP
<http://www.iana.org>.

.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.

.SH API ERROR CODES

This section provides a complete list of API error codes recognized
by the library.   Note that LDAP_SUCCESS indicates success of an
API call in addition to representing the return of the LDAP
\'success' resultCode.


.LP
.TP 20
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred.  This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap library routine.
.TP
.SM LDAP_USER_CANCELED
Indicates the user cancelled the operation.
.TP
.SM LDAP_CONNECT_ERROR
Indicates a connection problem.
.TP
.SM LDAP_NOT_SUPPORTED
Indicates the routine was called in a manner not supported by the library.
.TP
.SM LDAP_CONTROL_NOT_FOUND
Indicates the control provided is unknown to the client library.
.TP
.SM LDAP_NO_RESULTS_RETURNED
Indicates no results returned.
.TP
.SM LDAP_MORE_RESULTS_TO_RETURN
Indicates more results could be returned.
.TP
.SM LDAP_CLIENT_LOOP
Indicates the library has detected a loop in its processing.
.TP
.SM LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates the referral limit has been exceeded.

.SH DEPRECATED
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 220 stdin

.SH SEE ALSO
.BR ldap (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 225 stdin
PK�����kSi\�����
���
����man3/ldap_value_free.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_VALUES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>

.LP
.ft B
char **ldap_get_values(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
struct berval **ldap_get_values_len(ld, entry, attr)
.ft
LDAP *ld;
LDAPMessage *entry;
char *attr;
.LP
.ft B
int ldap_count_values(vals)
.ft
char **vals;
.LP
.ft B
int ldap_count_values_len(vals)
.ft
struct berval **vals;
.LP
.ft B
void ldap_value_free(vals)
.ft
char **vals;
.LP
.ft B
void ldap_value_free_len(vals)
.ft
struct berval **vals;
.SH DESCRIPTION
These routines are used to retrieve and manipulate attribute values
from an LDAP entry as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3).
.B ldap_get_values()
takes the \fIentry\fP and the attribute \fIattr\fP
whose values are desired and returns a NULL-terminated array of the
attribute's values.  \fIattr\fP may be an attribute type as returned
from
.BR ldap_first_attribute (3)
or
.BR ldap_next_attribute (3),
or if the attribute type is known it can simply be given.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values() .
The array of values returned can be freed by calling
.BR ldap_value_free() .
.LP
If the attribute values are binary in nature, and thus not suitable
to be returned as an array of char *'s, the
.B ldap_get_values_len()
routine can be used instead.  It takes the same parameters as
.BR ldap_get_values() ,
but returns a NULL-terminated array of pointers
to berval structures, each containing the length of and a pointer
to a value.
.LP
The number of values in the array can be counted by calling
.BR ldap_count_values_len() .
The array of values returned can be freed by calling
.BR ldap_value_free_len() .
.SH ERRORS
If an error occurs in
.B ldap_get_values()
or
.BR ldap_get_values_len() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to
indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
These routines dynamically allocate memory which the caller must free
using the supplied routines.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_first_attribute (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 103 stdin
PK�����kSi\�շY��������man3/ber_bvecfree.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����kSi\]�Ib�	���	����man3/ldap_delete_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_delete_s(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
int *msgidp;
.LP
.ft B
int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
asynchronously. It takes the same parameters as
.BR ldap_delete_s(),
but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
The
.B ldap_delete_ext()
routine  allows  server  and client controls to be 
specified to extend the delete request. This routine is asynchronous like 
ldap_delete(), but its return value is an LDAP error code. It stores the 
message id of the request in the integer pointed to by msgidp.
.LP
The
.B ldap_delete_ext_s()
routine is the synchronous version of
.BR ldap_delete_ext().
It also returns an LDAP error code indicating success 
or failure of the operation.
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
and
.B ldap_delete_ext_s()
return some Non-zero value if
something  went wrong initiating the request, else return 0.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 90 stdin
PK�����kSi\���.���.����man3/ldap_bind_s.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����kSi\�E͡�������man3/ldap_msgtype.3nu��[�����������.lf 1 stdin
.TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_result( LDAP *ld, int msgid, int all,
	struct timeval *timeout, LDAPMessage **result );

int ldap_msgfree( LDAPMessage *msg );

int ldap_msgtype( LDAPMessage *msg );

int ldap_msgid( LDAPMessage *msg );
.ft
.SH DESCRIPTION
The
.B ldap_result()
routine is used to wait for and return the result of
an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
etc.).  Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session.  It can be used to request the result
of a specific operation from
.B ldap_result()
through the \fImsgid\fP parameter.
.LP
The
.B ldap_result()
routine will block or not, depending upon the setting
of the \fItimeout\fP parameter.
If timeout is not a NULL pointer,  it  specifies  a  maximum
interval  to wait for the selection to complete.  If timeout
is a NULL  pointer, the LDAP_OPT_TIMEOUT value set by
.BR ldap_set_option (3)
is used. With the default setting,
the  select  blocks  indefinitely.   To
effect  a  poll,  the  timeout argument should be a non-NULL
pointer, pointing to a zero-valued timeval structure.
To obtain the behavior of the default setting, bypassing any value set by 
.BR ldap_set_option (3),
set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter.
See
.BR select (2)
for further details.
.LP
If the result of a specific operation is required, \fImsgid\fP should
be set to the invocation identifier returned when the operation was
initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be
supplied to wait for any or unsolicited response.
.LP
The \fIall\fP parameter, if non-zero, causes
.B ldap_result()
to return all responses with msgid, otherwise only the
next response is returned.  This is commonly used to obtain all
the responses of a search operation.
.LP
A search response is made up of zero or
more search entries, zero or more search references, and zero or
more extended partial responses followed by a search result.  If
\fIall\fP is set to 0, search entries will be returned one at a
time as they come in, via separate calls to
.BR ldap_result() .
If it's set to 1, the search
response will only be returned in its entirety, i.e., after all entries,
all references, all extended partial responses, and the final search
result have been received.
.SH RETURN VALUE
Upon success, the type of the result received is returned and the
\fIresult\fP parameter will contain the result of the operation;
otherwise, the \fIresult\fP parameter is undefined.  This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
.LP
The possible result types returned are:
.LP
.nf
	LDAP_RES_BIND (0x61)
	LDAP_RES_SEARCH_ENTRY (0x64)
	LDAP_RES_SEARCH_REFERENCE (0x73)
	LDAP_RES_SEARCH_RESULT (0x65)
	LDAP_RES_MODIFY (0x67)
	LDAP_RES_ADD (0x69)
	LDAP_RES_DELETE (0x6b)
	LDAP_RES_MODDN (0x6d)
	LDAP_RES_COMPARE (0x6f)
	LDAP_RES_EXTENDED (0x78)
	LDAP_RES_INTERMEDIATE (0x79)
.fi
.LP
The
.B ldap_msgfree()
routine is used to free the memory allocated for
result(s) by
.B ldap_result()
or
.BR ldap_search_ext_s (3)
and friends.
It takes a pointer to the result or result chain to be freed and returns
the type of the last message in the chain.
If the parameter is NULL, the function does nothing and returns zero.
.LP
The
.B ldap_msgtype()
routine returns the type of a message.
.LP
The
.B ldap_msgid()
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
.BR select (2)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin
PK�����kSi\�C�B�
���
����man3/ldap_compare_ext_s.3nu��[�����������.lf 1 stdin
.TH LDAP_COMPARE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_compare_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
int ldap_compare_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
char *\fIattr\fB,
const struct berval *\fIbvalue\fB,
LDAPControl **\fIserverctrls\fB,
LDAPControl **\fIclientctrls\fB );
.RE
.SH DESCRIPTION
The
.B ldap_compare_ext_s()
routine is used to perform an LDAP compare operation synchronously.
It takes \fIdn\fP, the DN of the entry upon which to perform the
compare, and \fIattr\fP and \fIvalue\fP, the attribute description and
value to compare to those found in the entry.  It returns a code, which
will be LDAP_COMPARE_TRUE if the entry contains the attribute value and
LDAP_COMPARE_FALSE if it does not.  Otherwise, an error code is
returned that indicates the nature of the problem.  See
.BR ldap (3)
for details.
.LP
The
.B ldap_compare_ext()
routine is used to perform an LDAP compare operation
asynchronously.  It takes the same parameters as
.BR ldap_compare_ext_s() ,
but provides the message id of the request it initiated in the
integer pointed to \fImsgidp\fP.  The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
Both routines allow server and client controls to be specified to
extend the compare request.
.SH DEPRECATED INTERFACES
The routines
.BR ldap_compare ()
and
.BR ldap_compare_s ()
are deprecated in favor of
.BR ldap_compare_ext ()
and
.BR ldap_compare_ext_s (),
respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 75 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 80 stdin
PK�����kSi\S/�6	��6	����man3/ldap_first_attribute.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_ATTRIBUTE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_first_attribute(
	LDAP *ld, LDAPMessage *entry, BerElement **berptr )
.LP
.ft B
char *ldap_next_attribute(
	LDAP *ld, LDAPMessage *entry, BerElement *ber )
.SH DESCRIPTION
The
.B ldap_first_attribute()
and
.B ldap_next_attribute()
routines are used
to step through the attributes in an LDAP entry.
.B ldap_first_attribute()
takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a pointer to character string
containing the first attribute description in the entry.
.B ldap_next_attribute()
returns the next attribute description in the entry.
.LP
It also returns, in \fIberptr\fP, a pointer to a BerElement it has
allocated to keep track of its current position.  This pointer should
be passed to subsequent calls to
.B ldap_next_attribute()
and is used
to effectively step through the entry's attributes.  The caller is
solely responsible for freeing the BerElement pointed to by \fIberptr\fP
when it is no longer needed by calling
.BR ber_free (3).
When calling
.BR ber_free (3)
in this instance, be sure the second argument is 0.
.LP
The attribute names returned are suitable for inclusion in a call
to
.BR ldap_get_values (3)
to retrieve the attribute's values.
.SH ERRORS
If an error occurs, NULL is returned and the ld_errno field in the
\fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.SH NOTES
The
.B ldap_first_attribute()
and
.B ldap_next_attribute()
return dynamically allocated memory that must be freed by the caller via
.BR ldap_memfree (3).   
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_entry (3),
.BR ldap_get_values (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 74 stdin
PK�����kSi\��MK$��K$����man3/ber_put_set.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\�4���������man3/ldap_mods_free.3nu��[�����������.lf 1 stdin
.TH LDAP_MODIFY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modify_ext(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.nf
.ft B
int ldap_modify_ext_s(
.RS
.ft B
LDAP *\fIld\fB,
char *\fIdn\fB,
LDAPMod *\fImods[]\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB );
.RE
.LP
.nf
.ft B
void ldap_mods_free(
.RS
.ft B
LDAPMod **\fImods\fB,
int \fIfreemods\fB );
.RE
.SH DESCRIPTION
The routine
.B ldap_modify_ext_s()
is used to perform an LDAP modify operation.
\fIdn\fP is the DN of the entry to modify, and \fImods\fP is a
null-terminated array of modifications to make to the entry.  Each element
of the \fImods\fP array is a pointer to an LDAPMod structure, which is
defined below.
.LP
.nf
	typedef struct ldapmod {
	    int mod_op;
	    char *mod_type;
	    union {
	        char **modv_strvals;
	        struct berval **modv_bvals;
	    } mod_vals;
	    struct ldapmod *mod_next;
	} LDAPMod;
	#define mod_values mod_vals.modv_strvals
	#define mod_bvalues mod_vals.modv_bvals
.ft
.fi
.LP
The \fImod_op\fP field is used to specify the type of modification to
perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or
LDAP_MOD_REPLACE.  The \fImod_type\fP and \fImod_values\fP fields
specify the attribute type to modify and a null-terminated array of
values to add, delete, or replace respectively.  The \fImod_next\fP
field is used only by the LDAP server and may be ignored by the
client.
.LP
If you need to specify a non-string value (e.g., to add a
photo or audio attribute value), you should set \fImod_op\fP to the
logical OR of the operation as above (e.g., LDAP_MOD_REPLACE)
and the constant LDAP_MOD_BVALUES.  In this case, \fImod_bvalues\fP
should be used instead of \fImod_values\fP, and it should point to
a null-terminated array of struct bervals, as defined in <lber.h>.
.LP
For LDAP_MOD_ADD modifications, the given values are added to the
entry, creating the attribute if necessary.  For LDAP_MOD_DELETE
modifications, the given values are deleted from the entry, removing
the attribute if no values remain.  If the entire attribute is to be deleted,
the \fImod_values\fP field should be set to NULL.  For LDAP_MOD_REPLACE
modifications, the attribute will have the listed values after the
modification, having been created if necessary.  All modifications are
performed in the order in which they are listed.
.LP
.B ldap_mods_free()
can be used to free each element of a NULL-terminated
array of mod structures.  If \fIfreemods\fP is non-zero, the
\fImods\fP pointer itself is freed as well.
.LP
.B ldap_modify_ext_s()
returns a code indicating success or, in the case of failure,
indicating the nature of the failure.  See
.BR ldap_error (3)
for details
.LP
The
.B ldap_modify_ext()
operation works the same way as
.BR ldap_modify_ext_s() ,
except that it is asynchronous. The integer that \fImsgidp\fP points
to is set to the message id of the modify request.  The result of
the operation can be obtained by calling
.BR ldap_result (3).
.LP
Both
.B ldap_modify_ext() 
and
.B ldap_modify_ext_s() 
allows server and client controls to be passed in
via the sctrls and cctrls parameters, respectively.
.SH DEPRECATED INTERFACES
The
.B ldap_modify()
and
.B ldap_modify_s()
routines are deprecated in favor of the
.B ldap_modify_ext()
and
.B ldap_modify_ext_s()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 132 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin

PK�����kSi\��MK$��K$����man3/ber_start_set.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����kSi\g�d"#��"#����man3/ldap_str2syntax.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����kSi\m�&$��$����man3/ldap_result2error.3nu��[�����������.lf 1 stdin
.TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_err2string( int \fIerr\fB );
.SH DESCRIPTION
The
.B ldap_err2string()
routine provides short description of the various codes returned by
routines in this library.  The returned string is a pointer to a
static area that should not be modified.

These codes are either negative,
indicating an API error code; positive, indicating an LDAP resultCode
other than \'success' (0), or - zero, indicating both successful use
of the API and the LDAP resultCode \'success' (0).

The code associated with an LDAP session is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).

.SH PROTOCOL RESULT CODES

This section provides a partial list of protocol codes recognized
by the library.  As LDAP is extensible, additional values may be
returned.  A complete listing of \fIregistered\fP LDAP result codes
can be obtained from the \fIInternet Assigned Numbers Authority\fP
<http://www.iana.org>.

.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.

.SH API ERROR CODES

This section provides a complete list of API error codes recognized
by the library.   Note that LDAP_SUCCESS indicates success of an
API call in addition to representing the return of the LDAP
\'success' resultCode.


.LP
.TP 20
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred.  This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap library routine.
.TP
.SM LDAP_USER_CANCELED
Indicates the user cancelled the operation.
.TP
.SM LDAP_CONNECT_ERROR
Indicates a connection problem.
.TP
.SM LDAP_NOT_SUPPORTED
Indicates the routine was called in a manner not supported by the library.
.TP
.SM LDAP_CONTROL_NOT_FOUND
Indicates the control provided is unknown to the client library.
.TP
.SM LDAP_NO_RESULTS_RETURNED
Indicates no results returned.
.TP
.SM LDAP_MORE_RESULTS_TO_RETURN
Indicates more results could be returned.
.TP
.SM LDAP_CLIENT_LOOP
Indicates the library has detected a loop in its processing.
.TP
.SM LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates the referral limit has been exceeded.

.SH DEPRECATED
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 220 stdin

.SH SEE ALSO
.BR ldap (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 225 stdin
PK�����kSi\�E͡�������man3/ldap_msgid.3nu��[�����������.lf 1 stdin
.TH LDAP_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_result \- Wait for the result of an LDAP operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_result( LDAP *ld, int msgid, int all,
	struct timeval *timeout, LDAPMessage **result );

int ldap_msgfree( LDAPMessage *msg );

int ldap_msgtype( LDAPMessage *msg );

int ldap_msgid( LDAPMessage *msg );
.ft
.SH DESCRIPTION
The
.B ldap_result()
routine is used to wait for and return the result of
an operation previously initiated by one of the LDAP asynchronous
operation routines (e.g.,
.BR ldap_search_ext (3),
.BR ldap_modify_ext (3),
etc.).  Those routines all return \-1 in case of error, and an
invocation identifier upon successful initiation of the operation. The
invocation identifier is picked by the library and is guaranteed to be
unique across the LDAP session.  It can be used to request the result
of a specific operation from
.B ldap_result()
through the \fImsgid\fP parameter.
.LP
The
.B ldap_result()
routine will block or not, depending upon the setting
of the \fItimeout\fP parameter.
If timeout is not a NULL pointer,  it  specifies  a  maximum
interval  to wait for the selection to complete.  If timeout
is a NULL  pointer, the LDAP_OPT_TIMEOUT value set by
.BR ldap_set_option (3)
is used. With the default setting,
the  select  blocks  indefinitely.   To
effect  a  poll,  the  timeout argument should be a non-NULL
pointer, pointing to a zero-valued timeval structure.
To obtain the behavior of the default setting, bypassing any value set by 
.BR ldap_set_option (3),
set to -1 the \fItv_sec\fP field of the \fItimeout\fP parameter.
See
.BR select (2)
for further details.
.LP
If the result of a specific operation is required, \fImsgid\fP should
be set to the invocation identifier returned when the operation was
initiated, otherwise LDAP_RES_ANY or LDAP_RES_UNSOLICITED should be
supplied to wait for any or unsolicited response.
.LP
The \fIall\fP parameter, if non-zero, causes
.B ldap_result()
to return all responses with msgid, otherwise only the
next response is returned.  This is commonly used to obtain all
the responses of a search operation.
.LP
A search response is made up of zero or
more search entries, zero or more search references, and zero or
more extended partial responses followed by a search result.  If
\fIall\fP is set to 0, search entries will be returned one at a
time as they come in, via separate calls to
.BR ldap_result() .
If it's set to 1, the search
response will only be returned in its entirety, i.e., after all entries,
all references, all extended partial responses, and the final search
result have been received.
.SH RETURN VALUE
Upon success, the type of the result received is returned and the
\fIresult\fP parameter will contain the result of the operation;
otherwise, the \fIresult\fP parameter is undefined.  This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
.LP
The possible result types returned are:
.LP
.nf
	LDAP_RES_BIND (0x61)
	LDAP_RES_SEARCH_ENTRY (0x64)
	LDAP_RES_SEARCH_REFERENCE (0x73)
	LDAP_RES_SEARCH_RESULT (0x65)
	LDAP_RES_MODIFY (0x67)
	LDAP_RES_ADD (0x69)
	LDAP_RES_DELETE (0x6b)
	LDAP_RES_MODDN (0x6d)
	LDAP_RES_COMPARE (0x6f)
	LDAP_RES_EXTENDED (0x78)
	LDAP_RES_INTERMEDIATE (0x79)
.fi
.LP
The
.B ldap_msgfree()
routine is used to free the memory allocated for
result(s) by
.B ldap_result()
or
.BR ldap_search_ext_s (3)
and friends.
It takes a pointer to the result or result chain to be freed and returns
the type of the last message in the chain.
If the parameter is NULL, the function does nothing and returns zero.
.LP
The
.B ldap_msgtype()
routine returns the type of a message.
.LP
The
.B ldap_msgid()
routine returns the message id of a message.
.SH ERRORS
.B ldap_result()
returns \-1 if something bad happens, and zero if the
timeout specified was exceeded.
.B ldap_msgtype()
and
.B ldap_msgid()
return \-1 on error.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_first_message (3),
.BR select (2)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 137 stdin
PK�����kSi\%�&}.��.����man3/ldap_destroy.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_dup, ldap_destroy, \- Duplicate and destroy LDAP session handles
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_dup(
.RS
.ft B
LDAP *\fIold\fB );
.RE
.LP
.ft B
int ldap_destroy(
.RS
.ft B
LDAP *\fIold\fB );
.RE
.SH DESCRIPTION
.LP
.B ldap_dup()
duplicates an existing LDAP
.RB ( "LDAP *" )
session handle.
The new session handle may be used concurrently with the
original session handle.
In a threaded environment, different threads may execute concurrent
requests on the same connection/session without fear of contamination.
Each session handle manages its own private error results.
.LP
.B ldap_destroy()
destroys an existing session handle.
.LP
The
.B ldap_dup()
and
.B ldap_destroy()
functions are used in conjunction with a "thread safe" version
of
.B libldap
.RB ( libldap_r )
to enable operation thread safe API calls, so that a single session
may be simultaneously used across multiple threads with consistent
error handling.
.LP
When a session is created through the use of one of the session creation
functions including
.BR ldap_open (3),
.BR ldap_init (3),
.BR ldap_initialize (3)
or
.BR ldap_init_fd (3)
an
.B "LDAP *"
session handle is returned to the application.
The session handle may be shared amongst threads, however the
error codes are unique to a session handle.
Multiple threads performing different operations using the same
session handle will result in inconsistent error codes and
return values.
.LP
To prevent this confusion,
.B ldap_dup()
is used duplicate an existing session handle so that multiple threads
can share the session, and maintain consistent error information
and results.
.LP
The message queues for a session are shared between sibling session handles.
Results of operations on a sibling session handles are accessible
to all the sibling session handles.
Applications desiring results associated with a specific operation
should provide the appropriate msgid to
.BR ldap_result() .
Applications should avoid calling
.B ldap_result()
with
.B LDAP_RES_ANY
as that may "steal" and return results in the calling thread
that another operation in a different thread, using a
different session handle, may require to complete.
.LP
When
.B ldap_unbind()
is called on a session handle with siblings, all the 
siblings become invalid.
.LP
Siblings must be destroyed using
.BR ldap_destroy() .
Session handle resources associated with the original
.RB ( "LDAP *" )
will be freed when the last session handle is destroyed or when
.B ldap_unbind()
is called, if no other session handles currently exist.
.SH ERRORS
If an error occurs,
.B ldap_dup()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_destroy()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.SH SEE ALSO
.BR ldap_open (3),
.BR ldap_init (3),
.BR ldap_initialize (3),
.BR ldap_init_fd (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
This work is based on the previously proposed
.B LDAP C API Concurrency Extensions
draft
.BR ( draft-zeilenga-ldap-c-api-concurrency-00.txt )
effort.
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 127 stdin
PK�����lSi\��q��q����man3/ldap_get_dn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����lSi\���.���.����man3/ldap_unbind.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����lSi\��n��������man3/ldap_init.3nu��[�����������.lf 1 stdin
.TH LDAP_OPEN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
LDAP *ldap_open(host, port)
.ft
char *host;
int port;
.LP
.ft B
LDAP *ldap_init(host, port)
.ft
char *host;
int port;
.LP
.ft B
int ldap_initialize(ldp, uri)
.ft
LDAP **ldp;
char *uri;
.LP
.ft B
int ldap_set_urllist_proc(ld, proc, params)
.ft
LDAP *ld;
LDAP_URLLIST_PROC *proc;
void *params;
.LP
.ft B
int (LDAP_URLLIST_PROC)(ld, urllist, url, params);
.ft
LDAP *ld;
LDAPURLDesc **urllist;
LDAPURLDesc **url;
void *params;
.LP
.ft B
#include <ldap_pvt.h>
.LP
.ft B
int ldap_init_fd(fd, proto, uri, ldp)
.ft
ber_socket_t fd;
int proto;
char *uri;
LDAP **ldp;
.SH DESCRIPTION
.LP
.B ldap_open()
opens a connection to an LDAP server and allocates an LDAP
structure which is used to identify
the connection and to maintain per-connection information.
.B ldap_init()
allocates an LDAP structure but does not open an initial connection.
.B ldap_initialize()
allocates an LDAP structure but does not open an initial connection.
.B ldap_init_fd()
allocates an LDAP structure using an existing connection on the
provided socket.
One
of these routines must be called before any operations are attempted.
.LP
.B ldap_open()
takes \fIhost\fP, the hostname on which the LDAP server is
running, and \fIport\fP, the port number to which to connect.  If the default
IANA-assigned port of 389 is desired, LDAP_PORT should be specified for
\fIport\fP.  The \fIhost\fP parameter may contain a blank-separated list
of hosts to try to connect to, and each host may optionally by of the form
\fIhost:port\fP.  If present, the \fI:port\fP overrides the \fIport\fP
parameter to
.BR ldap_open() .
Upon successfully making a connection to an
LDAP server,
.B ldap_open()
returns a pointer to an opaque LDAP structure, which should be passed
to subsequent calls to
.BR ldap_bind() ,
.BR ldap_search() ,
etc. Certain fields in the LDAP structure can be set to indicate size limit,
time limit, and how aliases are handled during operations; read and write access 
to those fields must occur by calling
.BR ldap_get_option (3) 
and
.BR ldap_set_option (3)
respectively, whenever possible.
.LP
.B
ldap_init()
acts just like
.BR ldap_open() ,
but does not open a connection
to the LDAP server.  The actual connection open will occur when the
first operation is attempted.
.LP
.B ldap_initialize()
acts like
.BR ldap_init() ,
but it returns an integer indicating either success or the failure reason,
and it allows to specify details for the connection in the schema portion
of the URI.
The
.I uri
parameter may be a comma- or whitespace-separated list of URIs
containing only the
.IR schema ,
the
.IR host ,
and the
.I port
fields.
Apart from
.BR ldap ,
other (non-standard) recognized values of the
.I schema
field are
.B ldaps
(LDAP over TLS),
.B ldapi
(LDAP over IPC),
and
.B cldap
(connectionless LDAP).
If other fields are present, the behavior is undefined.
.LP
At this time,
.B ldap_open()
and 
.B ldap_init()
are deprecated in favor of
.BR ldap_initialize() ,
essentially because the latter allows to specify a schema in the URI
and it explicitly returns an error code.
.LP
.B ldap_init_fd()
allows an LDAP structure to be initialized using an already-opened
connection. The
.I proto
parameter should be one of LDAP_PROTO_TCP, LDAP_PROTO_UDP,
or LDAP_PROTO_IPC
for a connection using TCP, UDP, or IPC, respectively. The value
LDAP_PROTO_EXT
may also be specified if user-supplied sockbuf handlers are going to
be used. Note that support for UDP is not implemented unless libldap
was built with LDAP_CONNECTIONLESS defined.
The
.I uri
parameter may optionally be provided for informational purposes.
.LP
.B ldap_set_urllist_proc()
allows to set a function
.I proc
of type
.I LDAP_URLLIST_PROC
that is called when a successful connection can be established.
This function receives the list of URIs parsed from the
.I uri
string originally passed to
.BR ldap_initialize() ,
and the one that successfully connected.
The function may manipulate the URI list; the typical use consists
in moving the successful URI to the head of the list,
so that subsequent attempts to connect to one of the URIs using the same LDAP handle
will try it first.
If
.I ld
is null,
.I proc
is set as a global parameter that is inherited by all handlers
within the process that are created after the call to
.BR ldap_set_urllist_proc() .
By default, no 
.I LDAP_URLLIST_PROC
is set.
In a multithreaded environment,
.B ldap_set_urllist_proc()
must be called before any concurrent operation using the LDAP handle is started.

