Mercurial > hg > xemacs-beta
annotate man/lispref/ldap.texi @ 5940:c608d4b0b75e cygwin64 tip
rescue lost branch from 64bit.backup
| author | Henry Thompson <ht@markup.co.uk> |
|---|---|
| date | Thu, 16 Dec 2021 18:48:58 +0000 |
| parents | 9fae6227ede5 |
| children |
| rev | line source |
|---|---|
| 428 | 1 @c -*-texinfo-*- |
| 2 @c This is part of the XEmacs Lisp Reference Manual. | |
| 444 | 3 @c Copyright (C) 1998 Free Software Foundation, Inc. |
| 428 | 4 @c See the file lispref.texi for copying conditions. |
| 5 @setfilename ../../info/ldap.info | |
|
5791
9fae6227ede5
Silence texinfo 5.2 warnings, primarily by adding next, prev, and up
Jerry James <james@xemacs.org>
parents:
3979
diff
changeset
|
6 @node LDAP Support, PostgreSQL Support, ToolTalk Support, Top |
| 428 | 7 @chapter LDAP Support |
| 8 @cindex LDAP | |
| 9 | |
| 10 XEmacs can be linked with a LDAP client library to provide Elisp primitives | |
| 11 to access directory servers using the Lightweight Directory Access Protocol. | |
| 12 | |
| 13 @menu | |
| 14 * Building XEmacs with LDAP support:: How to add LDAP support to XEmacs | |
| 15 * XEmacs LDAP API:: Lisp access to LDAP functions | |
| 16 * Syntax of Search Filters:: A brief summary of RFC 1558 | |
| 17 @end menu | |
| 18 | |
| 19 @node Building XEmacs with LDAP support, XEmacs LDAP API, LDAP Support, LDAP Support | |
| 20 @comment node-name, next, previous, up | |
| 21 @section Building XEmacs with LDAP support | |
| 22 | |
| 23 LDAP support must be added to XEmacs at build time since it requires | |
| 24 linking to an external LDAP client library. As of 21.2, XEmacs has been | |
| 25 successfully built and tested with | |
| 26 | |
| 27 @itemize @bullet | |
| 442 | 28 @item OpenLDAP 1.2 (@url{http://www.openldap.org/}) |
| 428 | 29 @item University of Michigan's LDAP 3.3 (@url{http://www.umich.edu/~dirsvcs/ldap/}) |
| 30 @item LDAP SDK 1.0 from Netscape Corp. (@url{http://developer.netscape.com/}) | |
| 31 @end itemize | |
| 32 | |
| 33 Other libraries conforming to RFC 1823 will probably work also but may | |
| 34 require some minor tweaking at C level. | |
| 35 | |
| 442 | 36 The standard XEmacs configure script auto-detects an installed LDAP |
| 428 | 37 library provided the library itself and the corresponding header files |
| 38 can be found in the library and include paths. A successful detection | |
| 39 will be signalled in the final output of the configure script. | |
| 40 | |
| 41 | |
| 42 | |
| 43 @node XEmacs LDAP API, Syntax of Search Filters, Building XEmacs with LDAP support, LDAP Support | |
| 44 @comment node-name, next, previous, up | |
| 45 @section XEmacs LDAP API | |
| 46 | |
| 47 XEmacs LDAP API consists of two layers: a low-level layer which tries | |
| 48 to stay as close as possible to the C API (where practical) and a | |
| 49 higher-level layer which provides more convenient primitives to | |
| 50 effectively use LDAP. | |
| 51 | |
| 442 | 52 The low-level API should be used directly for very specific purposes |
| 53 (such as multiple operations on a connection) only. The higher-level | |
| 54 functions provide a more convenient way to access LDAP directories | |
| 55 hiding the subtleties of handling the connection, translating arguments | |
| 56 and ensuring compliance with LDAP internationalization rules and formats | |
| 57 (currently partly implemented only). | |
| 428 | 58 |
| 59 @menu | |
| 60 * LDAP Variables:: Lisp variables related to LDAP | |
| 444 | 61 * The High-Level LDAP API:: High-level LDAP lisp functions |
| 428 | 62 * The Low-Level LDAP API:: Low-level LDAP lisp primitives |
| 442 | 63 * LDAP Internationalization:: I18n variables and functions |
| 428 | 64 @end menu |
| 65 | |
| 66 | |
| 67 @node LDAP Variables, The High-Level LDAP API, XEmacs LDAP API, XEmacs LDAP API | |
