OPENLDAP-API-编程简述

OPENLDAPAPI±à³Ì¼òÊö£¨CÓïÑÔ£©×÷ÕߣºtangÒ»¡¢LDAPÄ£Ğ͸ÅÀÀ£º1¡¢LDAPµÄÊı¾İ´æ´¢ÔÚÖÚ¶àµÄEntry£¨ÌõÄ¿£©À2¡¢LDAPÖĞËùÓеÄEntryÒÔÊ÷Ğͽṹ×éÖ¯ÔÚÒ»Æğ£»3¡¢EntryÓÉΨһµÄDN(DistinguishedName)±êʶºÍ¶¨Î»£¬DN¾ÍÊÇÊ÷Éϵ½¸ÃEntryµÄ·¾¶±êʶ£»4¡¢EntryµÄÊı¾İÒÔÊôĞÔĞÎʽ×éÖ¯£¬Ã¿¸öÊôĞÔ¿ÉÒÔÓµÓĞÒ»¸ö»ò¶à¸öÖµ£»5¡¢ÊôĞÔÓи÷×ÔµÄÀàĞÍ£¬Ò»¸öEntryËùÄÜÓµÓеÄÊôĞÔÊÇÓÉÕâ¸öEntryµÄObjectClassÊôĞԹ涨µÄ£»6¡¢Ã¿¸öEntryµÄObjectclassÊôĞÔÖбØĞë°üº¬topÕâ¸öÖµ£¬ÒòΪÔÚtopÕâ¸öObjectClassÖж¨ÒåÁËÊôĞÔObjectClass£¬EntryÖ»ÓĞÉèÖÃÁ˸ÃÊôĞÔÖµ²ÅÄÜÓµÓĞObjectClassµÄÊôĞÔ£¨ÕâÊǸöµİ¹é¶¨Ò壬ÓеãÏòpascalºÍcÀïµÄÏòÇ°ÉùÃ÷£©£»7¡¢EntryÄÜÈİÄɵÄÊôĞÔ¸öÊı¡¢ÊôĞÔÖµµÄÀàĞÍ¡¢ÊôĞÔµÄÃû³Æ£¨±êʶ£©¶¼ÓɸÃEntryµÄObjectCalss¹æ¶¨£¨×¢ÒâÒ»¸öEntryµÄObjectClassÏóËüµÄÆäËüÊôĞÔÒ»ÑùÊÇ¿ÉÒÔÓжà¸öÖµµÄ£©¡£ÒÔÏÂÊÇÁ½¸öEntryµÄ¶¨Ò壺ÒÔÏÂÁ½¸öEntryÊÇͬʱÓÉtop,uidobject,personÈı¸öObjectClass¹æ·¶µÄEntry£¬×¢ÒâËüÃǵÄÈı¸öObjectClassÊôĞÔ;ÓÉÓÚÕâÈı¸öObjectClassÊôĞԵĹ淶£¬ÔÚÔö¼Ó¡¢Ğ޸ÄÕâÁ½¸öEntryʱ±ØĞëÒªÌṩObjectClass¡¢uid¡¢cn¡¢snµÄÊôĞÔÖµ¡££¨¹ØÓÚObject²Î¼ûÏÂÃæµÄÃèÊö£©dn:uid=10207,ou=People,o=VinSide,c=CNobjectclass:topobjectclass:uidobjectobjectclass:personuid:10001cn:gangsn:liudn:uid=10209,ou=People,o=VinSide,c=CNobjectclass:topobjectclass:uidobjectobjectclass:personuid:10002cn:yuqingsn:tang8¡¢ÒÔÏÂÊÇObjectClass(top,uidobject,person)µÄ¶¨Òå:ÆäÖĞÔÚrequiresϵÄÊôĞÔÊÇÉè³É¸ÃObjectClassµÄEntry±ØĞëÒªÉèÖõÄÊôĞÔ£»ÆäÖĞÔÚallowϵÄÊôĞÔÊÇÉè³É¸ÃObjectClassµÄEntry¿ÉÒÔÉèÖõÄÊôĞÔ£¬µ«²»ÊDZØĞëµÄ¡£objectclasstoprequiresobjectClassobjectclassuidobjectrequiresobjectClass,uidobjectclasspersonrequiresobjectClass,sn,cnallowsdescription,seeAlso,telephoneNumber,userPassword9¡¢EntryµÄDNÃèÊöÕâ¸öEntry´¦ÓÚLDAPÊ÷ĞÍÊı¾İ×éÖ¯ÖеÄλÖã¬ÈçDN:uid=10207,ou=People,o=VinSide,c=CNµÄEntry¾ÍÃèÊö¸ÃEntryÊÇDN:ou=People,o=VinSide,c=CNµÄEntryµÄ×Ó½áµã£¬¹ÊÔÚÌí¼ÓDN:uid=10207,ou=People,o=VinSide,c=CNµÄEntryÇ°DN:ou=People,o=VinSide,c=CNµÄEntry±ØĞëÒѾ­¼ÓÈëLDAPÖĞ£»ÔÚɾ³ı½áµãʱҲ´æÔÚͬÑùµÄÎÊÌâ¡£¶ş¡¢Ê¹ÓÃLDAPAPIµÄ²½Ö裺1¡¢ÓÃldap_open()API´ò¿ªÓëLDAP·şÎñÆ÷µÄÁ¬½Ó£¬¸ÃAPI·µ»ØÒ»¸östructLDAPµÄÖ¸Õ룬¸ÃÖ¸Õ뽫ÓÃÓÚÕû¸öLDAPµÄ²Ù×÷¹ı³ÌÖ±µ½½áÊø£»2¡¢ÓÃldap_bind()×壨Èçldap_simple_bind¡¢ldap_kerberos_bindµÈ£©APIÈ¡µÃLDAP·şÎñÆ÷µÄÈÏÖ¤£¬Ö»ÓĞ»ñµÃÈÏÖ¤£¨°üÀ¨ÄäÃûÈÏÖ¤£©ºó²ÅÄܶÔLDAP·şÎñÆ÷Ìá³öÇëÇó£»3¡¢Ö´ĞоßÌåµÄLDAP²Ù×÷£¨Èçldap_search()¡¢ldap_add()¡¢ldap_modify()¡¢ldap_delet()¡¢ldap_first_entry()µÈ£©£»4¡¢¹Ø±ÕÁ¬½Óldap_unbind()£»£¨ÕâÑùÕû¸ö²Ù×÷¹ı³Ì¾Í½áÊøÁË£©Èı¡¢Ê¹ÓÃOpenLDAPAPIËùĞèµÄÍ·ÎļşºÍÁ¬½Ó¿â£º1¡¢Í·Îļş£¨È±Ê¡°²×°ÔÚ/usr/local/include£©£º#includelber.h#includeldap.h2¡¢Á¬½Ó¿â£¨È±Ê¡°²×°ÔÚ/usr/local/lib£©£ºlibldap.aliblber.a3¡¢Ä³Ğ©APIĞèÒª¶îÍâµÄÍ·Îļş£¬Èçsys/time.h£¬¾ßÌå²é¿´¸ÃAPIµÄmanpage(Èçmanldap_simple_bind_s)¡£ËÄ¡¢LDAPAPIÏêÊö£ºËµÃ÷£ºÒÔÏÂAPIÖĞ´ø_sºó׺µÄAPIÊÇͬ²½API£¬¼´µ÷Óúó»áÒÔ×èÈû·½Ê½ÔËĞĞ£»Ã»ÓĞsºó׺µÄÊÇÒì²½API£¬µ÷Óúó»áÁ¢¿Ì·µ»Ø£¬È»ºóÔÚÊʵ±µÄʱºòÓÃldap_result()È¡»Ø½áû¡£1¡¢ldap_open()´ò¿ªµ½LDAP·şÎñÆ÷µÄÁ¬½Ó£ºtypedefstructldap{/*...opaqueparameters...*/intld_deref;intld_timelimit;intld_sizelimit;intld_errno;char*ld_matched;char*ld_error;/*...opaqueparameters...*/}LDAP;LDAP*ldap_open(char*hostname,intportno);hostnameÊÇLDAP·şÎñÆ÷µÄµØÖ·£¬¿ÉÒÔÊÇIP»òÓòÃû£»portnoÊÇLDAP·şÎñÆ÷µÄ¶Ë¿ÚºÅ£¬È±Ê¡µÄ¶Ë¿ÚÊdz£Êı:LDAP_PORT£»·µ»ØÖµ£º³É¹¦·µ»ØÒ»¸östructLDAPÖ¸ÕëÊÇÒ»¸öÁ¬½Ó¾ä±úÓÃÓÚÒÔºóµÄ²Ù×÷£¬Ê§°Ü·µ»ØNULL¡£2¡¢ldap_bind()×åAPI»ñµÃ·ÃÎÊĿ¼µÄÈÏÖ¤£ºintldap_bind(LDAP*ld,char*dn,char*cred,intmethod);intldap_bind_s(LDAP*ld,char*dn,char*cred,intmethod);intldap_simple_bind(