Note: the first call into the LDAP library also initializes the global
options for the library. As such the first call should be single-threaded
or otherwise protected to insure that only one call is active. It is
recommended that
.BR ldap_get_option ()
or
.BR ldap_set_option ()
be used in the program's main thread before any additional threads are created.
See
.BR ldap_get_option (3).

.SH ERRORS
If an error occurs,
.B ldap_open()
and
.B ldap_init()
will return NULL and 
.I errno
should be set appropriately.
.B ldap_initialize()
and
.B ldap_init_fd()
will directly return the LDAP code associated to the error (or
.I LDAP_SUCCESS
in case of success);
.I errno
should be set as well whenever appropriate.
.B ldap_set_urllist_proc()
returns LDAP_OPT_ERROR on error, and LDAP_OPT_SUCCESS on success.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_bind (3),
.BR ldap_get_option (3),
.BR ldap_set_option (3),
.BR lber-sockbuf (3),
.BR errno (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 226 stdin
PK�����lSi\NO
��O
����man3/ldap_next_message.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_MESSAGE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_messages( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_message( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_message( LDAP *ld, LDAPMessage *message )
.SH DESCRIPTION
.LP
These routines are used to step through the messages in a result chain
received from
.BR ldap_result (3) .
For search operations, the result chain can contain referral, entry
and result messages. The
.BR ldap_msgtype (3)
function can be used to distinguish between the different message types.
.LP
The
.B ldap_first_message()
routine is used to retrieve the first message in a result chain.
It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first message in the result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_message()
to get the next message, the result of which should be
supplied to the next call to
.BR ldap_next_message() ,
etc.
.B ldap_next_message()
will return NULL when there are no more messages.
.LP
These functions are useful when using routines like
.BR ldap_parse_result (3)
that only operate on the first result in the chain.
.LP
A count of the number of messages in the result chain can be obtained
by calling
.BR ldap_count_messages() .
It can also be used to count the number of remaining messages in a chain
if called with a message, entry or reference returned by
.B ldap_first_message() ,
.B ldap_next_message() ,
.BR ldap_first_entry (3) ,
.BR ldap_next_entry (3) ,
.BR ldap_first_reference (3) ,
.BR ldap_next_reference (3) .
.SH ERRORS
If an error occurs in
.B ldap_first_message()
or
.BR ldap_next_message() ,
NULL is returned.  If an error occurs in
.BR ldap_count_messages() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_search (3),
.BR ldap_result (3),
.BR ldap_parse_result (3),
.BR ldap_first_entry (3),
.BR ldap_first_reference (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 83 stdin
PK�����lSi\�w;+-	��-	����man3/ldap_first_reference.3nu��[�����������.lf 1 stdin
.TH LDAP_FIRST_REFERENCE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_count_references( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_first_reference( LDAP *ld, LDAPMessage *result )
.LP
.ft B
LDAPMessage *ldap_next_reference( LDAP *ld, LDAPMessage *reference )
.SH DESCRIPTION
.LP
These routines are used to step through the continuation references in a
result chain received from
.BR ldap_result (3)
or the synchronous LDAP search operation routines.
.LP
The
.B ldap_first_reference()
routine is used to retrieve the first reference message in a
result chain.  It takes the \fIresult\fP as returned by a call to
.BR ldap_result (3) ,
.BR ldap_search_s (3)
or
.BR ldap_search_st (3)
and returns a pointer to the first reference message in the
result chain.
.LP
This pointer should be supplied on a subsequent call to
.B ldap_next_reference()
to get the next reference message, the result of which should be
supplied to the next call to
.BR ldap_next_reference() ,
etc.
.B ldap_next_reference()
will return NULL when there are no more reference messages.
The reference messages returned from these calls are used by
.BR ldap_parse_reference (3)
to extract referrals and controls.
.LP
A count of the number of reference messages in the search result can be
obtained by calling
.BR ldap_count_references() .
It can also be used to count the number of reference messages remaining
in a result chain.
.SH ERRORS
If an error occurs in
.B ldap_first_reference()
or
.BR ldap_next_reference() ,
NULL is returned.  If an error occurs in
.BR ldap_count_references() ,
-1 is returned.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_parse_reference (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 72 stdin
PK�����lSi\}�q �
���
����man3/ldap_add_ext.3nu��[�����������.lf 1 stdin
.TH LDAP_ADD 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.ft B
#include <ldap.h>
.LP
.ft B
.nf
int ldap_add_ext(
.RS
.ft B
LDAP *\fIld,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl **\fIsctrls\fB,
LDAPControl **\fIcctrls\fB,
int *\fImsgidp\fB );
.RE
.LP
.ft B
.nf
int ldap_add_ext_s(
.RS
LDAP *\fIld\fB,
const char *\fIdn\fB,
LDAPMod **\fIattrs\fB,
LDAPControl *\fIsctrls\fB,
LDAPControl *\fIcctrls\fB );
.RE
.fi
.SH DESCRIPTION
The
.B ldap_add_ext_s()
routine is used to perform an LDAP add operation.
It takes \fIdn\fP, the DN of the entry to add, and \fIattrs\fP, a
null-terminated array of the entry's attributes.  The LDAPMod structure
is used to represent attributes, with the \fImod_type\fP and
\fImod_values\fP fields being used as described under
.BR ldap_modify_ext (3),
and the \fIldap_op\fP field being used only if you need to specify
the LDAP_MOD_BVALUES option. Otherwise, it should be set to zero.
.LP
Note that all entries except that
specified by the last component in the given DN must already exist.
.B ldap_add_ext_s()
returns an code indicating success or, in the case of failure,
indicating the nature of failure of the operation.  See
.BR ldap_error (3)
for more details.
.LP
The
.B ldap_add_ext()
routine works just like
.BR ldap_add_ext_s() ,
but it is asynchronous.  It returns the message id of the request it
initiated.  The result of this operation can be obtained by calling
.BR ldap_result (3).
.SH DEPRECATED INTERFACES
The
.BR ldap_add ()
and
.BR ldap_add_s ()
routines are deprecated in favor of the
.BR ldap_add_ext ()
and
.BR ldap_add_ext_s ()
routines, respectively.
.LP
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 76 stdin
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_modify (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����lSi\m�&$��$����man3/ldap_err2string.3nu��[�����������.lf 1 stdin
.TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_err2string( int \fIerr\fB );
.SH DESCRIPTION
The
.B ldap_err2string()
routine provides short description of the various codes returned by
routines in this library.  The returned string is a pointer to a
static area that should not be modified.

These codes are either negative,
indicating an API error code; positive, indicating an LDAP resultCode
other than \'success' (0), or - zero, indicating both successful use
of the API and the LDAP resultCode \'success' (0).

The code associated with an LDAP session is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).

.SH PROTOCOL RESULT CODES

This section provides a partial list of protocol codes recognized
by the library.  As LDAP is extensible, additional values may be
returned.  A complete listing of \fIregistered\fP LDAP result codes
can be obtained from the \fIInternet Assigned Numbers Authority\fP
<http://www.iana.org>.

.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.

.SH API ERROR CODES

This section provides a complete list of API error codes recognized
by the library.   Note that LDAP_SUCCESS indicates success of an
API call in addition to representing the return of the LDAP
\'success' resultCode.


.LP
.TP 20
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred.  This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap library routine.
.TP
.SM LDAP_USER_CANCELED
Indicates the user cancelled the operation.
.TP
.SM LDAP_CONNECT_ERROR
Indicates a connection problem.
.TP
.SM LDAP_NOT_SUPPORTED
Indicates the routine was called in a manner not supported by the library.
.TP
.SM LDAP_CONTROL_NOT_FOUND
Indicates the control provided is unknown to the client library.
.TP
.SM LDAP_NO_RESULTS_RETURNED
Indicates no results returned.
.TP
.SM LDAP_MORE_RESULTS_TO_RETURN
Indicates more results could be returned.
.TP
.SM LDAP_CLIENT_LOOP
Indicates the library has detected a loop in its processing.
.TP
.SM LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates the referral limit has been exceeded.

.SH DEPRECATED
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 220 stdin

.SH SEE ALSO
.BR ldap (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 225 stdin
PK�����lSi\g�d"#��"#����man3/ldap_attributetype2str.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����lSi\g�d"#��"#����man3/ldap_matchingrule2name.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����lSi\�6+��������man3/ldap_parse_sort_control.3nu��[�����������.lf 1 stdin
.TH LDAP_PARSE_SORT-CONTROL 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_sort_control \- Decode the information returned from a search operation that used a server-side sort control
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_parse_sort_control(ld, ctrls, returnCode, attribute)
.ft
LDAP *ld;
LDAPControl **ctrls;
unsigned long *returnCode;
char **attribute;
.SH DESCRIPTION
This function is used to parse the results returned in a search operation
that uses a server-side sort control.
.LP
It takes a null terminated array of LDAPControl structures usually obtained
by a call to the 
.BR ldap_parse_result
function. A returncode which points to the sort control result code,and an array
of LDAPControl structures that list the client controls to use with the search.
The function also takes an out parameter \fIattribute\fP and if the sort operation
fails, the server may return a string that indicates the first attribute in the
sortKey list that caused the failure. If this parameter is NULL, no string is
returned. If a string is returned, the memory should be freed by calling the
ldap_memfree function.
.SH NOTES
.SH SEE ALSO
.BR ldap_result (3),
.BR ldap_controls_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 41 stdin
PK�����lSi\�5^#v1��v1����man3/ber_get_int.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����lSi\
ݴ�������man3/ldap_is_ldap_url.3nu��[�����������.lf 1 stdin
.TH LDAP_URL 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_is_ldap_url( const char *url )
.LP
.ft B
int ldap_url_parse( const char *url, LDAPURLDesc **ludpp )
.LP
typedef struct ldap_url_desc {
    char *      lud_scheme;     /* URI scheme */
    char *      lud_host;       /* LDAP host to contact */
    int         lud_port;       /* port on host */
    char *      lud_dn;         /* base for search */
    char **     lud_attrs;      /* list of attributes */
    int         lud_scope;      /* a LDAP_SCOPE_... value */
    char *      lud_filter;     /* LDAP search filter */
    char **     lud_exts;       /* LDAP extensions */
    int         lud_crit_exts;  /* true if any extension is critical */
    /* may contain additional fields for internal use */
} LDAPURLDesc;
.LP
.ft B
void ldap_free_urldesc( LDAPURLDesc *ludp );
.SH DESCRIPTION
These routines support the use of LDAP URLs (Uniform Resource Locators)
as detailed in RFC 4516.  LDAP URLs look like this:
.nf

  \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]

where:
  \fIhostport\fP is a host name with an optional ":portnumber"
  \fIdn\fP is the search base
  \fIattrs\fP is a comma separated list of attributes to request
  \fIscope\fP is one of these three strings:
    base one sub (default=base)
  \fIfilter\fP is filter
  \fIexts\fP are recognized set of LDAP and/or API extensions.

Example:
  ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*)

.fi
.LP
URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also
tolerated.  Alternative LDAP schemes such as ldaps:// and ldapi:// may be
parsed using the below routines as well.
.LP
.B ldap_is_ldap_url()
returns a non-zero value if \fIurl\fP looks like an LDAP URL (as
opposed to some other kind of URL).  It can be used as a quick check
for an LDAP URL; the
.B ldap_url_parse()
routine should be used if a more thorough check is needed.
.LP
.B ldap_url_parse()
breaks down an LDAP URL passed in \fIurl\fP into its component pieces.
If successful, zero is returned, an LDAP URL description is
allocated, filled in, and \fIludpp\fP is set to point to it.  If an
error occurs, a non-zero URL error code is returned.
.LP
.B ldap_free_urldesc()
should be called to free an LDAP URL description that was obtained from
a call to
.B ldap_url_parse().
.SH SEE ALSO
.nf
.BR ldap (3)
.BR "RFC 4516" " <http://www.rfc-editor.org/rfc/rfc4516.txt>"
.SH ACKNOWLEDGEMENTS
.fi
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 84 stdin
PK�����lSi\���������!��man3/ldap_parse_extended_result.3nu��[�����������.lf 1 stdin
.TH LDAP_PARSE_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_parse_result( LDAP *ld, LDAPMessage *result,
	int *errcodep, char **matcheddnp, char **errmsgp,
	char ***referralsp, LDAPControl ***serverctrlsp,
	int freeit )
.LP
.ft B
int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result,
	struct berval **servercredp, int freeit )
.LP
.ft B
int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result,
	char **retoidp, struct berval **retdatap, int freeit )
.SH DESCRIPTION
.LP
These routines are used to extract information from a result message.
They will operate on the first result message in a chain of search
results (skipping past other message types). They take the \fIresult\fP
as returned by a call to
.BR ldap_result (3),
.BR ldap_search_s (3)
or
.BR ldap_search_st (3).
In addition to
.BR ldap_parse_result() ,
the routines
.B ldap_parse_sasl_bind_result()
and
.B ldap_parse_extended_result()
are used to get all the result information from SASL bind and extended
operations.
.LP
The \fIerrcodep\fP parameter will be filled in with the result code from
the result message.
.LP
The server might supply a matched DN string in the message indicating
how much of a name in a request was recognized. The \fImatcheddnp\fP
parameter will be filled in with this string if supplied, else it will
be NULL. If a string is returned, it should be freed using
.BR ldap_memfree (3).
.LP
The \fIerrmsgp\fP parameter will be filled in with the error message
field from the parsed message. This string should be freed using
.BR ldap_memfree (3).
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
referral strings from the parsed message. This array should be freed using
.BR ldap_memvfree (3).
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
controls copied from the parsed message. The array should be freed using
.BR ldap_controls_free (3).
If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
.LP
The \fIfreeit\fP parameter determines whether the parsed message is
freed or not after the extraction. Any non-zero value will make it
free the message. The
.BR ldap_msgfree (3)
routine can also be used to free the message later.
.LP
For SASL bind results, the \fIservercredp\fP parameter will be filled in
with an allocated berval structure containing the credentials from the
server if present. The structure should be freed using
.BR ber_bvfree (3).
.LP
For extended results, the \fIretoidp\fP parameter will be filled in
with the dotted-OID text representation of the name of the extended
operation response. The string should be freed using
.BR ldap_memfree (3).
If no OID was returned, \fI*retoidp\fP is set to NULL.
.LP
For extended results, the \fIretdatap\fP parameter will be filled in
with a pointer to a berval structure containing the data from the
extended operation response. The structure should be freed using
.BR ber_bvfree (3).
If no data were returned, \fI*retdatap\fP is set to NULL.
.LP
For all the above result parameters, NULL values can be used in calls
in order to ignore certain fields.
.SH ERRORS
Upon success LDAP_SUCCESS is returned. Otherwise the values of the
result parameters are undefined.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_memfree (3),
.BR ldap_memvfree (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 108 stdin
PK�����lSi\�5^#v1��v1����man3/lber-decode.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����lSi\�5^#v1��v1����man3/ber_get_enum.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����lSi\��1ܽ�������man3/ldap_control_free.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����lSi\�շY��������man3/ber_bvstr.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����lSi\]�Ib�	���	����man3/ldap_delete.3nu��[�����������.lf 1 stdin
.TH LDAP_DELETE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_delete_s(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
.LP
.ft B
int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
int *msgidp;
.LP
.ft B
int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls)
.ft
LDAP *ld;
char *dn;
LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
asynchronously. It takes the same parameters as
.BR ldap_delete_s(),
but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
.LP
The
.B ldap_delete_ext()
routine  allows  server  and client controls to be 
specified to extend the delete request. This routine is asynchronous like 
ldap_delete(), but its return value is an LDAP error code. It stores the 
message id of the request in the integer pointed to by msgidp.
.LP
The
.B ldap_delete_ext_s()
routine is the synchronous version of
.BR ldap_delete_ext().
It also returns an LDAP error code indicating success 
or failure of the operation.
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
returns \-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
.LP
.B ldap_delete_ext()
and
.B ldap_delete_ext_s()
return some Non-zero value if
something  went wrong initiating the request, else return 0.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 90 stdin
PK�����lSi\�շY��������man3/ber_bvstrdup.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����lSi\��q��q����man3/ldap_dcedn2dn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����lSi\'�t!��������man3/ldap_tls_inplace.3nu��[�����������.lf 1 stdin
.TH LDAP_TLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_start_tls(LDAP *" ld ");"
.LP
.BI "int ldap_start_tls_s(LDAP *" ld ", LDAPControl **" serverctrls ", LDAPControl **" clientctrls ");"
.LP
.BI "int ldap_tls_inplace(LDAP *" ld ");"
.LP
.BI "int ldap_install_tls(LDAP *" ld ");"
.SH DESCRIPTION
These routines are used to initiate TLS processing on an LDAP session.
.BR ldap_start_tls_s ()
sends a StartTLS request to a server, waits for the reply, and then installs
TLS handlers on the session if the request succeeded. The routine returns
.B LDAP_SUCCESS
if everything succeeded, otherwise it returns an LDAP error code.
.BR ldap_start_tls ()
sends a StartTLS request to a server and does nothing else. It returns
.B LDAP_SUCCESS
if the request was sent successfully.
.BR ldap_tls_inplace ()
returns 1 if TLS handlers have been installed on the specified session, 0
otherwise.
.BR ldap_install_tls ()
installs the TLS handlers on the given session. It returns
.B LDAP_LOCAL_ERROR
if TLS is already installed.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 42 stdin
PK�����lSi\���0��0����man3/ldap_memvfree.3nu��[�����������.lf 1 stdin
.TH LDAP_MEMORY 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "void ldap_memfree(void *" p ");"
.LP
.BI "void ldap_memvfree(void **" v ");"
.LP
.BI "void *ldap_memalloc(ber_len_t " s ");"
.LP
.BI "void *ldap_memcalloc(ber_len_t " n ", ber_len_t " s ");"
.LP
.BI "void *ldap_memrealloc(void *" p ", ber_len_t " s ");"
.LP
.BI "char *ldap_strdup(LDAP_CONST char *" p ");"
.SH DESCRIPTION
These routines are used to allocate/deallocate memory used/returned
by the LDAP library.
.BR ldap_memalloc (),
.BR ldap_memcalloc (),
.BR ldap_memrealloc (),
and
.BR ldap_memfree ()
are used exactly like the standard
.BR malloc (3),
.BR calloc (3),
.BR realloc (3),
and
.BR free (3)
routines, respectively.
The
.BR ldap_memvfree ()
routine is used to free a dynamically allocated array of pointers to
arbitrary dynamically allocated objects.
The
.BR ldap_strdup ()
routine is used exactly like the standard
.BR strdup (3)
routine.
.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 51 stdin
PK�����lSi\g�d"#��"#����man3/ldap_syntax_free.3nu��[�����������.lf 1 stdin
.TH LDAP_SCHEMA 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 2000-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
#include <ldap_schema.h>
.LP
.ft B
LDAPSyntax * ldap_str2syntax(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_syntax2str(syn)
.ft
const LDAPSyntax * syn;
.LP
.ft B
const char * ldap_syntax2name(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
ldap_syntax_free(syn)
.ft
LDAPSyntax * syn;
.LP
.ft B
LDAPMatchingRule * ldap_str2matchingrule(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_matchingrule2str(mr);
.ft
const LDAPMatchingRule * mr;
.LP
.ft B
const char * ldap_matchingrule2name(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
ldap_matchingrule_free(mr)
.ft
LDAPMatchingRule * mr;
.LP
.ft B
LDAPAttributeType * ldap_str2attributetype(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_attributetype2str(at)
.ft
const LDAPAttributeType * at;
.LP
.ft B
const char * ldap_attributetype2name(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
ldap_attributetype_free(at)
.ft
LDAPAttributeType * at;
.LP
.ft B
LDAPObjectClass * ldap_str2objectclass(s, code, errp, flags)
.ft
const char * s;
int * code;
const char ** errp;
const int flags;
.LP
.ft B
char * ldap_objectclass2str(oc)
.ft
const LDAPObjectClass * oc;
.LP
.ft B
const char * ldap_objectclass2name(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
ldap_objectclass_free(oc)
.ft
LDAPObjectClass * oc;
.LP
.ft B
char * ldap_scherr2str(code)
.ft
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 4512 into structs and handle these structs.  These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes.  For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind.  The caller is
responsible for freeing the struct by calling
.B ldap_xxx_free()
when not needed any longer.  The routine returns NULL if some problem
happened.  In this case, the integer pointed at by argument
.IR code
will receive an error code (see below the description of
.B ldap_scherr2str()
for an explanation of the values) and a pointer to a NUL-terminated
string will be placed where requested by argument
.IR errp
, indicating where in argument
.IR s
the error happened, so it must not be freed by the caller.  Argument
.IR flags
is a bit mask of parsing options controlling the relaxation of the
syntax recognized.  The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
.TP
.B LDAP_SCHEMA_ALLOW_QUOTED
permit quotes around some items that should not have them.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR
permit a
.B descr
instead of a numeric OID in places where the syntax expect the latter.
.TP
.B LDAP_SCHEMA_ALLOW_DESCR_PREFIX
permit that the initial numeric OID contains a prefix in
.B descr
format.
.TP
.B LDAP_SCHEMA_ALLOW_ALL
be very liberal, include all options.
.LP
The structures returned are as follows:
.sp
.RS
.nf
.ne 7
.ta 8n 16n 32n
typedef struct ldap_schema_extension_item {
	char *lsei_name;	/* Extension name */
	char **lsei_values;	/* Extension values */
} LDAPSchemaExtensionItem;