| 68 @comment node-name, next, previous, up | |
| 69 @subsection LDAP Variables | |
| 70 | |
| 71 @defvar ldap-default-host | |
| 72 The default LDAP server hostname. | |
| 444 | 73 A TCP port number can be appended to that name using a colon as |
| 428 | 74 a separator. |
| 75 @end defvar | |
| 76 | |
| 77 @defvar ldap-default-port | |
| 78 Default TCP port for LDAP connections. | |
| 79 Initialized from the LDAP library. Default value is 389. | |
| 80 @end defvar | |
| 81 | |
| 82 @defvar ldap-default-base | |
| 83 Default base for LDAP searches. | |
| 84 This is a string using the syntax of RFC 1779. | |
| 442 | 85 For instance, "o=ACME, c=US" limits the search to the |
| 428 | 86 Acme organization in the United States. |
| 87 @end defvar | |
| 88 | |
| 89 @defvar ldap-host-parameters-alist | |
| 444 | 90 An alist of per host options for LDAP transactions. |
| 428 | 91 The list elements look like @code{(HOST PROP1 VAL1 PROP2 VAL2 ...)} |
| 92 @var{host} is the name of an LDAP server. A TCP port number can be | |
| 93 appended to that name using a colon as a separator. | |
| 94 @var{propn} and @var{valn} are | |
| 95 property/value pairs describing parameters for the server. Valid | |
| 96 properties: | |
| 97 @table @code | |
| 98 @item binddn | |
| 99 The distinguished name of the user to bind as. This may look like | |
| 442 | 100 @samp{cn=Babs Jensen,o=ACME,c=US}, see RFC 1779 for details. |
| 428 | 101 @item passwd |
| 102 The password to use for authentication. | |
| 103 @item auth | |
| 104 The authentication method to use, possible values depend on the LDAP | |
| 105 library XEmacs was compiled with, they may include @code{simple}, | |
| 106 @code{krbv41} and @code{krbv42}. | |
| 107 @item base | |
| 3979 | 108 The base for the search. This may look like @samp{o=ACME, c=US}, see |
| 428 | 109 RFC 1779 for syntax details. |
| 110 @item scope | |
| 444 | 111 One of the symbols @code{base}, @code{onelevel} or @code{subtree} |
| 428 | 112 indicating the scope of the search limited to a base |
| 444 | 113 object, to a single level or to the whole subtree. |
| 428 | 114 @item deref |
| 115 The dereference policy is one of the symbols @code{never}, | |
| 116 @code{always}, @code{search} or @code{find} and defines how aliases are | |
| 117 dereferenced. | |
| 118 @table @code | |
| 119 @item never | |
| 120 Aliases are never dereferenced | |
| 121 @item always | |
| 122 Aliases are always dereferenced | |
| 123 @item search | |
| 124 Aliases are dereferenced when searching | |
| 125 @item find | |
| 126 Aliases are dereferenced when locating the base object for the search | |
| 127 @end table | |
| 128 @item timelimit | |
| 129 The timeout limit for the connection in seconds. | |
| 130 @item sizelimit | |
| 131 The maximum number of matches to return for searches performed on this connection. | |
| 132 @end table | |
| 133 @end defvar | |
| 134 | |
| 442 | 135 @defvar ldap-verbose |
| 136 If non-@code{nil}, LDAP operations will echo progress messages. Defaults to @code{nil}. | |
| 137 @end defvar | |
| 428 | 138 |
| 139 | |
| 140 @node The High-Level LDAP API, The Low-Level LDAP API, LDAP Variables, XEmacs LDAP API | |
| 141 @comment node-name, next, previous, up | |
| 142 @subsection The High-Level LDAP API | |
| 143 | |
| 442 | 144 The following functions provide the most convenient interface to perform |
| 145 LDAP operations. All of them open a connection to a host, perform an | |
| 146 operation (add/search/modify/delete) on one or several entries and | |
| 147 cleanly close the connection thus insulating the user from all the | |
| 148 details of the low-level interface such as LDAP Lisp objects @pxref{The | |
| 444 | 149 Low-Level LDAP API}. |
| 428 | 150 |
| 442 | 151 Note that @code{ldap-search} which used to be the name of the high-level |
| 444 | 152 search function in XEmacs 21.1 is now obsolete. For consistency in the |
| 442 | 153 naming as well as backward compatibility, that function now acts as a |
| 154 wrapper that calls either @code{ldap-search-basic} (low-level search | |
| 155 function) or @code{ldap-search-entries} (high-level search function) | |
| 156 according to the actual parameters. A direct call to one of these two | |
| 157 functions is preferred since it is faster and unambiguous. | |
| 428 | 158 |
| 444 | 159 @deffn Command ldap-search-entries filter &optional host attributes attrsonly withdn |
| 428 | 160 Perform an LDAP search. |
| 161 @var{filter} is the search filter @pxref{Syntax of Search Filters} | |
| 442 | 162 @var{host} is the LDAP host on which to perform the search. |
| 444 | 163 @var{attributes} is the specific attributes to retrieve, @code{nil} means |
| 442 | 164 retrieve all. |
| 444 | 165 @var{attrsonly} if non-@code{nil} retrieves the attributes only without |
| 428 | 166 their associated values. |
| 442 | 167 If @var{withdn} is non-@code{nil} each entry in the result will be prepended with |
| 168 its distinguished name DN. | |
| 444 | 169 Additional search parameters can be specified through |
| 428 | 170 @code{ldap-host-parameters-alist}. |
| 442 | 171 The function returns a list of matching entries. Each entry is itself |
| 172 an alist of attribute/value pairs optionally preceded by the DN of the | |
| 173 entry according to the value of @var{withdn}. | |
| 444 | 174 @end deffn |
| 442 | 175 |
| 176 @defun ldap-add-entries entries &optional host binddn passwd | |
| 177 Add entries to an LDAP directory. @var{entries} is a list of entry | |
| 444 | 178 specifications of the form @code{(DN (ATTR . VALUE) (ATTR . VALUE) ...)} |
| 442 | 179 where @var{dn} the distinguished name of an entry to add, the following |
| 444 | 180 are cons cells containing attribute/value string pairs. |
| 181 @var{host} is the LDAP host, defaulting to @code{ldap-default-host}. | |
| 182 @var{binddn} is the DN to bind as to the server. | |
| 183 @var{passwd} is the corresponding password. | |
| 428 | 184 @end defun |
| 185 | |
| 442 | 186 @defun ldap-modify-entries entry-mods &optional host binddn passwd |
| 187 Modify entries of an LDAP directory. | |
| 444 | 188 @var{entry_mods} is a list of entry modifications of the form |
| 189 @code{(DN MOD-SPEC1 MOD-SPEC2 ...)} where @var{dn} is the distinguished name of | |
| 190 the entry to modify, the following are modification specifications. | |
| 191 A modification specification is itself a list of the form | |
| 192 @code{(MOD-OP ATTR VALUE1 VALUE2 ...)} @var{mod-op} and @var{attr} are mandatory, | |
| 442 | 193 @var{values} are optional depending on @var{mod-op}. |
| 194 @var{mod-op} is the type of modification, one of the symbols @code{add}, @code{delete} | |
| 195 or @code{replace}. @var{attr} is the LDAP attribute type to modify. | |
| 444 | 196 @var{host} is the LDAP host, defaulting to @code{ldap-default-host}. |
| 197 @var{binddn} is the DN to bind as to the server. | |
| 198 @var{passwd} is the corresponding password. | |
| 442 | 199 @end defun |
| 200 | |
| 201 @defun ldap-delete-entries dn &optional host binddn passwd | |
| 202 Delete an entry from an LDAP directory. | |
| 444 | 203 @var{dn} is the distinguished name of an entry to delete or |
| 442 | 204 a list of those. |
| 444 | 205 @var{host} is the LDAP host, defaulting to @code{ldap-default-host}. |
| 206 @var{binddn} is the DN to bind as to the server. | |
| 442 | 207 @var{passwd} is the corresponding password. |
| 208 @end defun | |
| 209 | |
| 210 | |
| 211 @node The Low-Level LDAP API, LDAP Internationalization, The High-Level LDAP API, XEmacs LDAP API | |
| 428 | 212 @comment node-name, next, previous, up |
| 213 @subsection The Low-Level LDAP API | |