LDAP*ld,char*dn,char*passwd);intldap_simple_bind_s(LDAP*ld,char*dn,char*passwd);intldap_kerberos_bind(LDAP*ld,char*dn);intldap_kerberos_bind_s(LDAP*ld,char*dn);ldÊÇÁ¬½Ó¾ä±ú£»dnÊÇÒªÁ¬½ÓµÄEntryµÄDN¡£ËµÃ÷£º¸ÃEntry»á×÷ΪLDAPÅжÏÓÃld¾ä±úÊÇ·ñÓĞȨ½øĞвÙ×÷µÄÒÀ¾İ£¨¿ÉÒÔÓÃÕʺÅÈ¥Àí½â£¬Ò»°ãϵͳÔÚÅäÖÃʱ»áÉèÖÃÒ»¸örootdn¿É¿´×÷³¬¼¶Óû§Õʺţ©passwdÊǶÔÓ¦dnµÄÕʺÅÃÜÂë¡£methodÊÇÑéÖ¤·½·¨£ºLDAP_AUTH_SIMPLE,LDAP_AUTH_KRBV41,»òLDAP_AUTH_KRBV42Ò»°ãÓüòµ¥µÄ°ó¶¨¾Í¿ÉÒÔÁË£ºldap_simple_bind_s¡¢ldap_simple_bind3¡¢ldap_unbind()¹Ø±ÕÁ¬½Ó£ºintldap_unbind(LDAP*ld);ldÊÇÁ¬½Ó¾ä±ú4¡¢ldap_search()×åAPI²éѯLDAPĿ¼£ºintldap_search(LDAP*ld,char*base,intscope,char*filter,char*attrs[],intattrsonly);intldap_search_s(LDAP*ld,char*base,intscope,char*filter,char*attrs[],intattrsonly,LDAPMessage**res);intldap_search_st(LDAP*ld,char*base,intscope,char*filter,char*attrs[],intattrsonly,structtimeval*timeout,LDAPMessage**res);ĞèÒªÁ˽âµÄ½á¹¹£ºstructtimeval{longtv_sec;longtv_usec;};ldÁ¬½Ó¾ä±úbaseËÑË÷Æğʼ´¦ÄǸöEntryµÄDNscopeËÑË÷·¶Î§£º1.LDAP_SCOPE_BASE£ºÖ»ËÑË÷¸ÃbaseEntry2.LDAP_SCOPE_ONELEVEL£ºËÑË÷¸ÃbaseEntryµÄËùÓĞ×ÓEntry£¬µ«Ö»ÏŞÓÚ×ÓEntryµÄÄÇÒ»²ã3.LDAP_SCOPE_SUBTREE£ºËÑË÷¸ÃbaseEntryµÄÕû¸ö×ÓÊ÷£¨°üÀ¨baseEntry£©filterÊÇËÑË÷¹ıÂË´®£¬¾ßÌåµÄÃèÊöÔÚRFC1558£¬ÒÔÏÂÊǼòµ¥µÄBNFÃèÊö£ºfilter::='('filtercomp')'filtercomp::=and|or|not|simpleand::='&'filterlistor::='|'filterlistnot::='!'filterfilterlist::=filter|filterfilterlistsimple::=attributetypefiltertypeattributevaluefiltertype::='='|'~='|'='|'='˵Ã÷£ºfiltertypeÖеÄ~=ÊÇרÃÅÓÃÓÚ½üËÆÆ¥ÅäµÄattrsÊÇÖ¸³öËÑË÷½«Òª·µ»ØÄÄĞ©ÊôĞÔ£¬ËüÊÇÒÔNULL±êÖ¾½áÊøµÄ×Ö·ûÖ¸ÕëÊı×飬Èç:attrs={uid,sn,cn,NULL}¡£Èç¹û°ÑattrsÉè³ÉNULL±íʾ´«»ØËùÓеÄÊôĞÔ¡£attrsonlyÊÇÒ»¸ö²¼¶û