typedef struct ldap_syntax {
	char *syn_oid;		/* OID */
	char **syn_names;	/* Names */
	char *syn_desc;		/* Description */
	LDAPSchemaExtensionItem **syn_extensions; /* Extension */
} LDAPSyntax;

typedef struct ldap_matchingrule {
	char *mr_oid;		/* OID */
	char **mr_names;	/* Names */
	char *mr_desc;		/* Description */
	int  mr_obsolete;	/* Is obsolete? */
	char *mr_syntax_oid;	/* Syntax of asserted values */
	LDAPSchemaExtensionItem **mr_extensions; /* Extensions */
} LDAPMatchingRule;

typedef struct ldap_attributetype {
	char *at_oid;		/* OID */
	char **at_names;	/* Names */
	char *at_desc;		/* Description */
	int  at_obsolete;	/* Is obsolete? */
	char *at_sup_oid;	/* OID of superior type */
	char *at_equality_oid;	/* OID of equality matching rule */
	char *at_ordering_oid;	/* OID of ordering matching rule */
	char *at_substr_oid;	/* OID of substrings matching rule */
	char *at_syntax_oid;	/* OID of syntax of values */
	int  at_syntax_len;	/* Suggested minimum maximum length */
	int  at_single_value;	/* Is single-valued?  */
	int  at_collective;	/* Is collective? */
	int  at_no_user_mod;	/* Are changes forbidden through LDAP? */
	int  at_usage;		/* Usage, see below */
	LDAPSchemaExtensionItem **at_extensions; /* Extensions */
} LDAPAttributeType;

typedef struct ldap_objectclass {
	char *oc_oid;		/* OID */
	char **oc_names;	/* Names */
	char *oc_desc;		/* Description */
	int  oc_obsolete;	/* Is obsolete? */
	char **oc_sup_oids;	/* OIDs of superior classes */
	int  oc_kind;		/* Kind, see below */
	char **oc_at_oids_must;	/* OIDs of required attribute types */
	char **oc_at_oids_may;	/* OIDs of optional attribute types */
	LDAPSchemaExtensionItem **oc_extensions; /* Extensions */
} LDAPObjectClass;
.ta
.fi
.RE
.PP
Some integer fields (those described with a question mark) have a
truth value, for these fields the possible values are:
.TP
.B LDAP_SCHEMA_NO
The answer to the question is no.
.TP
.B LDAP_SCHEMA_YES
The answer to the question is yes.
.LP
For attribute types, the following usages are possible:
.TP
.B LDAP_SCHEMA_USER_APPLICATIONS
the attribute type is non-operational.
.TP
.B LDAP_SCHEMA_DIRECTORY_OPERATION
the attribute type is operational and is pertinent to the directory
itself, i.e. it has the same value on all servers that master the
entry containing this attribute type.
.TP
.B LDAP_SCHEMA_DISTRIBUTED_OPERATION
the attribute type is operational and is pertinent to replication,
shadowing or other distributed directory aspect.  TBC.
.TP
.B LDAP_SCHEMA_DSA_OPERATION
the attribute type is operational and is pertinent to the directory
server itself, i.e. it may have different values for the same entry
when retrieved from different servers that master the entry.
.LP
Object classes can be of three kinds:
.TP
.B LDAP_SCHEMA_ABSTRACT
the object class is abstract, i.e. there cannot be entries of this
class alone.
.TP
.B LDAP_SCHEMA_STRUCTURAL
the object class is structural, i.e. it describes the main role of the
entry.  On some servers, once the entry is created the set of
structural object classes assigned cannot be changed: none of those
present can be removed and none other can be added.
.TP
.B LDAP_SCHEMA_AUXILIARY
the object class is auxiliary, i.e. it is intended to go with other,
structural, object classes.  These can be added or removed at any time
if attribute types are added or removed at the same time as needed by
the set of object classes resulting from the operation.
.LP
Routines
.B ldap_xxx2name()
return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 4512 of
the struct passed in the argument.  The string is a newly allocated
string that must be freed by the caller.  These routines may return
NULL if no memory can be allocated for the string.
.LP
.B ldap_scherr2str()
returns a NUL-terminated string with a text description of the error
found.  This is a pointer to a static area, so it must not be freed by
the caller.  The argument
.IR code
comes from one of the parsing routines and can adopt the following
values:
.TP
.B LDAP_SCHERR_OUTOFMEM
Out of memory.
.TP
.B LDAP_SCHERR_UNEXPTOKEN
Unexpected token.
.TP
.B LDAP_SCHERR_NOLEFTPAREN
Missing opening parenthesis.
.TP
.B LDAP_SCHERR_NORIGHTPAREN
Missing closing parenthesis.
.TP
.B LDAP_SCHERR_NODIGIT
Expecting digit.
.TP
.B LDAP_SCHERR_BADNAME
Expecting a name.
.TP
.B LDAP_SCHERR_BADDESC
Bad description.
.TP
.B LDAP_SCHERR_BADSUP
Bad superiors.
.TP
.B LDAP_SCHERR_DUPOPT
Duplicate option.
.TP
.B LDAP_SCHERR_EMPTY
Unexpected end of data.

.SH SEE ALSO
.BR ldap (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 321 stdin
PK�����lSi\��A
	��	����man3/ldap_modrdn2.3nu��[�����������.lf 1 stdin
.TH LDAP_MODRDN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_modrdn(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
.LP
.ft B
int ldap_modrdn_s(ld, dn, newrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
.LP
.ft B
int ldap_modrdn2(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.LP
.ft B
int ldap_modrdn2_s(ld, dn, newrdn, deleteoldrdn)
.ft
LDAP \(**ld;
char \(**dn, \(**newrdn;
int deleteoldrdn;
.SH DESCRIPTION
The
.B ldap_modrdn()
and
.B ldap_modrdn_s()
routines perform an LDAP modify
RDN operation.  They both take \fIdn\fP, the DN of the entry whose
RDN is to be changed, and \fInewrdn\fP, the new RDN to give the entry.
The old RDN of the entry is never kept as an attribute of the entry.
.B ldap_modrdn()
is asynchronous, returning the message id of the operation
it initiates.
.B ldap_modrdn_s()
is synchronous, returning the LDAP error
code indicating the success or failure of the operation.  Use of
these routines is deprecated.  Use the versions described below
instead.
.LP
The
.B ldap_modrdn2()
and
.B ldap_modrdn2_s()
routines also perform an LDAP
modify RDN operation, taking the same parameters as above.  In addition,
they both take the \fIdeleteoldrdn\fP parameter which is used as a boolean
value to indicate whether the old RDN values should be deleted from
the entry or not.
.SH ERRORS
The synchronous (_s) versions of these routines return an LDAP error
code, either LDAP_SUCCESS or an error if there was trouble.
The asynchronous versions return \-1 in case
of trouble, setting the
.B ld_errno
field of \fIld\fP.  See
.BR ldap_error (3)
for more details.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 82 stdin
PK�����lSi\��MK$��K$����man3/ber_alloc_t.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����lSi\���.���.����man3/ldap_bind.3nu��[�����������.lf 1 stdin
.TH LDAP_BIND 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.B #include <ldap.h>
.LP
.BI "int ldap_bind(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_bind_s(LDAP *" ld ", const char *" who ", const char *" cred ","
.RS
.BI "int " method ");"
.RE
.LP
.BI "int ldap_simple_bind(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_simple_bind_s(LDAP *" ld ", const char *" who ", const char *" passwd ");"
.LP
.BI "int ldap_sasl_bind(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], int *" msgidp ");"
.RE
.LP
.BI "int ldap_sasl_bind_s(LDAP *" ld ", const char *" dn ", const char *" mechanism ","
.RS
.BI "struct berval *" cred ", LDAPControl *" sctrls "[],"
.BI "LDAPControl *" cctrls "[], struct berval **" servercredp ");"
.RE
.LP
.BI "int ldap_parse_sasl_bind_result(LDAP *" ld ", LDAPMessage *" res ","
.RS
.BI "struct berval **" servercredp ", int " freeit ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind_s(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ");"
.RE
.LP
.BI "int ldap_sasl_interactive_bind(LDAP *" ld ", const char *" dn ","
.RS
.BI "const char *" mechs ","
.BI "LDAPControl *" sctrls "[], LDAPControl *" cctrls "[],"
.BI "unsigned " flags ", LDAP_SASL_INTERACT_PROC *" interact ","
.BI "void *" defaults ", LDAPMessage *" result ","
.BI "const char **" rmechp ", int *" msgidp ");"
.RE
.LP
.BI "int (LDAP_SASL_INTERACT_PROC)(LDAP *" ld ", unsigned " flags ", void *" defaults ", void *" sasl_interact ");"
.LP
.BI "int ldap_unbind(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_s(LDAP *" ld ");"
.LP
.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
.RS
.BI "LDAPControl *" cctrls "[]);"
.RE
.LP
.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params ");"
.LP
.BI "int (LDAP_REBIND_PROC)(LDAP *" ld ", LDAP_CONST char *" url ", ber_tag_t " request ", ber_int_t " msgid ", void *" params ");"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
After an association with an LDAP server is made using
.BR ldap_init (3),
an LDAP bind operation should be performed before other operations are
attempted over the connection.  An LDAP bind is required when using
Version 2 of the LDAP protocol; it is optional for Version 3 but is
usually needed due to security considerations.
.LP
There are three types of bind calls, ones providing simple authentication,
ones providing SASL authentication, and general routines capable of doing
either simple or SASL authentication.
.LP
.B SASL
(Simple Authentication and Security Layer)
can negotiate one of many different kinds of authentication.
Both synchronous and asynchronous versions of each variant of the bind
call are provided.  All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
It takes the DN to bind as in \fIwho\fP, and the userPassword associated
with the entry in \fIpasswd\fP.  It returns an LDAP error indication
(see
.BR ldap_error (3)).
The
.B ldap_simple_bind()
call is asynchronous,
taking the same parameters but only initiating the bind operation and
returning the message id of the request it sent.  The result of the
operation can be obtained by a subsequent call to
.BR ldap_result (3).
The
.B ldap_sasl_bind_s()
and asynchronous
.B ldap_sasl_bind()
functions can also be used to make a simple bind by using
LDAP_SASL_SIMPLE as the SASL mechanism.
.SH GENERAL AUTHENTICATION
The
.B ldap_bind()
and
.B ldap_bind_s()
routines can be used when the
authentication method to use needs to be selected at runtime.  They
both take an extra \fImethod\fP parameter selecting the authentication
method to use.  It should be set to LDAP_AUTH_SIMPLE
to select simple authentication.
.B ldap_bind()
returns the message id of the request it initiates.
.B ldap_bind_s()
returns an LDAP error indication.
.SH SASL AUTHENTICATION
For SASL binds the server always ignores any provided DN, so the
.I dn
parameter should always be NULL.
.BR ldap_sasl_bind_s ()
sends a single SASL bind request with the given SASL
.I mechanism
and credentials in the
.I cred
parameter. The format of the credentials depends on the particular
SASL mechanism in use. For mechanisms that provide mutual authentication
the server's credentials will be returned in the
.I servercredp
parameter.
The routine returns an LDAP error indication (see
.BR ldap_error (3)).
The
.BR ldap_sasl_bind ()
call is asynchronous, taking the same parameters but only sending the
request and returning the message id of the request it sent. The result of
the operation can be obtained by a subsequent
call to
.BR ldap_result (3).
The result must be additionally parsed by
.BR ldap_parse_sasl_bind_result ()
to obtain any server credentials sent from the server.
.LP
Many SASL mechanisms require multiple message exchanges to perform a
complete authentication. Applications should generally use
.BR ldap_sasl_interactive_bind_s ()
rather than calling the basic
.BR ldap_sasl_bind ()
functions directly. The
.I mechs
parameter should contain a space-separated list of candidate mechanisms
to use. If this parameter is NULL or empty the library will query
the supportedSASLMechanisms attribute from the server's rootDSE
for the list of SASL mechanisms the server supports. The
.I flags
parameter controls the interaction used to retrieve any necessary
SASL authentication parameters and should be one of:
.TP
LDAP_SASL_AUTOMATIC
use defaults if available, prompt otherwise
.TP
LDAP_SASL_INTERACTIVE
always prompt
.TP
LDAP_SASL_QUIET
never prompt
.LP
The
.I interact
function uses the provided
.I defaults
to handle requests from the SASL library for particular authentication
parameters. There is no defined format for the
.I defaults
information;
it is up to the caller to use whatever format is appropriate for the
supplied
.I interact
function.
The
.I sasl_interact
parameter comes from the underlying SASL library. When used with Cyrus SASL
this is an array of
.B sasl_interact_t
structures. The Cyrus SASL library will prompt for a variety of inputs,
including:
.TP
SASL_CB_GETREALM
the realm for the authentication attempt
.TP
SASL_CB_AUTHNAME
the username to authenticate
.TP
SASL_CB_PASS
the password for the provided username
.TP
SASL_CB_USER
the username to use for proxy authorization
.TP
SASL_CB_NOECHOPROMPT
generic prompt for input with input echoing disabled
.TP
SASL_CB_ECHOPROMPT
generic prompt for input with input echoing enabled
.TP
SASL_CB_LIST_END
indicates the end of the array of prompts
.LP
See the Cyrus SASL documentation for more details.
.LP
Applications which need to manage connections asynchronously may use
.BR ldap_sasl_interactive_bind ()
instead of the synchronous version.
A valid mechs parameter must be supplied, otherwise the library will
be forced to query the server for a list of supported mechanisms,
and this query will be performed synchronously.
The other parameters are the same as
for the synchronous function, with three additional parameters.
The actual SASL mechanism that was used, and the message ID for use
with
.BR ldap_result ()
will be returned in rmechp and msgidp, respectively.
The value in rmechp must not be modified by the caller and must be
passed back on each subsequent call. The message obtained from
.BR ldap_result ()
must be passed in the result parameter.
This parameter must be NULL when initiating a new Bind. The caller
must free the result message after each call using
.BR ldap_msgfree ().
The
.BR ldap_sasl_interactive_bind ()
function returns an LDAP result code. If the code is
LDAP_SASL_BIND_IN_PROGRESS then the Bind is not complete yet, and
this function must be called again with the next result from the server.
.SH REBINDING
.LP
The
.B ldap_set_rebind_proc
function() sets the process to use for binding when an operation returns a
referral. This function is used when an application needs to bind to another server
in order to follow a referral or search continuation reference.
.LP
The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
the arbitrary data like state information which the client might need to properly rebind.
The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
to use the rebind function. Use the
.BR ldap_set_option
function to set the value.
.LP
The rebind function parameters are as follows:
.LP
The \fIld\fP parameter must be used by the application when binding to the
referred server if the application wants the libraries to follow the referral.
.LP
The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
The LDAP application can use the 
.BR ldap_url_parse (3)
function to parse the string into its components.
.LP
The \fIrequest\fP parameter specifies the type of request that generated the referral. 
.LP
The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
.LP
The \fIparams\fP parameter is the same value as passed originally to the
.BR ldap_set_rebind_proc ()
function.
.LP
The LDAP libraries set all the parameters when they call the rebind function. The application
should not attempt to free either the ld or the url structures in the rebind function.
.LP
The application must supply to the rebind function the required authentication information such as,
user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
call is used to unbind from the directory,
terminate the current association, and free the resources contained
in the \fIld\fP structure.  Once it is called, the connection to
the LDAP server is closed, and the \fIld\fP structure is invalid.
The
.B ldap_unbind_s()
call is just another name for
.BR ldap_unbind() ;
both of these calls are synchronous in nature.
.LP
The
.B ldap_unbind_ext()
and
.B ldap_unbind_ext_s()
allows the operations to specify  controls.
.SH ERRORS
Asynchronous routines will return \-1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure.  Synchronous
routines return whatever \fIld_errno\fP is set to.  See
.BR ldap_error (3)
for more information.
.SH NOTES
If an anonymous bind is sufficient for the application, the rebind process
need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
set to ON (default value) will automatically follow referrals using an anonymous bind.
.LP
If the application needs stronger authentication than an anonymous bind,
you need to provide a rebind process for that authentication method.
The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 335 stdin
PK�����lSi\�����������man3/ldap_parse_result.3nu��[�����������.lf 1 stdin
.TH LDAP_PARSE_RESULT 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_parse_result \- Parsing results
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
int ldap_parse_result( LDAP *ld, LDAPMessage *result,
	int *errcodep, char **matcheddnp, char **errmsgp,
	char ***referralsp, LDAPControl ***serverctrlsp,
	int freeit )
.LP
.ft B
int ldap_parse_sasl_bind_result( LDAP *ld, LDAPMessage *result,
	struct berval **servercredp, int freeit )
.LP
.ft B
int ldap_parse_extended_result( LDAP *ld, LDAPMessage *result,
	char **retoidp, struct berval **retdatap, int freeit )
.SH DESCRIPTION
.LP
These routines are used to extract information from a result message.
They will operate on the first result message in a chain of search
results (skipping past other message types). They take the \fIresult\fP
as returned by a call to
.BR ldap_result (3),
.BR ldap_search_s (3)
or
.BR ldap_search_st (3).
In addition to
.BR ldap_parse_result() ,
the routines
.B ldap_parse_sasl_bind_result()
and
.B ldap_parse_extended_result()
are used to get all the result information from SASL bind and extended
operations.
.LP
The \fIerrcodep\fP parameter will be filled in with the result code from
the result message.
.LP
The server might supply a matched DN string in the message indicating
how much of a name in a request was recognized. The \fImatcheddnp\fP
parameter will be filled in with this string if supplied, else it will
be NULL. If a string is returned, it should be freed using
.BR ldap_memfree (3).
.LP
The \fIerrmsgp\fP parameter will be filled in with the error message
field from the parsed message. This string should be freed using
.BR ldap_memfree (3).
.LP
The \fIreferralsp\fP parameter will be filled in with an allocated array of
referral strings from the parsed message. This array should be freed using
.BR ldap_memvfree (3).
If no referrals were returned, \fI*referralsp\fP is set to NULL.
.LP
The \fIserverctrlsp\fP parameter will be filled in with an allocated array of
controls copied from the parsed message. The array should be freed using
.BR ldap_controls_free (3).
If no controls were returned, \fI*serverctrlsp\fP is set to NULL.
.LP
The \fIfreeit\fP parameter determines whether the parsed message is
freed or not after the extraction. Any non-zero value will make it
free the message. The
.BR ldap_msgfree (3)
routine can also be used to free the message later.
.LP
For SASL bind results, the \fIservercredp\fP parameter will be filled in
with an allocated berval structure containing the credentials from the
server if present. The structure should be freed using
.BR ber_bvfree (3).
.LP
For extended results, the \fIretoidp\fP parameter will be filled in
with the dotted-OID text representation of the name of the extended
operation response. The string should be freed using
.BR ldap_memfree (3).
If no OID was returned, \fI*retoidp\fP is set to NULL.
.LP
For extended results, the \fIretdatap\fP parameter will be filled in
with a pointer to a berval structure containing the data from the
extended operation response. The structure should be freed using
.BR ber_bvfree (3).
If no data were returned, \fI*retdatap\fP is set to NULL.
.LP
For all the above result parameters, NULL values can be used in calls
in order to ignore certain fields.
.SH ERRORS
Upon success LDAP_SUCCESS is returned. Otherwise the values of the
result parameters are undefined.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
.BR ldap_search (3),
.BR ldap_memfree (3),
.BR ldap_memvfree (3),
.BR ldap_get_values (3),
.BR ldap_controls_free (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 108 stdin
PK�����lSi\�5^#v1��v1����man3/ber_first_element.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����lSi\��MK$��K$����man3/lber-encode.3nu��[�����������.lf 1 stdin
.TH LBER_ENCODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "int ber_flush(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_flush2(Sockbuf *" sb ", BerElement *" ber ", int " freeit ");"
.LP
.BI "int ber_printf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "int ber_put_int(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_enum(BerElement *" ber ", ber_int_t " num ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_ostring(BerElement *" ber ", const char *" str ", ber_len_t " len ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_string(BerElement *" ber ", const char *" str ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_null(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_boolean(BerElement *" ber ", ber_int_t " bool ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_bitstring(BerElement *" ber ", const char *" str ", ber_len_t " blen ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_seq(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_start_set(BerElement *" ber ", ber_tag_t " tag ");"
.LP
.BI "int ber_put_seq(BerElement *" ber ");"
.LP
.BI "int ber_put_set(BerElement *" ber ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This
man page describes the encoding routines in the lber library.  See
.BR lber-decode (3)
for details on the corresponding decoding routines.  Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_alloc_t ()
to allocate a BER element for encoding,
.BR ber_printf ()
to do the actual encoding, and
.BR ber_flush2 ()
to actually write the element.  The other routines are provided for those
applications that need more control than
.BR ber_printf ()
provides.  In
general, these routines return the length of the element encoded, or
\-1 if an error occurred.
.LP
The
.BR ber_alloc_t ()
routine is used to allocate a new BER element.  It
should be called with an argument of LBER_USE_DER.
.LP
The
.BR ber_flush2 ()
routine is used to actually write the element to a socket
(or file) descriptor, once it has been fully encoded (using
.BR ber_printf ()
and friends).  See
.BR lber-sockbuf (3)
for more details on the Sockbuf implementation of the \fIsb\fP parameter.
If the \fIfreeit\fP parameter is non-zero, the supplied \fIber\fP will
be freed.
If \fILBER_FLUSH_FREE_ON_SUCCESS\fP is used, the \fIber\fP is only freed
when successfully flushed, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ON_ERROR\fP is used, the \fIber\fP is only freed
when an error occurs, otherwise it is left intact;
if \fILBER_FLUSH_FREE_ALWAYS\fP is used, the \fIber\fP is freed anyway.
This function differs from the original
.BR ber_flush (3)
function, whose behavior corresponds to that indicated
for \fILBER_FLUSH_FREE_ON_SUCCESS\fP.
Note that in the future, the behavior of
.BR ber_flush (3)
with \fIfreeit\fP non-zero might change into that of
.BR ber_flush2 (3)
with \fIfreeit\fP set to \fILBER_FLUSH_FREE_ALWAYS\fP.
.LP
The
.BR ber_printf ()
routine is used to encode a BER element in much the same way that
.BR sprintf (3)
works.  One important difference, though, is
that some state information is kept with the \fIber\fP parameter so
that multiple calls can be made to
.BR ber_printf ()
to append things to the end of the BER element.
.BR Ber_printf ()
writes to \fIber\fP, a pointer to a BerElement such as returned by
.BR ber_alloc_t ().
It interprets and
formats its arguments according to the format string \fIfmt\fP.
The format string can contain the following characters:
.RS
.LP
.TP 3
.B b
Boolean.  An ber_int_t parameter should be supplied.  A boolean element
is output.
.TP
.B e
Enumeration.  An ber_int_t parameter should be supplied.  An
enumeration element is output.
.TP
.B i
Integer.  An ber_int_t parameter should be supplied.  An integer element
is output.
.TP
.B B
Bitstring.  A char * pointer to the start of the bitstring is supplied,
followed by the number of bits in the bitstring.  A bitstring element
is output.
.TP
.B n
Null.  No parameter is required.  A null element is output.
.TP
.B o
Octet string.  A char * is supplied, followed by the length of the
string pointed to.  An octet string element is output.
.TP
.B O
Octet string.  A struct berval * is supplied.
An octet string element is output.
.TP
.B s
Octet string.  A null-terminated string is supplied.  An octet string
element is output, not including the trailing NULL octet.
.TP
.B t
Tag.  A ber_tag_t specifying the tag to give the next element
is provided.  This works across calls.
.TP
.B v
Several octet strings.  A null-terminated array of char *'s is
supplied.  Note that a construct like '{v}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B V
Several octet strings.  A null-terminated array of struct berval *'s
is supplied.  Note that a construct like '{V}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B W
Several octet strings.  An array of struct berval's is supplied.  The
array is terminated by a struct berval with a NULL bv_val.
Note that a construct like '{W}' is required to get
an actual SEQUENCE OF octet strings.
.TP
.B {
Begin sequence.  No parameter is required.
.TP
.B }
End sequence.  No parameter is required.
.TP
.B [
Begin set.  No parameter is required.
.TP
.B ]
End set.  No parameter is required.
.RE
.LP
The
.BR ber_put_int ()
routine writes the integer element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_enum ()
routine writes the enumeration element \fInum\fP to the BER element \fIber\fP.
.LP
The
.BR ber_put_boolean ()
routine writes the boolean value given by \fIbool\fP to the BER element.
.LP
The
.BR ber_put_bitstring ()
routine writes \fIblen\fP bits starting
at \fIstr\fP as a bitstring value to the given BER element.  Note
that \fIblen\fP is the length \fIin bits\fP of the bitstring.
.LP
The
.BR ber_put_ostring ()
routine writes \fIlen\fP bytes starting at
\fIstr\fP to the BER element as an octet string.
.LP
The
.BR ber_put_string ()
routine writes the null-terminated string (minus
the terminating '\0') to the BER element as an octet string.
.LP
The
.BR ber_put_null ()
routine writes a NULL element to the BER element.
.LP
The
.BR ber_start_seq ()
routine is used to start a sequence in the BER element.  The
.BR ber_start_set ()
routine works similarly.
The end of the sequence or set is marked by the nearest matching call to
.BR ber_put_seq ()
or
.BR ber_put_set (),
respectively.
.SH EXAMPLES
Assuming the following variable declarations, and that the variables
have been assigned appropriately, an lber encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
can be achieved like so:
.LP
.nf
      int rc;
      ber_int_t    scope, ali, size, time, attrsonly;
      char   *dn, **attrs;
      BerElement *ber;