| 214 | |
| 442 | 215 The low-level API should be used directly for very specific purposes |
| 216 (such as multiple operations on a connection) only. The higher-level | |
| 217 functions provide a more convenient way to access LDAP directories | |
| 218 hiding the subtleties of handling the connection, translating arguments | |
| 219 and ensuring compliance with LDAP internationalization rules and formats | |
| 220 (currently partly implemented only). See @pxref{The High-Level LDAP API} | |
| 221 | |
| 222 Note that the former functions @code{ldap-*-internal} functions have been | |
| 223 renamed in XEmacs 21.2 | |
| 224 | |
| 428 | 225 @menu |
| 444 | 226 * The LDAP Lisp Object:: |
| 227 * Opening and Closing a LDAP Connection:: | |
| 228 * Low-level Operations on a LDAP Server:: | |
| 428 | 229 @end menu |
| 230 | |
| 231 @node The LDAP Lisp Object, Opening and Closing a LDAP Connection, The Low-Level LDAP API, The Low-Level LDAP API | |
| 232 @comment node-name, next, previous, up | |
| 233 @subsubsection The LDAP Lisp Object | |
| 234 | |
| 235 An internal built-in @code{ldap} lisp object represents a LDAP | |
| 236 connection. | |
| 237 | |
| 238 @defun ldapp object | |
| 239 This function returns non-@code{nil} if @var{object} is a @code{ldap} object. | |
| 240 @end defun | |
| 241 | |
| 242 @defun ldap-host ldap | |
| 444 | 243 Return the server host of the connection represented by @var{ldap}. |
| 428 | 244 @end defun |
| 245 | |
| 246 @defun ldap-live-p ldap | |
| 444 | 247 Return non-@code{nil} if @var{ldap} is an active LDAP connection. |
| 428 | 248 @end defun |
| 249 | |
| 250 | |
| 442 | 251 @node Opening and Closing a LDAP Connection, Low-level Operations on a LDAP Server, The LDAP Lisp Object, The Low-Level LDAP API |
| 428 | 252 @comment node-name, next, previous, up |
| 253 @subsubsection Opening and Closing a LDAP Connection | |
| 254 | |
| 255 @defun ldap-open host &optional plist | |
| 256 Open a LDAP connection to @var{host}. | |
| 257 @var{plist} is a property list containing additional parameters for the connection. | |
| 258 Valid keys in that list are: | |
| 259 @table @code | |
| 260 @item port | |
| 261 The TCP port to use for the connection if different from | |
| 262 @code{ldap-default-port} or the library builtin value | |
| 263 @item auth | |
| 264 The authentication method to use, possible values depend on the LDAP | |
| 265 library XEmacs was compiled with, they may include @code{simple}, | |
| 266 @code{krbv41} and @code{krbv42}. | |
| 267 @item binddn | |
| 268 The distinguished name of the user to bind as. This may look like | |
| 442 | 269 @samp{c=com, o=Acme, cn=Babs Jensen}, see RFC 1779 for details. |
| 428 | 270 @item passwd |
| 271 The password to use for authentication. | |
| 272 @item deref | |
| 273 The dereference policy is one of the symbols @code{never}, | |
| 274 @code{always}, @code{search} or @code{find} and defines how aliases are | |
| 275 dereferenced. | |
| 276 @table @code | |
| 277 @item never | |
| 444 | 278 Aliases are never dereferenced. |
| 428 | 279 @item always |
| 444 | 280 Aliases are always dereferenced. |
| 428 | 281 @item search |
| 444 | 282 Aliases are dereferenced when searching. |
| 428 | 283 @item find |
| 444 | 284 Aliases are dereferenced when locating the base object for the search. |
| 428 | 285 @end table |
| 286 The default is @code{never}. | |
| 287 @item timelimit | |
| 288 The timeout limit for the connection in seconds. | |
| 289 @item sizelimit | |
| 290 The maximum number of matches to return for searches performed on this connection. | |
| 291 @end table | |
| 292 @end defun | |
| 293 | |
| 294 @defun ldap-close ldap | |
| 444 | 295 Close the connection represented by @var{ldap}. |
| 428 | 296 @end defun |
| 297 | |
| 298 | |