      /* ... fill in values ... */

      ber = ber_alloc_t( LBER_USE_DER );

      if ( ber == NULL ) {
              /* error */
      }

      rc = ber_printf( ber, "{siiiib{v}}", dn, scope, ali,
          size, time, attrsonly, attrs );

      if( rc == \-1 ) {
              /* error */
      } else {
              /* success */
      }
.fi
.SH ERRORS
If an error occurs during encoding, generally these routines return \-1.
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
<lber.h> header file.
.SH SEE ALSO
.BR lber-decode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 289 stdin
PK�����lSi\��q��q����man3/ldap_explode_rdn.3nu��[�����������.lf 1 stdin
.TH LDAP_GET_DN 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_get_dn( LDAP *ld, LDAPMessage *entry )
.LP
.ft B
int ldap_str2dn( const char *str, LDAPDN *dn, unsigned flags )
.LP
.ft B
void ldap_dnfree( LDAPDN dn )
.LP
.ft B
int ldap_dn2str( LDAPDN dn, char **str, unsigned flags )
.LP
.ft B
char **ldap_explode_dn( const char *dn, int notypes )
.LP
.ft B
char **ldap_explode_rdn( const char *rdn, int notypes )
.LP
.ft B
char *ldap_dn2ufn( const char * dn )
.LP
.ft B
char *ldap_dn2dcedn( const char * dn )
.LP
.ft B
char *ldap_dcedn2dn( const char * dn )
.LP
.ft B
char *ldap_dn2ad_canonical( const char * dn )
.SH DESCRIPTION
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
routine takes an \fIentry\fP as returned by
.BR ldap_first_entry (3)
or
.BR ldap_next_entry (3)
and returns a copy of
the entry's DN.  Space for the DN will be obtained dynamically
and should be freed by the caller using 
.BR ldap_memfree (3).
.LP
.B ldap_str2dn()
parses a string representation of a distinguished name contained in
.B str
into its components,
which are stored in 
.B dn
as
.B ldap_ava 
structures, arranged in
.B LDAPAVA,
.B LDAPRDN,
and 
.B LDAPDN
terms.  Space for
.B dn
will be obtained dynamically and should be freed by the caller using
.BR ldap_dnfree (3).
The
.B LDAPDN
is defined as:
.nf
.ft B

typedef struct ldap_ava {
    struct berval la_attr;
    struct berval la_value;
    unsigned la_flags;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

.ft
.fi
The attribute types and the attribute values are not normalized.
The
.B la_flags
can be either
.B LDAP_AVA_STRING
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
The
.B flags
parameter to
.B ldap_str2dn()
can be
.LP
.nf
	LDAP_DN_FORMAT_LDAPV3
	LDAP_DN_FORMAT_LDAPV2
	LDAP_DN_FORMAT_DCE

.fi
which defines what DN syntax is expected (according to RFC 4514, 
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP
.nf
	LDAP_DN_P_NO_SPACES
	LDAP_DN_P_NO_SPACE_AFTER_RDN
	...
	LDAP_DN_PEDANTIC

.fi
The latter is a shortcut for all the previous limitations.
.LP
.B LDAP_DN_P_NO_SPACES
does not allow extra spaces in the dn; the default is to silently
eliminate spaces around AVA separators ('='), RDN component separators
('+' for LDAPv3/LDAPv2 or ',' for DCE) and RDN separators 
(',' LDAPv3/LDAPv2 or '/' for DCE).
.LP
.B LDAP_DN_P_NO_SPACE_AFTER_RDN
does not allow a single space after RDN separators.
.LP
.B ldap_dn2str()
performs the inverse operation, yielding in 
.B str
a string representation of 
.B dn.
It allows the same values for
.B flags 
as
.B ldap_str2dn(),
plus
.LP
.nf
	LDAP_DN_FORMAT_UFN
	LDAP_DN_FORMAT_AD_CANONICAL

.fi
for user-friendly naming (RFC 1781) and AD canonical.
.LP
The following routines are viewed as deprecated in favor of
.B ldap_str2dn()
and
.BR ldap_dn2str().
They are provided to support legacy applications.
.LP
The
.B ldap_explode_dn()
routine takes a DN as returned by
.B ldap_get_dn()
and breaks it up into its component parts.  Each part is known as a
Relative Distinguished Name, or RDN.
.B ldap_explode_dn()
returns a
NULL-terminated array, each component of which contains an RDN from the
DN.  The \fInotypes\fP parameter is used to request that only the RDN
values be returned, not their types.  For example, the DN "cn=Bob,
c=US" would return as either { "cn=Bob", "c=US", NULL } or { "Bob",
"US", NULL }, depending on whether notypes was 0 or 1, respectively.
Assertion values in RDN strings may included escaped characters.
The result can be freed by calling
.BR ldap_value_free (3).
.LP
Similarly, the
.B ldap_explode_rdn()
routine takes an RDN as returned by
.B ldap_explode_dn(dn,0)
and breaks it up into its "type=value" component parts (or just "value",
if the \fInotypes\fP parameter is set).  Note the value is not
unescaped.  The result can be freed by calling
.BR ldap_value_free (3).
.LP
.B ldap_dn2ufn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names.  See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
for more details on the UFN format.  Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.LP
.B ldap_dn2dcedn()
is used to turn a DN as returned by
.BR ldap_get_dn (3)
into a DCE-style DN, e.g. a string with most-significant to least 
significant rdns separated by slashes ('/'); rdn components
are separated by commas (',').
Only printable chars (e.g. LDAPv2 printable string) are allowed,
at least in this implementation.
.B ldap_dcedn2dn()
performs the opposite operation.
.B ldap_dn2ad_canonical()
turns a DN into a AD canonical name, which is basically a DCE dn
with attribute types omitted.
The trailing domain, if present, is turned in a DNS-like domain.
The space for the returned value is obtained dynamically and the user
is responsible for freeing it via a call to
.BR ldap_memfree (3).
.SH ERRORS
If an error occurs in
.BR ldap_get_dn() ,
NULL is returned and the
.B ld_errno
field in the \fIld\fP parameter is set to indicate the error.  See
.BR ldap_error (3)
for a description of possible error codes.
.BR ldap_explode_dn() ,
.BR ldap_explode_rdn() ,
.B ldap_dn2ufn(),
.B ldap_dn2dcedn(),
.B ldap_dcedn2dn(),
and
.B ldap_dn2ad_canonical()
will return NULL with
.BR errno (3)
set appropriately in case of trouble.
.SH NOTES
These routines dynamically allocate memory that the caller must free.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_first_entry (3),
.BR ldap_memfree (3),
.BR ldap_value_free (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 247 stdin
PK�����lSi\��1ܽ�������man3/ldap_control_find.3nu��[�����������.lf 1 stdin
.TH LDAP_CONTROLS 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_control_create, ldap_control_find, ldap_control_dup,
ldap_controls_dup, ldap_control_free, ldap_controls_free
\- LDAP control manipulation routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.B #include <ldap.h>
.LP
.BI "int ldap_control_create(const char *" oid ", int " iscritical ", struct berval *" value ", int " dupval ", LDAPControl **" ctrlp ");"
.LP
.BI "LDAPControl *ldap_control_find( const char *" oid ", LDAPControl **" ctrls ", LDAPControl ***" nextctrlp ");"
.LP
.BI "LDAPControl *ldap_control_dup(LDAPControl *" ctrl ");"
.LP
.BI "LDAPControl **ldap_controls_dup(LDAPControl **" ctrls ");"
.LP
.BI "void ldap_control_free(LDAPControl *" ctrl ");"
.LP
.BI "void ldap_controls_free(LDAPControl **" ctrls ");"
.SH DESCRIPTION
These routines are used to manipulate structures used for LDAP controls.

.BR ldap_control_create ()
creates a control with the specified
.I OID
using the contents of the
.I value
parameter for the control value, if any.  The content of
.I value 
is duplicated if
.I dupval
is non-zero.  The
.I iscritical
parameter must be non-zero for a critical control. The created control
is returned in the
.I ctrlp
parameter.  The routine returns
.B LDAP_SUCCESS
on success or some other error code on failure.
The content of
.IR value ,
for supported control types, can be prepared using helpers provided
by this implementation of libldap, usually in the form
.BR "ldap_create_<control name>_control_value" ().
Otherwise, it can be BER-encoded using the functionalities of liblber.

.BR ldap_control_find ()
searches the NULL-terminated
.I ctrls
array for a control whose OID matches the
.I oid
parameter.  The routine returns a pointer to the control if found,
NULL otherwise.
If the parameter
.I nextctrlp
is not NULL, on return it will point to the next control
in the array, and can be passed to the
.BR ldap_control_find ()
routine for subsequent calls, to find further occurrences of the same 
control type.
The use of this function is discouraged; the recommended way of handling
controls in responses consists in going through the array of controls,
dealing with each of them in the returned order, since it could matter.

.BR ldap_control_dup ()
duplicates an individual control structure, and
.BR ldap_controls_dup ()
duplicates a NULL-terminated array of controls.

.BR ldap_control_free ()
frees an individual control structure, and
.BR ldap_controls_free ()
frees a NULL-terminated array of controls.

.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 85 stdin
PK�����lSi\�5^#v1��v1����man3/ber_skip_tag.3nu��[�����������.lf 1 stdin
.TH LBER_DECODE 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.BI "ber_tag_t ber_get_next(Sockbuf *" sb ", ber_len_t *" len ", BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_skip_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_peek_tag(BerElement *" ber ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_scanf(BerElement *" ber ", const char *" fmt ", ...);"
.LP
.BI "ber_tag_t ber_get_int(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_enum(BerElement *" ber ", ber_int_t *" num ");"
.LP
.BI "ber_tag_t ber_get_stringb(BerElement *" ber ", char *" buf ", ber_len_t *" len ");"
.LP
.BI "ber_tag_t ber_get_stringa(BerElement *" ber ", char **" buf ");"
.LP
.BI "ber_tag_t ber_get_stringal(BerElement *" ber ", struct berval **" bv ");"
.LP
.BI "ber_tag_t ber_get_stringbv(BerElement *" ber ", struct berval *" bv ", int " alloc ");"
.LP
.BI "ber_tag_t ber_get_null(BerElement *" ber ");"
.LP
.BI "ber_tag_t ber_get_boolean(BerElement *" ber ", ber_int_t *" bool ");"
.LP
.BI "ber_tag_t ber_get_bitstringa(BerElement *" ber ", char **" buf ", ber_len_t *" blen ");"
.LP
.BI "ber_tag_t ber_first_element(BerElement *" ber ", ber_len_t *" len ", char **" cookie ");"
.LP
.BI "ber_tag_t ber_next_element(BerElement *" ber ", ber_len_t *" len ", const char *" cookie ");"
.SH DESCRIPTION
.LP
These routines provide a subroutine interface to a simplified
implementation of the Basic Encoding Rules of ASN.1.  The version
of BER these routines support is the one defined for the LDAP
protocol.  The encoding rules are the same as BER, except that 
only definite form lengths are used, and bitstrings and octet strings
are always encoded in primitive form.  This man page
describes the decoding routines in the lber library.  See
.BR lber-encode (3)
for details on the corresponding encoding routines.
Consult
.BR lber-types (3)
for information about types, allocators, and deallocators.
.LP
Normally, the only routines that need to be called by an application
are
.BR ber_get_next ()
to get the next BER element and
.BR ber_scanf ()
to do the actual decoding.  In some cases,
.BR ber_peek_tag ()
may also need to be called in normal usage.  The other routines are
provided for those applications that need more control than
.BR ber_scanf ()
provides.  In
general, these routines return the tag of the element decoded, or
LBER_ERROR if an error occurred.
.LP
The
.BR ber_get_next ()
routine is used to read the next BER element from the given Sockbuf,
\fIsb\fP.  It strips off and returns the leading tag, strips off and
returns the length of the entire element in \fIlen\fP, and sets up
\fIber\fP for subsequent calls to 
.BR ber_scanf ()
et al to decode the element. See
.BR lber-sockbuf (3)
for details of the Sockbuf implementation of the \fIsb\fP parameter.
.LP
The
.BR ber_scanf ()
routine is used to decode a BER element in much the same way that
.BR scanf (3)
works.  It reads from \fIber\fP, a pointer to a BerElement
such as returned by
.BR ber_get_next (),
interprets the bytes according to the format string \fIfmt\fP, and stores the
results in its additional arguments.  The format string contains
conversion specifications which are used to direct the interpretation
of the BER element.  The format string can contain the following
characters.
.RS
.LP
.TP 3
.B a
Octet string.  A char ** should be supplied.  Memory is allocated,
filled with the contents of the octet string, null-terminated, and
returned in the parameter.  The caller should free the returned
string using
.BR ber_memfree ().
.TP
.B A
Octet string.  A variant of "\fBa\fP".  A char ** should be supplied.
Memory is allocated, filled with the contents of the octet string, 
null-terminated, and returned in the parameter, unless a zero-length
string would result; in that case, the arg is set to NULL.
The caller should free the returned string using
.BR ber_memfree ().
.TP
.B s
Octet string.  A char * buffer should be supplied, followed by a pointer to a
ber_len_t initialized to the size of the buffer.  Upon return, the
null-terminated octet string is put into the buffer, and the
ber_len_t is set to the actual size of the octet string.
.TP
.B O
Octet string.  A struct ber_val ** should be supplied, which upon
return points to a dynamically allocated struct berval
containing the octet string and its length.
The caller should free the returned structure using
.BR ber_bvfree ().
.TP
.B o
Octet string.  A struct ber_val * should be supplied, which upon
return contains the dynamically allocated
octet string and its length.  The caller should free the returned octet
string using
.BR ber_memfree ().
.TP
.B m
Octet string.  A struct ber_val * should be supplied, which upon return
contains the octet string and its length.  The string resides in memory
assigned to the BerElement, and must not be freed by the caller.
.TP
.B b
Boolean.  A pointer to a ber_int_t should be supplied.
.TP
.B e
Enumeration.  A pointer to a ber_int_t should be supplied.
.TP
.B i
Integer.  A pointer to a ber_int_t should be supplied.
.TP
.B B
Bitstring.  A char ** should be supplied which will point to the
dynamically allocated
bits, followed by a ber_len_t *, which will point to the length
(in bits) of the bitstring returned.
.TP
.B n
Null.  No parameter is required.  The element is simply skipped if
it is recognized.
.TP
.B v
Sequence of octet strings.  A char *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of char *'s
containing the octet strings.  NULL is returned if the sequence is empty.
The caller should free the returned array and octet strings using
.BR ber_memvfree ().
.TP
.B V
Sequence of octet strings with lengths.
A struct berval *** should be supplied, which upon
return points to a dynamically allocated null-terminated array of
struct berval *'s
containing the octet strings and their lengths.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvecfree ().
.TP
.B W
Sequence of octet strings with lengths.
A BerVarray * should be supplied, which upon
return points to a dynamically allocated array of
struct berval's
containing the octet strings and their lengths. The array is terminated
by a struct berval with a NULL bv_val string pointer.
NULL is returned if the sequence is empty.  
The caller should free the returned structures using
.BR ber_bvarray_free ().
.TP
.B M
Sequence of octet strings with lengths.  This is a generalized form
of the previous three formats.
A void ** (ptr) should be supplied, followed by a ber_len_t * (len)
and a ber_len_t (off).
Upon return (ptr) will point to a dynamically allocated array
whose elements are all of size (*len).  A struct berval will be filled
starting at offset (off) in each element.  The strings in each struct
berval reside in memory assigned to the BerElement and must not be
freed by the caller.  The array is terminated by a struct berval
with a NULL bv_val string pointer.  NULL is returned if the sequence
is empty.  The number of elements in the array is also stored
in (*len) on return.  The caller should free the returned array using
.BR ber_memfree ().
.TP
.B l
Length of the next element.  A pointer to a ber_len_t should be supplied.
.TP
.B t
Tag of the next element.  A pointer to a ber_tag_t should be supplied.
.TP
.B T
Skip element and return its tag.  A pointer to a ber_tag_t should be supplied.
.TP
.B x
Skip element.  The next element is skipped.
.TP
.B {
Begin sequence.  No parameter is required.  The initial sequence tag
and length are skipped.
.TP
.B }
End sequence.  No parameter is required and no action is taken.
.TP
.B [
Begin set.  No parameter is required.  The initial set tag
and length are skipped.
.TP
.B ]
End set.  No parameter is required and no action is taken.
.RE
.LP
The
.BR ber_get_int ()
routine tries to interpret the next element as an integer,
returning the result in \fInum\fP.  The tag of whatever it finds is returned
on success, LBER_ERROR (\-1) on failure.
.LP
The
.BR ber_get_stringb ()
routine is used to read an octet string into a
preallocated buffer.  The \fIlen\fP parameter should be initialized to
the size of the buffer, and will contain the length of the octet string
read upon return.  The buffer should be big enough to take the octet
string value plus a terminating NULL byte.
.LP
The
.BR ber_get_stringa ()
routine is used to dynamically allocate space into
which an octet string is read.
The caller should free the returned string using
.BR ber_memfree().
.LP
The
.BR ber_get_stringal ()
routine is used to dynamically allocate space
into which an octet string and its length are read.  It takes a
struct berval **, and returns the result in this parameter.
The caller should free the returned structure using
.BR ber_bvfree().
.LP
The
.BR ber_get_stringbv ()
routine is used to read an octet string and its length into the 
provided struct berval *. If the \fIalloc\fP parameter is zero, the string
will reside in memory assigned to the BerElement, and must not be freed
by the caller. If the \fIalloc\fP parameter is non-zero, the string will be
copied into dynamically allocated space which should be returned using
.BR ber_memfree ().
.LP
The
.BR ber_get_null ()
routine is used to read a NULL element.  It returns
the tag of the element it skips over.
.LP
The
.BR ber_get_boolean ()
routine is used to read a boolean value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_enum ()
routine is used to read a enumeration value.  It is called the same way that
.BR ber_get_int ()
is called.
.LP
The
.BR ber_get_bitstringa ()
routine is used to read a bitstring value.  It
takes a char ** which will hold the dynamically allocated bits, followed by an
ber_len_t *, which will point to the length (in bits) of the bitstring returned.
The caller should free the returned string using
.BR ber_memfree ().
.LP
The
.BR ber_first_element ()
routine is used to return the tag and length
of the first element in a set or sequence.  It also returns in \fIcookie\fP
a magic cookie parameter that should be passed to subsequent calls to
ber_next_element(), which returns similar information.
.SH EXAMPLES
Assume the variable \fIber\fP contains a lightweight BER encoding of
the following ASN.1 object:
.LP
.nf
      AlmostASearchRequest := SEQUENCE {
          baseObject      DistinguishedName,
          scope           ENUMERATED {
              baseObject    (0),
              singleLevel   (1),
              wholeSubtree  (2)
          },
          derefAliases    ENUMERATED {
              neverDerefaliases   (0),
              derefInSearching    (1),
              derefFindingBaseObj (2),
              alwaysDerefAliases  (3)
          },
          sizelimit       INTEGER (0 .. 65535),
          timelimit       INTEGER (0 .. 65535),
          attrsOnly       BOOLEAN,
          attributes      SEQUENCE OF AttributeType
      }
.fi
.LP
The element can be decoded using
.BR ber_scanf ()
as follows.
.LP
.nf
      ber_int_t    scope, deref, size, time, attrsonly;
      char   *dn, **attrs;
      ber_tag_t tag;

      tag = ber_scanf( ber, "{aeeiib{v}}",
          &dn, &scope, &deref,
          &size, &time, &attrsonly, &attrs );

      if( tag == LBER_ERROR ) {
              /* error */
      } else {
              /* success */
      }

      ber_memfree( dn );
      ber_memvfree( attrs );
.fi
.SH ERRORS
If an error occurs during decoding, generally these routines return
LBER_ERROR ((ber_tag_t)\-1).
.LP
.SH NOTES
.LP
The return values for all of these functions are declared in the
.B <lber.h>
header file.  Some routines may dynamically allocate memory
which must be freed by the caller using supplied deallocation routines.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-memory (3),
.BR lber-sockbuf (3),
.BR lber-types (3)
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 358 stdin
PK�����lSi\�շY��������man3/lber-types.3nu��[�����������.lf 1 stdin
.TH LBER_TYPES 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions
.SH LIBRARY
OpenLDAP LBER (liblber, \-llber)
.SH SYNOPSIS
.B #include <lber.h>
.LP
.nf
.ft B
typedef impl_tag_t ber_tag_t;
typedef impl_int_t ber_int_t;
typedef impl_uint_t ber_uint_t;
typedef impl_len_t ber_len_t;
typedef impl_slen_t ber_slen_t;

typedef struct berval {
    ber_len_t bv_len;
    char *bv_val;
} BerValue, *BerVarray;

typedef struct berelement BerElement;
.ft
.fi
.LP
.BI "void ber_bvfree(struct berval *" bv ");"
.LP
.BI "void ber_bvecfree(struct berval **" bvec ");"
.LP
.BI "void ber_bvecadd(struct berval ***" bvec ", struct berval *" bv ");"
.LP
.BI "void ber_bvarray_free(struct berval *" bvarray ");"
.LP
.BI "void ber_bvarray_add(BerVarray *" bvarray ", BerValue *" bv ");"
.LP
.BI "struct berval *ber_bvdup(const struct berval *" bv ");"
.LP
.BI "struct berval *ber_dupbv(const struct berval *" dst ", struct berval *" src ");"
.LP
.BI "struct berval *ber_bvstr(const char *" str ");"
.LP
.BI "struct berval *ber_bvstrdup(const char *" str ");"
.LP
.BI "struct berval *ber_str2bv(const char *" str ", ber_len_t " len ", int " dup ", struct berval *" bv ");"
.LP
.BI "BerElement *ber_alloc_t(int " options ");"
.LP
.BI "BerElement *ber_init(struct berval *" bv ");"
.LP
.BI "void ber_init2(BerElement *" ber ", struct berval *" bv ", int " options ");"
.LP
.BI "void ber_free(BerElement *" ber ", int " freebuf ");"
.SH DESCRIPTION
.LP
The following are the basic types and structures defined for use
with the Lightweight BER library.  
.LP
.B ber_int_t
is a signed integer of at least 32 bits.  It is commonly equivalent to
.BR int .
.B ber_uint_t
is the unsigned variant of
.BR ber_int_t .
.LP
.B ber_len_t
is an unsigned integer of at least 32 bits used to represent a length.  
It is commonly equivalent to a
.BR size_t .
.B ber_slen_t
is the signed variant to
.BR ber_len_t .
.LP
.B ber_tag_t
is an unsigned integer of at least 32 bits used to represent a
BER tag.  It is commonly equivalent to a
.BR unsigned\ long .
.LP
The actual definitions of the integral impl_TYPE_t types are platform
specific.
.LP
.BR BerValue ,
commonly used as
.BR struct\ berval ,
is used to hold an arbitrary sequence of octets.
.B bv_val
points to
.B bv_len
octets.
.B bv_val
is not necessarily terminated by a NULL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API.  If \fIbv\fP
is NULL, the routine does nothing.
.LP
.BR ber_bvecfree ()
frees an array of BerValues (and the array), pointed to by \fIbvec\fP,
returned from this API.  If \fIbvec\fP is NULL, the routine does nothing.
.BR ber_bvecadd ()
appends the \fIbv\fP pointer to the \fIbvec\fP array.  Space for the array
is allocated as needed.  The end of the array is marked by a NULL pointer.
.LP
.BR ber_bvarray_free ()
frees an array of BerValues (and the array), pointed to by \fIbvarray\fP,
returned from this API.  If \fIbvarray\fP is NULL, the routine does nothing.
.BR ber_bvarray_add ()
appends the contents of the BerValue pointed to by \fIbv\fP to the
\fIbvarray\fP array.  Space for the new element is allocated as needed.
The end of the array is marked by a BerValue with a NULL bv_val field.
.LP
.BR ber_bvdup ()
returns a copy of a BerValue.  The routine returns NULL upon error
(e.g. out of memory).  The caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue.
.BR ber_dupbv ()
copies a BerValue from \fIsrc\fP to \fIdst\fP.  If \fIdst\fP is NULL a
new BerValue will be allocated to hold the copy.  The routine returns NULL
upon error, otherwise it returns a pointer to the copy.  If \fIdst\fP is
NULL the caller should use
.BR ber_bvfree ()
to deallocate the resulting BerValue, otherwise
.BR ber_memfree ()
should be used to deallocate the \fIdst->bv_val\fP.  (The
.BR ber_bvdup ()
function is internally implemented as ber_dupbv(NULL, bv).
.BR ber_bvdup ()
is provided only for compatibility with an expired draft of the LDAP C API;
.BR ber_dupbv ()
is the preferred interface.)
.LP
.BR ber_bvstr ()
returns a BerValue containing the string pointed to by \fIstr\fP.
.BR ber_bvstrdup ()
returns a BerValue containing a copy of the string pointed to by \fIstr\fP.
.BR ber_str2bv ()
returns a BerValue containing the string pointed to by \fIstr\fP, whose
length may be optionally specified in \fIlen\fP.  If \fIdup\fP is non-zero,
the BerValue will contain a copy of \fIstr\fP.  If \fIlen\fP is zero, the
number of bytes to copy will be determined by
.BR strlen (3),
otherwise \fIlen\fP bytes will be copied.  If \fIbv\fP is non-NULL, the result
will be stored in the given BerValue, otherwise a new BerValue will be
allocated to store the result.  NOTE: Both
.BR ber_bvstr ()
and
.BR ber_bvstrdup ()
are implemented as macros using
.BR ber_str2bv ()
in this version of the library.
.LP
.B BerElement
is an opaque structure used to maintain state information used in
encoding and decoding.
.BR ber_alloc_t ()
is used to create an empty BerElement structure. If
.B LBER_USE_DER
is specified for the
.I options
parameter then data lengths for data written to the BerElement will be
encoded in the minimal number of octets required, otherwise they will
always be written as four byte values. 
.BR ber_init ()
creates a BerElement structure that is initialized with a copy of the
data in its
.I bv
parameter.
.BR ber_init2 ()
initializes an existing BerElement
.I ber
using the data in the
.I bv
parameter. The data is referenced directly, not copied. The
.I options
parameter is the same as for
.BR ber_alloc_t ().
.BR ber_free ()
frees a BerElement pointed to by \fIber\fP.  If \fIber\fP is NULL, the routine
does nothing.  If \fIfreebuf\fP is zero, the internal buffer is not freed.
.SH SEE ALSO
.BR lber-encode (3),
.BR lber-decode (3),
.BR lber-memory (3)
.LP
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 189 stdin
PK�����lSi\m�&$��$����man3/ldap_errlist.3nu��[�����������.lf 1 stdin
.TH LDAP_ERROR 3 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines
.SH LIBRARY
OpenLDAP LDAP (libldap, \-lldap)
.SH SYNOPSIS
.nf
.ft B
#include <ldap.h>
.LP
.ft B
char *ldap_err2string( int \fIerr\fB );
.SH DESCRIPTION
The
.B ldap_err2string()
routine provides short description of the various codes returned by
routines in this library.  The returned string is a pointer to a
static area that should not be modified.

These codes are either negative,
indicating an API error code; positive, indicating an LDAP resultCode
other than \'success' (0), or - zero, indicating both successful use
of the API and the LDAP resultCode \'success' (0).

The code associated with an LDAP session is accessible using
.BR ldap_get_option (3)
and
.BR ldap_set_option (3)
with the
.B LDAP_OPT_RESULT_CODE
option (previously called
.BR LDAP_OPT_ERROR_NUMBER ).

.SH PROTOCOL RESULT CODES

This section provides a partial list of protocol codes recognized
by the library.  As LDAP is extensible, additional values may be
returned.  A complete listing of \fIregistered\fP LDAP result codes
can be obtained from the \fIInternet Assigned Numbers Authority\fP
<http://www.iana.org>.

.LP
.TP 20
.SM LDAP_SUCCESS
The request was successful.
.TP
.SM LDAP_OPERATIONS_ERROR
An operations error occurred.
.TP
.SM LDAP_PROTOCOL_ERROR
A protocol violation was detected.
.TP
.SM LDAP_TIMELIMIT_EXCEEDED
An LDAP time limit was exceeded.
.TP
.SM LDAP_SIZELIMIT_EXCEEDED
An LDAP size limit was exceeded.
.TP
.SM LDAP_COMPARE_FALSE
A compare operation returned false.
.TP
.SM LDAP_COMPARE_TRUE
A compare operation returned true.
.TP
.SM LDAP_STRONG_AUTH_NOT_SUPPORTED
The LDAP server does not support strong authentication.
.TP
.SM LDAP_STRONG_AUTH_REQUIRED
Strong authentication is required for the operation.
.TP
.SM LDAP_PARTIAL_RESULTS
Partial results only returned.
.TP
.SM LDAP_NO_SUCH_ATTRIBUTE
The attribute type specified does not exist in the entry.
.TP
.SM LDAP_UNDEFINED_TYPE
The attribute type specified is invalid.
.TP
.SM LDAP_INAPPROPRIATE_MATCHING
Filter type not supported for the specified attribute.
.TP
.SM LDAP_CONSTRAINT_VIOLATION
An attribute value specified violates some constraint (e.g., a postalAddress
has too many lines, or a line that is too long).
.TP
.SM LDAP_TYPE_OR_VALUE_EXISTS
An attribute type or attribute value specified already exists in the entry.
.TP
.SM LDAP_INVALID_SYNTAX
An invalid attribute value was specified.
.TP
.SM LDAP_NO_SUCH_OBJECT
The specified object does not exist in The Directory.
.TP
.SM LDAP_ALIAS_PROBLEM
An alias in The Directory points to a nonexistent entry.
.TP
.SM LDAP_INVALID_DN_SYNTAX
A syntactically invalid DN was specified.
.TP
.SM LDAP_IS_LEAF
The object specified is a leaf.
.TP
.SM LDAP_ALIAS_DEREF_PROBLEM
A problem was encountered when dereferencing an alias.
.TP
.SM LDAP_INAPPROPRIATE_AUTH
Inappropriate authentication was specified (e.g., LDAP_AUTH_SIMPLE was
specified and the entry does not have a userPassword attribute).
.TP
.SM LDAP_INVALID_CREDENTIALS
Invalid credentials were presented (e.g., the wrong password).
.TP
.SM LDAP_INSUFFICIENT_ACCESS
The user has insufficient access to perform the operation.
.TP
.SM LDAP_BUSY
The DSA is busy.
.TP
.SM LDAP_UNAVAILABLE
The DSA is unavailable.
.TP
.SM LDAP_UNWILLING_TO_PERFORM
The DSA is unwilling to perform the operation.
.TP
.SM LDAP_LOOP_DETECT
A loop was detected.
.TP
.SM LDAP_NAMING_VIOLATION
A naming violation occurred.
.TP
.SM LDAP_OBJECT_CLASS_VIOLATION
An object class violation occurred (e.g., a "must" attribute was missing
from the entry).
.TP
.SM LDAP_NOT_ALLOWED_ON_NONLEAF
The operation is not allowed on a nonleaf object.
.TP
.SM LDAP_NOT_ALLOWED_ON_RDN
The operation is not allowed on an RDN.
.TP
.SM LDAP_ALREADY_EXISTS
The entry already exists.
.TP
.SM LDAP_NO_OBJECT_CLASS_MODS
Object class modifications are not allowed.
.TP
.SM LDAP_OTHER
An unknown error occurred.

.SH API ERROR CODES

This section provides a complete list of API error codes recognized
by the library.   Note that LDAP_SUCCESS indicates success of an
API call in addition to representing the return of the LDAP
\'success' resultCode.


.LP
.TP 20
.SM LDAP_SERVER_DOWN
The LDAP library can't contact the LDAP server.
.TP
.SM LDAP_LOCAL_ERROR
Some local error occurred.  This is usually a failed dynamic memory allocation.
.TP
.SM LDAP_ENCODING_ERROR
An error was encountered encoding parameters to send to the LDAP server.
.TP
.SM LDAP_DECODING_ERROR
An error was encountered decoding a result from the LDAP server.
.TP
.SM LDAP_TIMEOUT
A timelimit was exceeded while waiting for a result.
.TP
.SM LDAP_AUTH_UNKNOWN
The authentication method specified to ldap_bind() is not known.
.TP
.SM LDAP_FILTER_ERROR
An invalid filter was supplied to ldap_search() (e.g., unbalanced
parentheses).
.TP
.SM LDAP_PARAM_ERROR
An ldap routine was called with a bad parameter.
.TP
.SM LDAP_NO_MEMORY
An memory allocation (e.g., malloc(3) or other dynamic memory
allocator) call failed in an ldap library routine.
.TP
.SM LDAP_USER_CANCELED
Indicates the user cancelled the operation.
.TP
.SM LDAP_CONNECT_ERROR
Indicates a connection problem.
.TP
.SM LDAP_NOT_SUPPORTED
Indicates the routine was called in a manner not supported by the library.
.TP
.SM LDAP_CONTROL_NOT_FOUND
Indicates the control provided is unknown to the client library.
.TP
.SM LDAP_NO_RESULTS_RETURNED
Indicates no results returned.
.TP
.SM LDAP_MORE_RESULTS_TO_RETURN
Indicates more results could be returned.
.TP
.SM LDAP_CLIENT_LOOP
Indicates the library has detected a loop in its processing.
.TP
.SM LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates the referral limit has been exceeded.

.SH DEPRECATED
.lf 1 ./Deprecated
Deprecated interfaces generally remain in the library.  The macro
LDAP_DEPRECATED can be defined to a non-zero value
(e.g., -DLDAP_DEPRECATED=1) when compiling program designed to use
deprecated interfaces.  It is recommended that developers writing new
programs, or updating old programs, avoid use of deprecated interfaces.
Over time, it is expected that documentation (and, eventually, support) for
deprecated interfaces to be eliminated.
.lf 220 stdin

.SH SEE ALSO
.BR ldap (3),
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 225 stdin
PK�����lSi\�"l��B���B����man5/ldap.conf.5nu��[�����������.lf 1 stdin
.TH LDAP.CONF 5 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldap.conf, .ldaprc \- LDAP configuration file/environment variables
.SH SYNOPSIS
/opt/alt/openldap11/etc/openldap/ldap.conf, ldaprc, .ldaprc, $LDAP<option-name>
.SH DESCRIPTION
If the environment variable \fBLDAPNOINIT\fP is defined, all
defaulting is disabled.
.LP
The
.I ldap.conf
configuration file is used to set system-wide defaults to be applied when
running
.I ldap
clients.
.LP
Users may create an optional configuration file,
.I ldaprc
or
.IR .ldaprc ,
in their home directory which will be used to override the system-wide
defaults file.
The file
.I ldaprc
in the current working directory is also used.
.LP
.LP
Additional configuration files can be specified using
the \fBLDAPCONF\fP and \fBLDAPRC\fP environment variables.
\fBLDAPCONF\fP may be set to the path of a configuration file.  This
path can be absolute or relative to the current working directory.
The \fBLDAPRC\fP, if defined, should be the basename of a file
in the current working directory or in the user's home directory.
.LP
Environmental variables may also be used to augment the file based defaults.
The name of the variable is the option name with an added prefix of \fBLDAP\fP.
For example, to define \fBBASE\fP via the environment, set the variable
\fBLDAPBASE\fP to the desired value.
.LP
Some options are user-only.  Such options are ignored if present
in the
.I ldap.conf
(or file specified by
.BR LDAPCONF ).
.LP
Thus the following files and variables are read, in order:
.nf
    variable     $LDAPNOINIT, and if that is not set:
    system file  /opt/alt/openldap11/etc/openldap/ldap.conf,
    user files   $HOME/ldaprc,  $HOME/.ldaprc,  ./ldaprc,
    system file  $LDAPCONF,
    user files   $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
    variables    $LDAP<uppercase option name>.
.fi
Settings late in the list override earlier ones.
.SH SYNTAX
The configuration options are case-insensitive;
their value, on a case by case basis, may be case-sensitive.
.LP
Blank lines are ignored.
.br
Lines beginning with a hash mark (`#') are comments, and ignored.
.LP
Valid lines are made of an option's name (a sequence of non-blanks,
conventionally written in uppercase, although not required), 
followed by a value.
The value starts with the first non-blank character after 
the option's name, and terminates at the end of the line, 
or at the last sequence of blanks before the end of the line.
The tokenization of the value, if any, is delegated to the handler(s)
for that option, if any.  Quoting values that contain blanks 
may be incorrect, as the quotes would become part of the value.
For example,

.nf
	# Wrong - erroneous quotes:
	URI     "ldap:// ldaps://"

	# Right - space-separated list of URIs, without quotes:
	URI     ldap:// ldaps://

	# Right - DN syntax needs quoting for Example, Inc:
	BASE    ou=IT staff,o="Example, Inc",c=US
	# or:
	BASE    ou=IT staff,o=Example2C Inc,c=US

	# Wrong - comment on same line as option:
	DEREF   never           # Never follow aliases
.fi
.LP
A line cannot be longer than LINE_MAX, which should be more than 2000 bytes
on all platforms.
There is no mechanism to split a long line on multiple lines, either for
beautification or to overcome the above limit.
.SH OPTIONS
The different configuration options are:
.TP
.B URI <ldap[si]://[name[:port]] ...>
Specifies the URI(s) of an LDAP server(s) to which the
.I LDAP 
library should connect.  The URI scheme may be any of
.BR ldap ,
.B ldaps 
or
.BR ldapi ,
which refer to LDAP over TCP, LDAP over SSL (TLS) and LDAP
over IPC (UNIX domain sockets), respectively.
Each server's name can be specified as a
domain-style name or an IP address literal.  Optionally, the
server's name can followed by a ':' and the port number the LDAP
server is listening on.  If no port number is provided, the default
port for the scheme is used (389 for ldap://, 636 for ldaps://).
For LDAP over IPC,
.B name 
is the name of the socket, and no
.B port
is required, nor allowed; note that directory separators must be 
URL-encoded, like any other characters that are special to URLs; 
so the socket

	/usr/local/var/ldapi

must be specified as

	ldapi://%2Fusr%2Flocal%2Fvar%2Fldapi

A space separated list of URIs may be provided.
.TP
.B BASE <base>
Specifies the default base DN to use when performing ldap operations.
The base must be specified as a Distinguished Name in LDAP format.
.TP
.B BINDDN <dn>
Specifies the default bind DN to use when performing ldap operations.
The bind DN must be specified as a Distinguished Name in LDAP format.
.B This is a user-only option.
.TP
.B DEREF <when>
Specifies how alias dereferencing is done when performing a search. The
.B <when>
can be specified as one of the following keywords:
.RS
.TP
.B never
Aliases are never dereferenced. This is the default.
.TP
.B searching
Aliases are dereferenced in subordinates of the base object, but
not in locating the base object of the search.
.TP
.B finding
Aliases are only dereferenced when locating the base object of the search.
.TP
.B always
Aliases are dereferenced both in searching and in locating the base object
of the search.
.RE
.TP
.TP
.B HOST <name[:port] ...>
Specifies the name(s) of an LDAP server(s) to which the
.I LDAP 
library should connect.  Each server's name can be specified as a
domain-style name or an IP address and optionally followed by a ':' and
the port number the ldap server is listening on.  A space separated
list of hosts may be provided.
.B HOST
is deprecated in favor of
.BR URI .
.TP
.B NETWORK_TIMEOUT <integer>
Specifies the timeout (in seconds) after which the poll(2)/select(2)
following a connect(2) returns in case of no activity.
.TP
.B PORT <port>
Specifies the default port used when connecting to LDAP servers(s).
The port may be specified as a number.
.B PORT
is deprecated in favor of
.BR URI.
.TP
.B REFERRALS <on/true/yes/off/false/no>
Specifies if the client should automatically follow referrals returned
by LDAP servers.
The default is on.
Note that the command line tools
.BR ldapsearch (1)
&co always override this option.
.\" This should only be allowed via ldap_set_option(3)
.\".TP
.\".B RESTART <on/true/yes/off/false/no>
.\"Determines whether the library should implicitly restart connections (FIXME).
.TP
.B SIZELIMIT <integer>
Specifies a size limit (number of entries) to use when performing searches.
The number should be a non-negative integer.  \fISIZELIMIT\fP of zero (0)
specifies a request for unlimited search size.  Please note that the server
may still apply any server-side limit on the amount of entries that can be 
returned by a search operation.
.TP
.B TIMELIMIT <integer>
Specifies a time limit (in seconds) to use when performing searches.
The number should be a non-negative integer.  \fITIMELIMIT\fP of zero (0)
specifies unlimited search time to be used.  Please note that the server
may still apply any server-side limit on the duration of a search operation.
.B VERSION {2|3}
Specifies what version of the LDAP protocol should be used.
.TP
.B TIMEOUT <integer>
Specifies a timeout (in seconds) after which calls to synchronous LDAP
APIs will abort if no response is received.  Also used for any
.BR ldap_result (3)
calls where a NULL timeout parameter is supplied.
.SH SASL OPTIONS
If OpenLDAP is built with Simple Authentication and Security Layer support,
there are more options you can specify.
.TP
.B SASL_MECH <mechanism>
Specifies the SASL mechanism to use.
.TP
.B SASL_REALM <realm>
Specifies the SASL realm.
.TP
.B SASL_AUTHCID <authcid>
Specifies the authentication identity.
.B This is a user-only option.
.TP
.B SASL_AUTHZID <authcid>
Specifies the proxy authorization identity.
.B This is a user-only option.
.TP
.B SASL_SECPROPS <properties>
Specifies Cyrus SASL security properties. The 
.B <properties>
can be specified as a comma-separated list of the following:
.RS
.TP
.B none
(without any other properties) causes the properties
defaults ("noanonymous,noplain") to be cleared.
.TP
.B noplain
disables mechanisms susceptible to simple passive attacks.
.TP
.B noactive
disables mechanisms susceptible to active attacks.
.TP
.B nodict
disables mechanisms susceptible to passive dictionary attacks.
.TP
.B noanonymous
disables mechanisms which support anonymous login.
.TP
.B forwardsec
requires forward secrecy between sessions.
.TP
.B passcred
requires mechanisms which pass client credentials (and allows
mechanisms which can pass credentials to do so).
.TP
.B minssf=<factor> 
specifies the minimum acceptable
.I security strength factor
as an integer approximating the effective key length used for
encryption.  0 (zero) implies no protection, 1 implies integrity
protection only, 56 allows DES or other weak ciphers, 112
allows triple DES and other strong ciphers, 128 allows RC4,
Blowfish and other modern strong ciphers.  The default is 0.
.TP
.B maxssf=<factor> 
specifies the maximum acceptable
.I security strength factor
as an integer (see
.B minssf
description).  The default is
.BR INT_MAX .
.TP
.B maxbufsize=<factor> 
specifies the maximum security layer receive buffer
size allowed.  0 disables security layers.  The default is 65536.
.RE
.TP
.B SASL_NOCANON <on/true/yes/off/false/no>
Do not perform reverse DNS lookups to canonicalize SASL host names. The default is off.
.SH GSSAPI OPTIONS
If OpenLDAP is built with Generic Security Services Application Programming Interface support,
there are more options you can specify.
.TP
.B GSSAPI_SIGN <on/true/yes/off/false/no>
Specifies if GSSAPI signing (GSS_C_INTEG_FLAG) should be used.
The default is off.
.TP
.B GSSAPI_ENCRYPT <on/true/yes/off/false/no>
Specifies if GSSAPI encryption (GSS_C_INTEG_FLAG and GSS_C_CONF_FLAG)
should be used. The default is off.
.TP
.B GSSAPI_ALLOW_REMOTE_PRINCIPAL <on/true/yes/off/false/no>
Specifies if GSSAPI based authentication should try to form the
target principal name out of the ldapServiceName or dnsHostName
attribute of the targets RootDSE entry. The default is off.
.SH TLS OPTIONS
If OpenLDAP is built with Transport Layer Security support, there
are more options you can specify.  These options are used when an
.B ldaps:// URI
is selected (by default or otherwise) or when the application
negotiates TLS by issuing the LDAP StartTLS operation.
.LP
When using OpenSSL, if neither  \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
is set, the system-wide default set of CA certificates is used.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
Authorities the client will recognize.
.TP
.B TLS_CACERTDIR <path>
Specifies the path of a directory that contains Certificate Authority
certificates in separate individual files. The
.B TLS_CACERT
is always used before
.B TLS_CACERTDIR.
The specified directory must be managed with the OpenSSL c_rehash utility.
This parameter is ignored with GnuTLS.

When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
database.  If <path> contains a Mozilla NSS cert/key database and
CA cert files, OpenLDAP will use the cert/key database and will
ignore the CA cert files.
.TP
.B TLS_CERT <filename>
Specifies the file that contains the client certificate.
.B This is a user-only option.

When using Mozilla NSS, if using a cert/key database (specified with
TLS_CACERTDIR), TLS_CERT specifies the name of the certificate to use:
.nf
	TLS_CERT Certificate for Sam Carter
.fi
If using a token other than the internal built in token, specify the
token name first, followed by a colon:
.nf
	TLS_CERT my hardware device:Certificate for Sam Carter
.fi
Use certutil \-L to list the certificates by name:
.nf
	certutil \-d /path/to/certdbdir \-L
.fi
.TP
.B TLS_KEY <filename>
Specifies the file that contains the private key that matches the certificate
stored in the
.B TLS_CERT
file. Currently, the private key must not be protected with a password, so
it is of critical importance that the key file is protected carefully.
.B This is a user-only option.

When using Mozilla NSS, TLS_KEY specifies the name of a file that contains
the password for the key for the certificate specified with TLS_CERT.  The
modutil command can be used to turn off password protection for the cert/key
database.  For example, if TLS_CACERTDIR specifies /home/scarter/.moznss as
the location of the cert/key database, use modutil to change the password
to the empty string:
.nf
	modutil \-dbdir ~/.moznss \-changepw 'NSS Certificate DB'
.fi
You must have the old password, if any.  Ignore the WARNING about the running
browser.  Press 'Enter' for the new password.

.TP
.B TLS_CIPHER_SUITE <cipher-suite-spec>
Specifies acceptable cipher suite and preference order.
<cipher-suite-spec> should be a cipher specification for 
the TLS library in use (OpenSSL, GnuTLS, or Mozilla NSS).
Example:
.RS
.RS
.TP
.I OpenSSL:
TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2
.TP
.I GnuTLS:
TLS_CIPHER_SUITE SECURE256:!AES-128-CBC
.RE

To check what ciphers a given spec selects in OpenSSL, use:

.nf
	openssl ciphers \-v <cipher-suite-spec>
.fi

With GnuTLS the available specs can be found in the manual page of 
.BR gnutls\-cli (1)
(see the description of the 
option
.BR \-\-priority ).

In older versions of GnuTLS, where gnutls\-cli does not support the option
\-\-priority, you can obtain the \(em more limited \(em list of ciphers by calling:

.nf
	gnutls\-cli \-l
.fi

When using Mozilla NSS, the OpenSSL cipher suite specifications are used and
translated into the format used internally by Mozilla NSS.  There isn't an easy
way to list the cipher suites from the command line.  The authoritative list
is in the source code for Mozilla NSS in the file sslinfo.c in the structure
.nf
        static const SSLCipherSuiteInfo suiteInfo[]
.fi
.RE
.TP
.B TLS_PROTOCOL_MIN <major>[.<minor>]
Specifies minimum SSL/TLS protocol version that will be negotiated.
If the server doesn't support at least that version,
the SSL handshake will fail.
To require TLS 1.x or higher, set this option to 3.(x+1),
e.g.,

.nf
	TLS_PROTOCOL_MIN 3.2
.fi

would require TLS 1.1.
Specifying a minimum that is higher than that supported by the
OpenLDAP implementation will result in it requiring the
highest level that it does support.
This parameter is ignored with GnuTLS.
.TP
.B TLS_RANDFILE <filename>
Specifies the file to obtain random bits from when /dev/[u]random is
not available. Generally set to the name of the EGD/PRNGD socket.
The environment variable RANDFILE can also be used to specify the filename.
This parameter is ignored with GnuTLS and Mozilla NSS.
.TP
.B TLS_REQCERT <level>
Specifies what checks to perform on server certificates in a TLS session,
if any. The
.B <level>
can be specified as one of the following keywords:
.RS
.TP
.B never
The client will not request or check any server certificate.
.TP
.B allow
The server certificate is requested. If no certificate is provided,
the session proceeds normally. If a bad certificate is provided, it will
be ignored and the session proceeds normally.
.TP
.B try
The server certificate is requested. If no certificate is provided,
the session proceeds normally. If a bad certificate is provided,
the session is immediately terminated.
.TP
.B demand | hard
These keywords are equivalent. The server certificate is requested. If no
certificate is provided, or a bad certificate is provided, the session
is immediately terminated. This is the default setting.
.RE
.TP
.B TLS_CRLCHECK <level>
Specifies if the Certificate Revocation List (CRL) of the CA should be 
used to verify if the server certificates have not been revoked. This
requires
.B TLS_CACERTDIR
parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS.
.B <level>
can be specified as one of the following keywords:
.RS
.TP
.B none
No CRL checks are performed
.TP
.B peer
Check the CRL of the peer certificate
.TP
.B all
Check the CRL for a whole certificate chain
.RE
.TP
.B TLS_CRLFILE <filename>
Specifies the file containing a Certificate Revocation List to be used
to verify if the server certificates have not been revoked. This
parameter is only supported with GnuTLS and Mozilla NSS.
.SH "ENVIRONMENT VARIABLES"
.TP
LDAPNOINIT
disable all defaulting
.TP
LDAPCONF
path of a configuration file
.TP
LDAPRC
basename of ldaprc file in $HOME or $CWD
.TP
LDAP<option-name>
Set <option-name> as from ldap.conf
.SH FILES
.TP
.I  /opt/alt/openldap11/etc/openldap/ldap.conf
system-wide ldap configuration file
.TP
.I  $HOME/ldaprc, $HOME/.ldaprc
user ldap configuration file
.TP
.I  $CWD/ldaprc
local ldap configuration file
.SH "SEE ALSO"
.BR ldap (3),
.BR ldap_set_option (3),
.BR ldap_result (3),
.BR openssl (1),
.BR sasl (3)
.SH AUTHOR
Kurt Zeilenga, The OpenLDAP Project
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 521 stdin
PK�����lSi\��lN��N����man5/ldif.5nu��[�����������.lf 1 stdin
.TH LDIF 5 "2018/03/22" "OpenLDAP 2.4.46"
.\" $OpenLDAP$
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
.SH NAME
ldif \- LDAP Data Interchange Format
.SH DESCRIPTION
The LDAP Data Interchange Format (LDIF) is used to represent LDAP
entries and change records in text form. LDAP tools, such as
.BR ldapadd (1)
and
.BR ldapsearch (1),
read and write LDIF entry
records.
.BR ldapmodify (1)
reads LDIF change records.
.LP
This manual page provides a basic description of LDIF.  A
formal specification of LDIF is published in RFC 2849.
.SH ENTRY RECORDS
.LP
LDIF entry records are used to represent directory entries.  The basic
form of an entry record is:
.LP
.nf
.ft tt
	dn: <distinguished name>
	<attrdesc>: <attrvalue>
	<attrdesc>: <attrvalue>
	<attrdesc>:: <base64-encoded-value>
	<attrdesc>:< <URL>
	...
.ft
.fi
.LP
The value may be specified as UTF-8 text or as base64 encoded data,
or a URI may be provided to the location of the attribute value.
.LP
A line may be continued by starting the next line with a single space
or tab, e.g.,
.LP
.nf
.ft tt
	dn: cn=Barbara J Jensen,dc=exam
	 ple,dc=com
.ft
.fi
.LP
Lines beginning with a sharp sign ('#') are ignored.
.LP
Multiple attribute values are specified on separate lines, e.g.,
.LP
.nf
.ft tt
	cn: Barbara J Jensen
	cn: Babs Jensen
.ft
.fi
.LP
If an value contains a non-printing character, or begins
with a space or a colon ':', the <attrtype> is followed by a
double colon and the value is encoded in base 64 notation. e.g.,
the value " begins with a space" would be encoded like this:
.LP
.nf
.ft tt
	cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
.ft
.fi
.LP
If the attribute value is located in a file, the <attrtype> is
followed by a ':<' and a file: URI.  e.g., the value contained
in the file /tmp/value would be listed like this:
.LP
.nf
.ft tt
	cn:< file:///tmp/value
.ft
.fi
Other URI schemes (ftp,http) may be supported as well.
.LP
Multiple entries within the same LDIF file are separated by blank
lines.
.SH ENTRY RECORD EXAMPLE
Here is an example of an LDIF file containing three entries.
.LP
.nf
.ft tt
	dn: cn=Barbara J Jensen,dc=example,dc=com
	cn: Barbara J Jensen
	cn: Babs Jensen
	objectclass: person
	description:< file:///tmp/babs
	sn: Jensen

	dn: cn=Bjorn J Jensen,dc=example,dc=com
	cn: Bjorn J Jensen
	cn: Bjorn Jensen
	objectclass: person
	sn: Jensen

	dn: cn=Jennifer J Jensen,dc=example,dc=com
	cn: Jennifer J Jensen
	cn: Jennifer Jensen
	objectclass: person
	sn: Jensen
	jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
	 A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
	 ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
	...
.ft
.fi
.LP
Note that the description in Barbara Jensen's entry is
read from file:///tmp/babs and the jpegPhoto in Jennifer
Jensen's entry is encoded using base 64.
.SH CHANGE RECORDS
LDIF change records are used to represent directory change requests.
Each change record starts with line indicating the distinguished
name of the entry being changed:
.LP
.nf
	dn: <distinguishedname>
.fi
.LP
.nf
	changetype: <[modify|add|delete|modrdn]>
.fi
.LP
Finally, the change information itself is given, the format of which
depends on what kind of change was specified above.  For a \fIchangetype\fP
of \fImodify\fP, the format is one or more of the following:
.LP
.nf
	add: <attributetype>
	<attrdesc>: <value1>
	<attrdesc>: <value2>
	...
	\-
.fi
.LP
Or, for a replace modification:
.LP
.nf
	replace: <attributetype>
	<attrdesc>: <value1>
	<attrdesc>: <value2>
	...
	\-
.fi
.LP
If no \fIattributetype\fP lines are given to replace,
the entire attribute is to be deleted (if present).
.LP
Or, for a delete modification:
.LP
.nf
	delete: <attributetype>
	<attrdesc>: <value1>
	<attrdesc>: <value2>
	...
	\-
.fi
.LP
If no \fIattributetype\fP lines are given to delete,
the entire attribute is to be deleted.
.LP
For a \fIchangetype\fP of \fIadd\fP, the format is:
.LP
.nf
	<attrdesc1>: <value1>
	<attrdesc1>: <value2>
	...
	<attrdescN>: <value1>
	<attrdescN>: <value2>
.fi
.LP
For a \fIchangetype\fP of \fImodrdn\fP or \fImoddn\fP,
the format is:
.LP
.nf
	newrdn: <newrdn>
	deleteoldrdn: 0 | 1
	newsuperior: <DN>
.fi
.LP
where a value of 1 for deleteoldrdn means to delete the values
forming the old rdn from the entry, and a value of 0 means to
leave the values as non-distinguished attributes in the entry.
The newsuperior line is optional and, if present, specifies the
new superior to move the entry to.
.LP
For a \fIchangetype\fP of \fIdelete\fP, no additional information
is needed in the record.
.LP
Note that attribute values may be presented using base64 or in
files as described for entry records.  Lines in change records
may be continued in the manner described for entry records as
well. 
.SH CHANGE RECORD EXAMPLE
The following sample LDIF file contains a change record
of each type of change.
.LP
.nf
	dn: cn=Babs Jensen,dc=example,dc=com
	changetype: add
	objectclass: person
	objectclass: extensibleObject
	cn: babs
	cn: babs jensen
	sn: jensen

	dn: cn=Babs Jensen,dc=example,dc=com
	changetype: modify
	add: givenName
	givenName: Barbara
	givenName: babs
	\-
	replace: description
	description: the fabulous babs
	\-
	delete: sn
	sn: jensen
	\-

	dn: cn=Babs Jensen,dc=example,dc=com
	changetype: modrdn
	newrdn: cn=Barbara J Jensen
	deleteoldrdn: 0
	newsuperior: ou=People,dc=example,dc=com

	dn: cn=Barbara J Jensen,ou=People,dc=example,dc=com
	changetype: delete
.fi

.SH INCLUDE STATEMENT
The LDIF parser has been extended to support an
.B include
statement for referencing other LDIF files.  The
.B include
statement must be separated from other records by a blank line.
The referenced file is specified using a file: URI and all of its
contents are incorporated as if they were part of the original
LDIF file. As above, other URI schemes may be supported. For example:
.LP
.nf
	dn: dc=example,dc=com
	objectclass: domain
	dc: example

	include: file:///tmp/example.com.ldif

	dn: dc=example,dc=org
	objectclass: domain
	dc: example
.fi
This feature is not part of the LDIF specification in RFC 2849 but
is expected to appear in a future revision of this spec. It is supported
by the
.BR ldapadd (1),
.BR ldapmodify (1),
and
.BR slapadd (8)
commands.

.SH SEE ALSO
.BR ldap (3),
.BR ldapsearch (1),
.BR ldapadd (1),
.BR ldapmodify (1),
.BR slapadd (8),
.BR slapcat (8),
.BR slapd\-ldif (5).
.LP
"LDAP Data Interchange Format," Good, G., RFC 2849.
.SH ACKNOWLEDGEMENTS
.lf 1 ./../Project
.\" Shared Project Acknowledgement Text
.B "OpenLDAP Software"
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
.B "OpenLDAP Software"
is derived from the University of Michigan LDAP 3.3 Release.  
.lf 278 stdin
PK�����"k\/\~8a��8a��
��man3/mcrypt.3nu��[�����������.TH MCRYPT 3 "10 March 2002"
.SH NAME
libmcrypt \- encryption/decryption library
.SH SYNOPSIS
[see also
.I mcrypt.h
for more information]
.SH DESCRIPTION
The
.I libmcrypt
is a data encryption library.
The library is thread safe and provides encryption and decryption functions.
This version of the library supports many encryption algorithms and encryption
modes. Some algorithms which are supported:
SERPENT, RIJNDAEL, 3DES, GOST, SAFER+, CAST-256, RC2, XTEA, 3WAY,
TWOFISH, BLOWFISH, ARCFOUR, WAKE and more. 
.LP
OFB, CBC, ECB, nOFB, nCFB and CFB are the modes that all algorithms may function.
ECB, CBC, encrypt in blocks but CTR, nCFB, nOFB, CFB and OFB in bytes (streams). 
Note that CFB and OFB in the rest of the document represent the "8bit CFB or OFB" mode.
nOFB and nCFB modes represents a n-bit OFB/CFB mode, n is used to represent the
algorithm's block size.
The library supports an extra STREAM mode to include some stream algorithms
like WAKE or ARCFOUR.

In this version of the library all modes and algorithms are modular,
which means that the algorithm and the mode is loaded at run-time.
This way you can add algorithms and modes faster, and much easier.

.I LibMcrypt
includes the following symmetric (block) algorithms:

.B DES: 
The traditional DES algorithm designed by IBM and US NSA. 
Uses 56 bit key and 64 bit block. It is now considered a weak
algorithm, due to its small key size (it was never intended for use
with classified data).

.B 3DES or Triple DES:
DES but with multiple (triple) encryption. It encrypts the plaintext
once, then decrypts it with the second key, and encrypts it again with
the third key (outer cbc mode used for cbc). 
Much better than traditional DES since the key is now 168 bits (actually
the effective key length is 112 bits due to the meet-in-the-middle attack).

.B CAST-128:
CAST was designed in Canada by Carlisle Adams and Stafford Tavares.
The original algorithm used a 64bit key and block. The algorithm
here is CAST-128 (also called CAST5) which has a 128bit key and 64bit block size.

.B CAST-256:
CAST-256 was designed by Carlisle Adams. It is a symmetric cipher designed in
accordance with the CAST design procedure. It is an extention of
the CAST-128, having a 128 bit block size, and up to 256 bit key size.

.B xTEA:
TEA stands for the Tiny Encryption Algorithm. It is a feistel cipher 
designed by David Wheeler & Roger M. Needham.
The original TEA was intended for use in applications where
code size is at a premium, or where it is necessary for someone to remember 
the algorithm and code it on an arbitrary machine at a later time.
The algorithm used here is extended TEA and has a 128bit key size and
64bit block size.

.B 3-WAY:
The 3way algorithm designed by Joan Daemen. It uses key and block size
of 96 bits. 

.B SKIPJACK:
SKIPJACK was designed by the US NSA. It was part of the ill-fated
"Clipper" Escrowed Encryption Standard (EES) (FIPS 185) proposal. It
operates on 64bit blocks and uses a key of 80 bits. SKIPJACK is provided only as an extra module to libmcrypt.

.B BLOWFISH: 
The Blowfish algorithm designed by Bruce Schneier. It is better and faster 
than DES. It can use a key up to 448 bits.

.B TWOFISH:
Twofish was designed by Bruce Schneier, Doug Whiting, John Kelsey, Chris
Hall, David Wagner for Counterpane systems. Intended to be highly secure 
and highly flexible. It uses a 128bit block size and 128,192,256 bit key size.
(Twofish is the default algorithm)

.B LOKI97:
LOKI97 was designed by Lawrie Brown and Josef Pieprzyk. It has a 128-bit
block length and a 256bit key schedule, which can be initialized
using 128, 192 or 256 bit keys. It has evolved from the
earlier LOKI89 and LOKI91 64-bit block ciphers, with a strengthened key
schedule and a larger keyspace.

.B RC2:
RC2 (RC stands for Rivest Cipher) was designed by Ron Rivest. It uses block size of 64 bit and a key size
from 8 to 1024 bits. It is optimized for 16bit microprocessors (reflecting
its age). It is described in the RFC2268.

.B ARCFOUR:
RC4 was designed by Ron Rivest. For several years this algorithm was
considered a trade secret and details were not available. In September 1994 someone
posted the source code in the cypherpunks mailing list. Although the source
code is now available RC4 is trademarked by RSADSI so a compatible cipher named
ARCFOUR is included in the mcrypt distribution. It is a stream cipher
and has a maximum key of 2048 bits.

.B RC6:
RC6 was designed by Ron Rivest for RSA labs. In mcrypt it uses block size of 128 bit and
a key size of 128/192/256 bits.
Refer to RSA Labs and Ron Rivest for any copyright, patent or license issues
for the RC6 algorithm. RC6 is provided only as an extra module to libmcrypt.

.B RIJNDAEL:
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen,
and was approved for the USA's NIST Advanced Encryption Standard, FIPS-197.
The cipher has a variable block length and key length. Rijndael can be implemented very efficiently on a wide range
of processors and in hardware. The design of Rijndael was strongly influenced
by the design of the block cipher Square. 
There exist three versions of this algorithm, namely:
.B RIJNDAEL-128 (the AES winner)
,
.B RIJNDAEL-192
,
.B RIJNDAEL-256
The numerals 128, 192 and 256 stand for the length of the block size.

.B MARS:
MARS is a 128-bit block cipher designed by IBM as a candidate for the 
Advanced Encryption Standard. Refer to IBM for any copyright, patent or license issues
for the MARS algorithm. MARS is provided only as an extra module to libmcrypt.

.B PANAMA:
PANAMA is a cryptographic module that can be used both as a
cryptographic hash function and as a stream cipher. It designed by Joan 
Daemen and Craig Clapp. PANAMA (the stream cipher) is included in
libmcrypt.

.B WAKE:
WAKE stands for Word Auto Key Encryption, and is an encryption system for 
medium speed encryption of blocks and of high security. 
WAKE was designed by David J. Wheeler. It is intended to 
be fast on most computers and relies on repeated table use and having a 
large state space. 

.B SERPENT:
Serpent is a 128-bit block cipher designed by Ross Anderson, Eli Biham and
Lars Knudsen as a candidate for the Advanced Encryption Standard.
Serpent's design was limited to well understood mechanisms, so that
could rely on the wide experience of block cipher cryptanalysis, and
achieve the highest practical level of assurance that no shortcut attack will
be found. Serpent has twice as many rounds as are necessary, to block all
currently known shortcut attacks. Despite these exacting design constraints,
Serpent is faster than DES. 

.B IDEA:
IDEA stands for International Data Encryption Algorithm and was designed
by Xuejia Lai and James Massey. It operates on 64bit blocks and uses a key of 128 bits.
Refer to Ascom-Tech AG for any copyright, patent or license issues
for the IDEA algorithm. IDEA is provided only as an extra module to libmcrypt.

.B ENIGMA (UNIX crypt):
A one-rotor machine designed along the lines of Enigma but considerable
trivialized. Very easy to break for a skilled cryptanalyst.
I suggest against using it. Added just for completeness.

.B GOST:
A former soviet union's algorithm. An acronym for "Gosudarstvennyi Standard" 
or Government Standard. It uses a 256 bit key and a 64 bit block.
 The S-boxes used here are described in the Applied Cryptography book
by Bruce Schneier. They were used in an application for the Central Bank
of the Russian Federation. 
 Some quotes from gost.c:
The standard is written by A. Zabotin (project leader), G.P. Glazkov,
and V.B. Isaeva.  It was accepted and introduced into use by the
action of the State Standards Committee of the USSR on 2 June 1989 as
No. 1409.  It was to be reviewed in 1993, but whether anyone wishes
to take on this obligation from the USSR is questionable.
 This code is based on the 25 November 1993 draft translation
by Aleksandr Malchik, with Whitfield Diffie, of the Government
Standard of the U.S.S.R. GOST 28149-89, "Cryptographic Transformation
Algorithm", effective 1 July 1990.  (Whitfield.Diffie@eng.sun.com)
Some details have been cleared up by the paper "Soviet Encryption
Algorithm" by Josef Pieprzyk and Leonid Tombak of the University
of Wollongong, New South Wales.  (josef/leo@cs.adfa.oz.au)

.B SAFER:
SAFER (Secure And Fast Encryption Routine) is a block cipher developed
by Prof. J.L. Massey at the Swiss Federal Institute of Technology.
There exist four versions of this algorithm, namely:
.B SAFER K-64
,
.B SAFER K-128
,
.B SAFER SK-64
and
.B SAFER SK-128.
The numerals 64 and 128 stand for the length of the user-selected
key, 'K' stands for the original key schedule and 'SK' stands for the
strengthened key schedule (in which some of the "weaknesses" of the
original key schedule have been removed). In mcrypt only SAFER SK-64 and
SAFER SK-128 are used.

.B SAFER+:
SAFER+ was designed by Prof. J.L. Massey, Prof. Gurgen H. Khachatrian and
Dr. Melsik K. Kuregian for Cylink. SAFER+ is based on the existing SAFER
family of ciphers and provides for a block size of 128bits and 128, 192
and 256 bits key length.


.LP
A short description of the modes supported by libmcrypt:

.B STREAM: 
The mode used with stream ciphers. In this mode the keystream from
the cipher is XORed with the plaintext. Thus you should NOT ever use the
same key.

.B ECB: 
The Electronic CodeBook mode. It is the simplest mode to use with a 
block cipher. Encrypts each block independently. It is a block mode
so plaintext length should be a multiple of blocksize (n*blocksize).

.B CBC:
The Cipher Block Chaining mode. It is better than ECB since the plaintext
is XOR'ed with the previous ciphertext. A random block should be placed as the
first block (IV) so the same block or messages always encrypt to something
different. It is a block mode so plaintext length should be a multiple 
of blocksize (n*blocksize).

.B CFB:
The Cipher-Feedback Mode (in 8bit). This is a self-synchronizing
stream cipher implemented from a block cipher. This is the best mode
to use for encrypting strings or streams. This mode requires an IV.

.B OFB:
The Output-Feedback Mode (in 8bit). This is a synchronous
stream cipher implemented from a block cipher. It is intended for use
in noisy lines, because corrupted ciphertext blocks do not corrupt the
plaintext blocks that follow. Insecure (because used in 8bit mode) so it is
recommended not to use it. Added just for completeness.

.B nOFB:
The Output-Feedback Mode (in nbit). n Is the size of the block of the
algorithm. This is a synchronous stream cipher implemented from a block
cipher. It is intended for use in noisy lines, because corrupted ciphertext
blocks do not corrupt the plaintext blocks that follow. This mode
operates in streams.

.B nCFB:
The Cipher-Feedback Mode (in nbit). n Is the size of the block of the
algorithm. This is a self synchronizing stream cipher implemented from a block
cipher. This mode operates in streams.

.B CTR:
The Counter Mode. This is a stream cipher implemented from a block
cipher. This mode uses the cipher to encrypt a set of input blocks, called
counters, to produce blocks that will be XORed with the plaintext.
In libmcrypt the counter is the given IV which is incremented at each step.
This mode operates in streams.

.B Error Recovery in these modes:
If bytes are removed or lost from the file or stream in ECB, CTR, CBC and OFB modes,
are impossible to recover, although CFB and nCFB modes will recover. If some
bytes are altered then a full block of plaintext is affected in ECB, nOFB and CTR modes,
two blocks in CBC, nCFB and CFB modes, but only the corresponding byte in OFB mode.

.LP
Encryption can be done as follows:

A call to function:
.B    MCRYPT mcrypt_module_open( char *algorithm, char* algorithm_directory, 
.B				char* mode, char* mode_directory);

This function associates the algorithm and the mode specified. 
The name of the algorithm is specified in algorithm, eg "twofish", and the algorithm_directory
is the directory where the algorithm is (it may be null if it is
the default). The same applies for the mode.
The library is closed by calling mcrypt_module_close(), but you should
not call that function if mcrypt_generic_end() is called before.
Normally it returns an encryption descriptor,
or MCRYPT_FAILED on error.

A call to function:
.B    int mcrypt_generic_init( MCRYPT td, void *key,
.B                               int lenofkey,
.B                               void *IV);

This function initializes all buffers for the specified thread
The maximum value of lenofkey should be the one obtained by 
calling mcrypt_get_key_size() and every value smaller than this is legal.
Note that Lenofkey should be specified in bytes not bits.
The IV should normally have the size of the algorithms block size, but
you must obtain the size by calling mcrypt_get_iv_size().
IV is ignored in ECB. IV MUST exist in CFB, CBC, STREAM, nOFB and
OFB modes. It needs to be random and unique (but not secret). The same IV must be used
for encryption/decryption. 
After calling this function you can use the descriptor for encryption
or decryption (not both). 
Returns a negative value on error.

To encrypt now call:

.B    int mcrypt_generic( MCRYPT td, void *plaintext, int len);

This is the main encryption function. td is the encryption descriptor
returned by mcrypt_generic_init(). Plaintext is the plaintext you
wish to encrypt and len should be the length (in bytes) of the
plaintext and it should be k*algorithms_block_size if used in a mode
which operated in blocks (cbc, ecb, nofb), or whatever when used in
cfb or ofb which operate in streams. The plaintext is replaced by the
ciphertext. Returns 0 on success.

To decrypt you can call:

.B    int mdecrypt_generic( MCRYPT td, void *ciphertext, int len);

The decryption function. It is almost the same with mcrypt_generic.
Returns 0 on success.

When you're finished you should call:

.B    int mcrypt_generic_end( MCRYPT td);

This function terminates encryption specified by the encryption descriptor (td).
Actually it clears all buffers, and closes all the modules used.
Returns a negative value on error.
.B This function is deprecated.
Use mcrypt_generic_deinit() and mcrypt_module_close() instead.

.B    int mcrypt_generic_deinit( MCRYPT td);

This function terminates encryption specified by the encryption descriptor (td).
Actually it clears all buffers. The difference with mcrypt_generic_end() is that
this function does not close the modules used. Thus you should use mcrypt_module_close().
Using this function you gain in speed if you use the same modules for several 
encryptions.
Returns a negative value on error.

.B    int mcrypt_module_close( MCRYPT td);

This function closes the modules used by the descriptor td.

.P
These are some extra functions that operate on modules that have been opened:
These functions have the prefix mcrypt_enc_*. 

.B    int mcrypt_enc_set_state(MCRYPT td, void *state, int size);
This function sets the state of the algorithm. Can
be used only with block algorithms and certain modes like CBC, CFB etc. 
It is usefully if you want to restart or start a different encryption quickly. 
Returns zero on success. The state is the output of mcrypt_enc_get_state().

.B    int mcrypt_enc_get_state(MCRYPT td, void *state, int *size);
This function returns the state of the algorithm. Can
be used only certain modes and algorithms. The size will hold the
size of the state and the state must have enough bytes to hold it.
Returns zero on success.

.B    int mcrypt_enc_self_test( MCRYPT td);

This function runs the self test on the algorithm specified by the descriptor
td. If the self test succeeds it returns zero. 

.B    int mcrypt_enc_is_block_algorithm_mode( MCRYPT td);

Returns 1 if the mode is for use with block algorithms, otherwise
it returns 0. (eg. 0 for stream, and 1 for cbc, cfb, ofb)

.B    int mcrypt_enc_is_block_algorithm( MCRYPT td);

Returns 1 if the algorithm is a block algorithm or 0 if it is a stream
algorithm.

.B    int mcrypt_enc_is_block_mode( MCRYPT td);

Returns 1 if the mode outputs blocks of bytes or 0 if it outputs bytes.
(eg. 1 for cbc and ecb, and 0 for cfb and stream)

.B    int mcrypt_enc_get_block_size( MCRYPT td);

Returns the block size of the algorithm specified by the encryption descriptor
in bytes. The algorithm MUST be opened using mcrypt_module_open().

.B    int mcrypt_enc_get_key_size( MCRYPT td); 

Returns the maximum supported key size of the algorithm specified by the encryption descriptor
in bytes. The algorithm MUST be opened using mcrypt_module_open().

.B    int* mcrypt_enc_get_supported_key_sizes( MCRYPT td, int* sizes)

Returns the key sizes supported by the algorithm specified by the encryption descriptor. 
If sizes is zero and returns NULL then all key sizes between 1 and mcrypt_get_key_size() are
supported by the algorithm. If it is 1 then only the mcrypt_get_key_size()
size is supported and sizes[0] is equal to it. If it is greater than 1 then
that number specifies the number of elements in sizes which are the key
sizes that the algorithm supports. The returned value is allocated with
malloc, so you should not forget to free it.

.B    int mcrypt_enc_get_iv_size( MCRYPT td); 

Returns size of the IV of the algorithm specified by the encryption descriptor
in bytes. The algorithm MUST be opened using mcrypt_module_open().
If it is '0' then the IV is ignored in that algorithm. IV is used in CBC,
CFB, OFB modes, and in some algorithms in STREAM mode.

.B    int mcrypt_enc_mode_has_iv( MCRYPT td); 

Returns 1 if the mode needs an IV, 0 otherwise. Some 'stream' algorithms
may need an IV even if the mode itself does not need an IV.

.B    char* mcrypt_enc_get_algorithms_name( MCRYPT td);

Returns a character array containing the name of the algorithm.
The returned value is allocated with malloc, so you should not forget to 
free it.

.B    char* mcrypt_enc_get_modes_name( MCRYPT td);

Returns a character array containing the name of the mode.
The returned value is allocated with malloc, so you should not forget to 
free it.

.P
These are some extra functions that operate on modules:
These functions have the prefix mcrypt_module_*.

.B    int mcrypt_module_self_test (char* algorithm, char* directory);

This function runs the self test on the specified algorithm. If the self
test succeeds it returns zero. 

.B    int mcrypt_module_is_block_algorithm_mode( char* algorithm, char* directory);

Returns 1 if the mode is for use with block algorithms, otherwise
it returns 0. (eg. 0 for stream, and 1 for cbc, cfb, ofb)

.B    int mcrypt_module_is_block_algorithm( char* mode, char* directory);

Returns 1 if the algorithm is a block algorithm or 0 if it is a stream
algorithm.

.B    int mcrypt_module_is_block_mode( char* mode, char* directory);

Returns 1 if the mode outputs blocks of bytes or 0 if it outputs bytes.
(eg. 1 for cbc and ecb, and 0 for cfb and stream)

.B    int mcrypt_module_get_algo_block_size( char* algorithm, char* directory);

Returns the block size of the algorithm.

.B    int mcrypt_module_get_algo_key_size( char* algorithm, char* directory);

Returns the maximum supported key size of the algorithm.

.B    int* mcrypt_module_get_algo_supported_key_sizes( char* algorithm, char* directory, int* sizes);

Returns the key sizes supported by the algorithm. If sizes is zero and 
returns NULL then all key sizes between 1 and mcrypt_get_key_size() are
supported by the algorithm. If it is 1 then only the mcrypt_get_key_size()
size is supported and sizes[0] is equal to it. If it is greater than 1 then
that number specifies the number of elements in sizes which are the key
sizes that the algorithm supports. This function differs to
mcrypt_enc_get_supported_key_sizes(), because the return value here is
allocated (not static), thus it should be freed.

.LP

.B char** mcrypt_list_algorithms ( char* libdir, int* size);

Returns a pointer to a character array containing all
the mcrypt algorithms located in the libdir, or if it is NULL, in
the default directory. The size is the number of the character arrays.
The arrays are allocated internally and should be freed by using mcrypt_free_p().

.B char** mcrypt_list_modes ( char* libdir, int *size);

Returns a pointer to a character array containing all
the mcrypt modes located in the libdir, or if it is NULL, in
the default directory. The size is the number of the character arrays.
The arrays should be freed by using mcrypt_free_p().

.B void mcrypt_free_p (char **p, int size);

Frees the pointer to array returned by previous functions.

.B void mcrypt_free (void *ptr);

Frees the memory used by the pointer.

.B    void mcrypt_perror(int err);

This function prints a human readable description of the error 'err' in the stderr.
The err should be a value returned by mcrypt_generic_init().

.B    const char* mcrypt_strerror(int err);

This function returns a human readable description of the error 'err'.
The err should be a value returned by mcrypt_generic_init().

.B    int mcrypt_mutex_register ( void (*mutex_lock)(void) , void (*mutex_unlock)(void) );

This function is only used in multithreaded application and only if compiled
with dynamic module loading support. This is actually used
internally in libltdl. Except for the dynamic module loading libmcrypt is 
thread safe.

.LP
Some example programs follow here. Compile as "cc prog.c -lmcrypt", or
"cc prog.c -lmcrypt -lltdl" depending on your installation.
Libltdl is used for opening dynamic libraries (modules).

.nf
/* First example: Encrypts stdin to stdout using TWOFISH with 128 bit key and CFB */

#include <mcrypt.h>
#include <stdio.h>
#include <stdlib.h>
/* #include <mhash.h> */

main() {

  MCRYPT td;
  int i;
  char *key;
  char password[20];
  char block_buffer;
  char *IV;
  int keysize=16; /* 128 bits */

  key=calloc(1, keysize);
  strcpy(password, "A_large_key");

/* Generate the key using the password */
/*  mhash_keygen( KEYGEN_MCRYPT, MHASH_MD5, key, keysize, NULL, 0, password, strlen(password));
 */
  memmove( key, password, strlen(password));

  td = mcrypt_module_open("twofish", NULL, "cfb", NULL);
  if (td==MCRYPT_FAILED) {
     return 1;
  }
  IV = malloc(mcrypt_enc_get_iv_size(td));

/* Put random data in IV. Note these are not real random data, 
 * consider using /dev/random or /dev/urandom.
 */

  /*  srand(time(0)); */
  for (i=0; i< mcrypt_enc_get_iv_size( td); i++) {
    IV[i]=rand();
  }

  i=mcrypt_generic_init( td, key, keysize, IV);
  if (i<0) {
     mcrypt_perror(i);
     return 1;
  }

  /* Encryption in CFB is performed in bytes */
  while ( fread (&block_buffer, 1, 1, stdin) == 1 ) {
      mcrypt_generic (td, &block_buffer, 1);

/* Comment above and uncomment this to decrypt */
/*    mdecrypt_generic (td, &block_buffer, 1);  */

      fwrite ( &block_buffer, 1, 1, stdout);
  }

/* Deinit the encryption thread, and unload the module */
  mcrypt_generic_end(td);

  return 0;

}


/* Second Example: encrypts using CBC and SAFER+ with 192 bits key */

#include <mcrypt.h>
#include <stdio.h>
#include <stdlib.h>

main() {

  MCRYPT td;
  int i;
  char *key; /* created using mcrypt_gen_key */
  char *block_buffer;
  char *IV;
  int blocksize;
  int keysize = 24; /* 192 bits == 24 bytes */


  key = calloc(1, keysize);
  strcpy(key, "A_large_and_random_key"); 

  td = mcrypt_module_open("saferplus", NULL, "cbc", NULL);

  blocksize = mcrypt_enc_get_block_size(td);
  block_buffer = malloc(blocksize);
/* but unfortunately this does not fill all the key so the rest bytes are
 * padded with zeros. Try to use large keys or convert them with mcrypt_gen_key().
 */

  IV=malloc(mcrypt_enc_get_iv_size(td));

/* Put random data in IV. Note these are not real random data, 
 * consider using /dev/random or /dev/urandom.
 */

/* srand(time(0)); */
  for (i=0; i < mcrypt_enc_get_iv_size(td); i++) {
    IV[i]=rand();
  }

  mcrypt_generic_init( td, key, keysize, IV);

  /* Encryption in CBC is performed in blocks */
  while ( fread (block_buffer, 1, blocksize, stdin) == blocksize ) {
      mcrypt_generic (td, block_buffer, blocksize);
/*      mdecrypt_generic (td, block_buffer, blocksize); */
      fwrite ( block_buffer, 1, blocksize, stdout);
  }

/* deinitialize the encryption thread */
  mcrypt_generic_deinit (td);

/* Unload the loaded module */
  mcrypt_module_close(td);
  return 0;

}
.fi

.LP
The library does not install any signal handler. 
.LP
Questions about libmcrypt should be sent to:
.IP
mcrypt-dev@lists.hellug.gr
or, if this fails, to the author addresses given below.
The mcrypt home page is:
.IP
http://mcrypt.hellug.gr
.LP
.SH AUTHORS
Version 2.4
Copyright (C) 1998-1999 Nikos Mavroyanopoulos (nmav@hellug.gr).
.LP
Thanks to all the people who reported problems and suggested various
improvements for mcrypt; who are too numerous to cite here.
.LP
.\" end of man page
PK��������Ec\&
fE��E������������������man1/nosetests.1nu��[�����������PK�������f\�/f������������������OE��man7/kerberos.7nu��[�����������PK�������f\3��d����������������Vb��man5/k5login.5nu��[�����������PK�������f\�ք�������������������m��man5/k5identity.5nu��[�����������PK�������f\F�~���������������������y��man5/krb5.conf.5nu��[�����������PK�������f\��H�������������������=�man5/.k5identity.5nu��[�����������PK�������f\tSX��������������������=�man5/.k5login.5nu��[�����������PK�������[�g\<��z���z���������������Q>�man1/pcregrep.1nu��[�����������PK�������[�g\���0���0���������������
��man1/pcretest.1nu��[�����������PK�������[�g\1ⱐ�
���
��������������y��man1/pcre-config.1nu��[�����������PK������� h\�t��������������������f��man1/xml2-config.1nu��[�����������PK������� h\/�+&Q!��Q!�����������������man1/xmlcatalog.1nu��[�����������PK������� h\zH��4���4��������������#��man1/xmllint.1nu��[�����������PK�������jSi\m�&$��$����������������man3/ld_errno.3nu��[�����������PK�������jSi\�շY������������������j�man3/ber_bvfree.3nu��[�����������PK�������jSi\�4�������������������1%�man3/ldap_modify_s.3nu��[�����������PK�������jSi\��1ܽ�����������������>7�man3/ldap_control_create.3nu��[�����������PK�������jSi\���0��0��������������EC�man3/ldap_memfree.3nu��[�����������PK�������jSi\���0��0���������������I�man3/ldap_memcalloc.3nu��[�����������PK�������jSi\��q��q��������������-P�man3/ldap_explode_dn.3nu��[�����������PK�������jSi\�շY�������������������j�man3/ber_bvecadd.3nu��[�����������PK�������jSi\}�q �
���
�����������������man3/ldap_add.3nu��[�����������PK�������jSi\��q��q�����������������man3/ldap_dn2dcedn.3nu��[�����������PK�������jSi\���0��0��������������:��man3/ldap_memrealloc.3nu��[�����������PK�������jSi\�5^#v1��v1�����������������man3/ber_get_stringa.3nu��[�����������PK�������jSi\��n������������������l��man3/ldap_init_fd.3nu��[�����������PK�������jSi\�5^#v1��v1�����������������man3/ber_get_next.3nu��[�����������PK�������jSi\V�H-	��-	��������������?,�man3/ldap_abandon_ext.3nu��[�����������PK�������jSi\���.���.���������������5�man3/ldap_unbind_s.3nu��[�����������PK�������jSi\'�t!�������������������d�man3/ldap_start_tls.3nu��[�����������PK�������jSi\��q��q���������������k�man3/ldap_str2dn.3nu��[�����������PK�������jSi\g�d"#��"#�����������������man3/ldap_str2objectclass.3nu��[�����������PK�������jSi\�5^#v1��v1�����������������man3/ber_peek_tag.3nu��[�����������PK�������jSi\�5^#v1��v1�����������������man3/ber_get_boolean.3nu��[�����������PK�������jSi\�����
���
��������������n
�man3/ldap_get_values.3nu��[�����������PK�������jSi\��A
	��	����������������man3/ldap_modrdn2_s.3nu��[�����������PK�������jSi\]�Ib�	���	���������������!�man3/ldap_delete_ext_s.3nu��[�����������PK�������jSi\��n������������������0,�man3/ldap_initialize.3nu��[�����������PK�������jSi\���������"������������MD�man3/ldap_parse_sasl_bind_result.3nu��[�����������PK�������jSi\�C�B�
���
��������������cT�man3/ldap_compare_ext.3nu��[�����������PK�������jSi\S/�6	��6	���������������_�man3/ldap_next_attribute.3nu��[�����������PK�������jSi\
ݴ�����������������
i�man3/ldap_free_urldesc.3nu��[�����������PK�������jSi\��MK$��K$��������������nu�man3/ber_put_int.3nu��[�����������PK�������jSi\	ȵ����������������������man3/ldap_sort_entries.3nu��[�����������PK�������jSi\a��j	��j	��������������+��man3/ldap_count_entries.3nu��[�����������PK�������jSi\%�&}.��.��������������ި�man3/ldap_dup.3nu��[�����������PK�������jSi\�T����������������K��man3/lber-memory.3nu��[�����������PK�������jSi\��1ܽ��������������������man3/ldap_controls_dup.3nu��[�����������PK�������jSi\���.���.�����������������man3/ldap_unbind_ext_s.3nu��[�����������PK�������jSi\���.���.����������������man3/ldap_simple_bind_s.3nu��[�����������PK�������jSi\
ݴ�����������������;(�man3/ldap_url_parse.3nu��[�����������PK�������jSi\�^�E/	��/	���������������4�man3/ldap_parse_reference.3nu��[�����������PK�������jSi\�շY������������������>�man3/ber_dupbv.3nu��[�����������PK�������jSi\��MK$��K$���������������W�man3/ber_put_enum.3nu��[�����������PK�������jSi\	ȵ�������������������g|�man3/ldap_sort_values.3nu��[�����������PK�������jSi\��q��q�����������������man3/ldap_dnfree.3nu��[�����������PK�������jSi\a��j	��j	��������������I��man3/ldap_next_entry.3nu��[�����������PK�������jSi\g�d"#��"#�����������������man3/ldap_syntax2str.3nu��[�����������PK�������jSi\�����
���
��������������a��man3/ldap_count_values_len.3nu��[�����������PK�������jSi\��A
	��	�����������������man3/ldap_modrdn.3nu��[�����������PK�������jSi\g�d"#��"#�����������������man3/ldap_syntax2name.3nu��[�����������PK�������jSi\��MK$��K$��������������P�man3/ber_put_string.3nu��[�����������PK�������jSi\�շY�������������������%�man3/ber_bvarray_add.3nu��[�����������PK�������jSi\'�t!�������������������?�man3/ldap_tls.3nu��[�����������PK�������jSi\M7��R#��R#���������������F�man3/ldap.3nu��[�����������PK�������jSi\OPh��
���
��������������j�man3/ldap_rename_s.3nu��[�����������PK�������jSi\g�d"#��"#���������������t�man3/ldap_objectclass2str.3nu��[�����������PK�������kSi\g�d"#��"#��������������Q��man3/ldap_attributetype2name.3nu��[�����������PK�������kSi\���.���.�����������������man3/ldap_unbind_ext.3nu��[�����������PK�������kSi\�����
���
����������������man3/ldap_count_values.3nu��[�����������PK�������kSi\��MK$��K$��������������5��man3/ber_flush.3nu��[�����������PK�������kSi\���0��0����������������man3/ldap_memory.3nu��[�����������PK�������kSi\a��j	��j	��������������2!�man3/ldap_first_entry.3nu��[�����������PK�������kSi\J�s*	��*	���������������*�man3/ldap_parse_vlv_control.3nu��[�����������PK�������kSi\�C�B�
���
��������������Z4�man3/ldap_compare_s.3nu��[�����������PK�������kSi\�c%u��u���������������?�man3/ldap_search_st.3nu��[�����������PK�������kSi\}�q �
���
��������������<T�man3/ldap_add_ext_s.3nu��[�����������PK�������kSi\Y��X<L��<L��������������_�man3/ldap_get_option.3nu��[�����������PK�������kSi\�5^#v1��v1�����������������man3/ber_next_element.3nu��[�����������PK�������kSi\g�d"#��"#��������������Z��man3/ldap_str2matchingrule.3nu��[�����������PK�������kSi\�5^#v1��v1����������������	�man3/ber_get_bitstring.3nu��[�����������PK�������kSi\��q��q���������������2	�man3/ldap_dn2ufn.3nu��[�����������PK�������kSi\��MK$��K$��������������9M	�man3/ber_put_null.3nu��[�����������PK�������kSi\}�q �
���
���������������q	�man3/ldap_add_s.3nu��[�����������PK�������kSi\���	���	�� �������������|	�man3/ldap_extended_operation_s.3nu��[�����������PK�������kSi\��1ܽ�����������������؆	�man3/ldap_control_dup.3nu��[�����������PK�������kSi\��1ܽ�����������������ܒ	�man3/ldap_controls.3nu��[�����������PK�������kSi\g�d"#��"#��������������ݞ	�man3/ldap_schema.3nu��[�����������PK�������kSi\���0��0��������������A�	�man3/ldap_strdup.3nu��[�����������PK�������kSi\�շY��������������������	�man3/ber_bvdup.3nu��[�����������PK�������kSi\�Q�}
&��
&��������������y�	�man3/ldap_sync.3nu��[�����������PK�������kSi\'�t!�������������������
�man3/ldap_install_tls.3nu��[�����������PK�������kSi\�c%u��u���������������
�man3/ldap_search_ext_s.3nu��[�����������PK�������kSi\
ݴ�����������������f$
�man3/ldap_url.3nu��[�����������PK�������kSi\���.���.���������������0
�man3/ldap_sasl_bind.3nu��[�����������PK�������kSi\�w;+-	��-	��������������`
�man3/ldap_count_references.3nu��[�����������PK�������kSi\���	���	��������������zi
�man3/ldap_extended_operation.3nu��[�����������PK�������kSi\�4��������������������s
�man3/ldap_modify_ext_s.3nu��[�����������PK�������kSi\��q��q����������������
�man3/ldap_dn2ad_canonical.3nu��[�����������PK�������kSi\g�d"#��"#��������������{�
�man3/ldap_scherr2str.3nu��[�����������PK�������kSi\�4���������������������
�man3/ldap_modify.3nu��[�����������PK�������kSi\V�H-	��-	����������������
�man3/ldap_abandon.3nu��[�����������PK�������kSi\Y��X<L��<L��������������^�
�man3/ldap_set_option.3nu��[�����������PK�������kSi\	ȵ��������������������+�man3/ldap_sort_strcasecmp.3nu��[�����������PK�������kSi\�5^#v1��v1��������������1�man3/ber_get_null.3nu��[�����������PK�������kSi\]�Ib�	���	���������������b�man3/ldap_delete_s.3nu��[�����������PK�������kSi\��MK$��K$��������������m�man3/ber_put_seq.3nu��[�����������PK�������kSi\t5d����������������������man3/lber-sockbuf.3nu��[�����������PK�������kSi\�E͡��������������������man3/ldap_result.3nu��[�����������PK�������kSi\NO
��O
�����������������man3/ldap_first_message.3nu��[�����������PK�������kSi\���0��0��������������0��man3/ldap_memalloc.3nu��[�����������PK�������kSi\���.���.�����������������man3/ldap_simple_bind.3nu��[�����������PK�������kSi\��A
	��	����������������man3/ldap_modrdn_s.3nu��[�����������PK�������kSi\�շY������������������=�man3/ber_free.3nu��[�����������PK�������kSi\�w;+-	��-	���������������man3/ldap_next_reference.3nu��[�����������PK�������kSi\�c%u��u��������������y'�man3/ldap_search_s.3nu��[�����������PK�������kSi\�c%u��u��������������2<�man3/ldap_search_ext.3nu��[�����������PK�������kSi\�C�B�
���
���������������P�man3/ldap_compare.3nu��[�����������PK�������kSi\�շY������������������\�man3/ber_bvarray_free.3nu��[�����������PK�������kSi\g�d"#��"#���������������u�man3/ldap_objectclass2name.3nu��[�����������PK�������kSi\�շY������������������N��man3/ber_str2bv.3nu��[�����������PK�������kSi\	ȵ���������������������man3/ldap_sort.3nu��[�����������PK�������kSi\�4�������������������=��man3/ldap_modify_ext.3nu��[�����������PK�������kSi\�����
���
��������������L��man3/ldap_get_values_len.3nu��[�����������PK�������kSi\�E͡�����������������~��man3/ldap_msgfree.3nu��[�����������PK�������kSi\g�d"#��"#��������������b��man3/ldap_str2attributetype.3nu��[�����������PK�������kSi\NO
��O
���������������

�man3/ldap_count_messages.3nu��[�����������PK�������kSi\��1ܽ�����������������j
�man3/ldap_controls_free.3nu��[�����������PK�������kSi\�5^#v1��v1��������������p!
�man3/ber_scanf.3nu��[�����������PK�������kSi\g�d"#��"#��������������&S
�man3/ldap_matchingrule2str.3nu��[�����������PK�������kSi\g�d"#��"#���������������v
�man3/ldap_objectclass_free.3nu��[�����������PK�������kSi\��MK$��K$���������������
�man3/ber_put_ostring.3nu��[�����������PK�������kSi\OPh��
���
����������������
�man3/ldap_rename.3nu��[�����������PK�������kSi\g�d"#��"#��������������^�
�man3/ldap_attributetype_free.3nu��[�����������PK�������kSi\���.���.����������������
�man3/ldap_set_rebind_proc.3nu��[�����������PK�������kSi\�����
���
���������������man3/ldap_value_free_len.3nu��[�����������PK�������kSi\��MK$��K$��������������I'�man3/ber_printf.3nu��[�����������PK�������kSi\��q��q���������������K�man3/ldap_dn2str.3nu��[�����������PK�������kSi\g�d"#��"#���������������f�man3/ldap_matchingrule_free.3nu��[�����������PK�������kSi\���.���.�����������������man3/ldap_sasl_bind_s.3nu��[�����������PK�������kSi\��n������������������<��man3/ldap_open.3nu��[�����������PK�������kSi\�c%u��u��������������S��man3/ldap_search.3nu��[�����������PK�������kSi\�5^#v1��v1��������������
��man3/ber_get_stringb.3nu��[�����������PK�������kSi\��n��������������������man3/ldap_set_urllist_proc.3nu��[�����������PK�������kSi\m�&$��$���������������/�man3/ldap_perror.3nu��[�����������PK�������kSi\'�t!������������������OJ�man3/ldap_start_tls_s.3nu��[�����������PK�������kSi\m�&$��$��������������5Q�man3/ldap_error.3nu��[�����������PK�������kSi\�����
���
���������������k�man3/ldap_value_free.3nu��[�����������PK�������kSi\�շY�������������������v�man3/ber_bvecfree.3nu��[�����������PK�������kSi\]�Ib�	���	�����������������man3/ldap_delete_ext.3nu��[�����������PK�������kSi\���.���.��������������Κ�man3/ldap_bind_s.3nu��[�����������PK�������kSi\�E͡�������������������man3/ldap_msgtype.3nu��[�����������PK�������kSi\�C�B�
���
�����������������man3/ldap_compare_ext_s.3nu��[�����������PK�������kSi\S/�6	��6	����������������man3/ldap_first_attribute.3nu��[�����������PK�������kSi\��MK$��K$�����������������man3/ber_put_set.3nu��[�����������PK�������kSi\�4�������������������,�man3/ldap_mods_free.3nu��[�����������PK�������kSi\��MK$��K$��������������:'�man3/ber_start_set.3nu��[�����������PK�������kSi\g�d"#��"#���������������K�man3/ldap_str2syntax.3nu��[�����������PK�������kSi\m�&$��$��������������1o�man3/ldap_result2error.3nu��[�����������PK�������kSi\�E͡��������������������man3/ldap_msgid.3nu��[�����������PK�������kSi\%�&}.��.����������������man3/ldap_destroy.3nu��[�����������PK�������lSi\��q��q����������������man3/ldap_get_dn.3nu��[�����������PK�������lSi\���.���.�����������������man3/ldap_unbind.3nu��[�����������PK�������lSi\��n���������������������man3/ldap_init.3nu��[�����������PK�������lSi\NO
��O
����������������man3/ldap_next_message.3nu��[�����������PK�������lSi\�w;+-	��-	����������������man3/ldap_first_reference.3nu��[�����������PK�������lSi\}�q �
���
��������������	 �man3/ldap_add_ext.3nu��[�����������PK�������lSi\m�&$��$���������������*�man3/ldap_err2string.3nu��[�����������PK�������lSi\g�d"#��"#��������������PE�man3/ldap_attributetype2str.3nu��[�����������PK�������lSi\g�d"#��"#���������������h�man3/ldap_matchingrule2name.3nu��[�����������PK�������lSi\�6+������������������.��man3/ldap_parse_sort_control.3nu��[�����������PK�������lSi\�5^#v1��v1����������������man3/ber_get_int.3nu��[�����������PK�������lSi\
ݴ��������������������man3/ldap_is_ldap_url.3nu��[�����������PK�������lSi\���������!������������'��man3/ldap_parse_extended_result.3nu��[�����������PK�������lSi\�5^#v1��v1��������������<��man3/lber-decode.3nu��[�����������PK�������lSi\�5^#v1��v1����������������man3/ber_get_enum.3nu��[�����������PK�������lSi\��1ܽ������������������D�man3/ldap_control_free.3nu��[�����������PK�������lSi\�շY�������������������P�man3/ber_bvstr.3nu��[�����������PK�������lSi\]�Ib�	���	��������������xj�man3/ldap_delete.3nu��[�����������PK�������lSi\�շY�������������������t�man3/ber_bvstrdup.3nu��[�����������PK�������lSi\��q��q��������������z��man3/ldap_dcedn2dn.3nu��[�����������PK�������lSi\'�t!������������������/��man3/ldap_tls_inplace.3nu��[�����������PK�������lSi\���0��0����������������man3/ldap_memvfree.3nu��[�����������PK�������lSi\g�d"#��"#�����������������man3/ldap_syntax_free.3nu��[�����������PK�������lSi\��A
	��	�����������������man3/ldap_modrdn2.3nu��[�����������PK�������lSi\��MK$��K$��������������E��man3/ber_alloc_t.3nu��[�����������PK�������lSi\���.���.����������������man3/ldap_bind.3nu��[�����������PK�������lSi\���������������������7�man3/ldap_parse_result.3nu��[�����������PK�������lSi\�5^#v1��v1��������������G�man3/ber_first_element.3nu��[�����������PK�������lSi\��MK$��K$���������������x�man3/lber-encode.3nu��[�����������PK�������lSi\��q��q��������������g��man3/ldap_explode_rdn.3nu��[�����������PK�������lSi\��1ܽ�������������������man3/ldap_control_find.3nu��[�����������PK�������lSi\�5^#v1��v1��������������$��man3/ber_skip_tag.3nu��[�����������PK�������lSi\�շY��������������������man3/lber-types.3nu��[�����������PK�������lSi\m�&$��$����������������man3/ldap_errlist.3nu��[�����������PK�������lSi\�"l��B���B��������������*�man5/ldap.conf.5nu��[�����������PK�������lSi\��lN��N��������������"m�man5/ldif.5nu��[�����������PK�������"k\/\~8a��8a��
���������������man3/mcrypt.3nu��[�����������PK���������A�� ����