| 442 | 299 @node Low-level Operations on a LDAP Server, , Opening and Closing a LDAP Connection, The Low-Level LDAP API |
| 428 | 300 @comment node-name, next, previous, up |
| 442 | 301 @subsubsection Low-level Operations on a LDAP Server |
| 428 | 302 |
| 442 | 303 @code{ldap-search-basic} is the low-level primitive to perform a |
| 428 | 304 search on a LDAP server. It works directly on an open LDAP connection |
| 305 thus requiring a preliminary call to @code{ldap-open}. Multiple | |
| 306 searches can be made on the same connection, then the session must be | |
| 307 closed with @code{ldap-close}. | |
| 308 | |
| 444 | 309 @defun ldap-search-basic ldap filter &optional base scope attrs attrsonly withdn verbose |
| 428 | 310 Perform a search on an open connection @var{ldap} created with @code{ldap-open}. |
| 311 @var{filter} is a filter string for the search @pxref{Syntax of Search Filters} | |
| 312 @var{base} is the distinguished name at which to start the search. | |
| 313 @var{scope} is one of the symbols @code{base}, @code{onelevel} or | |
| 314 @code{subtree} indicating the scope of the search limited to a base | |
| 315 object, to a single level or to the whole subtree. The default is | |
| 316 @code{subtree}. | |
| 444 | 317 @var{attrs} is a list of strings indicating which attributes to retrieve |
| 428 | 318 for each matching entry. If @code{nil} all available attributes are returned. |
| 444 | 319 If @var{attrsonly} is non-@code{nil} then only the attributes are |
| 320 retrieved, not their associated values. | |
| 321 If @var{withdn} is non-@code{nil} then each entry in the result is | |
| 322 prepended with its distinguished name DN. | |
| 323 If @var{verbose} is non-@code{nil} then progress messages are echoed | |
| 442 | 324 The function returns a list of matching entries. Each entry is itself |
| 325 an alist of attribute/value pairs optionally preceded by the DN of the | |
| 444 | 326 entry according to the value of @var{withdn}. |
| 442 | 327 @end defun |
| 328 | |
| 329 @defun ldap-add ldap dn entry | |
| 330 Add @var{entry} to a LDAP directory which a connection @var{ldap} has | |
| 331 been opened to with @code{ldap-open}. | |
| 332 @var{dn} is the distinguished name of the entry to add. | |
| 333 @var{entry} is an entry specification, i.e., a list of cons cells | |
| 334 containing attribute/value string pairs. | |
| 335 @end defun | |
| 336 | |
| 337 @defun ldap-modify ldap dn mods | |
| 338 Modify an entry in an LDAP directory. | |
| 339 @var{ldap} is an LDAP connection object created with @code{ldap-open}. | |
| 340 @var{dn} is the distinguished name of the entry to modify. | |
| 341 @var{mods} is a list of modifications to apply. | |
| 342 A modification is a list of the form @code{(MOD-OP ATTR VALUE1 VALUE2 ...)} | |
| 343 @var{mod-op} and @var{attr} are mandatory, @var{values} are optional depending on @var{mod-op}. | |
| 344 @var{mod-op} is the type of modification, one of the symbols @code{add}, @code{delete} | |
| 444 | 345 or @code{replace}. @var{attr} is the LDAP attribute type to modify. |
| 442 | 346 @end defun |
| 347 | |
| 348 @defun ldap-delete ldap dn | |
| 349 Delete an entry to an LDAP directory. | |
| 350 @var{ldap} is an LDAP connection object created with @code{ldap-open}. | |
| 444 | 351 @var{dn} is the distinguished name of the entry to delete. |
| 428 | 352 @end defun |
| 353 | |
| 354 | |
| 355 | |
| 442 | 356 @node LDAP Internationalization, , The Low-Level LDAP API, XEmacs LDAP API |
| 357 @comment node-name, next, previous, up | |
| 358 @subsection LDAP Internationalization | |
| 359 | |
| 360 The XEmacs LDAP API provides basic internationalization features based | |
| 361 on the LDAP v3 specification (essentially RFC2252 on "LDAP v3 Attribute | |
| 362 Syntax Definitions"). Unfortunately since there is currently no free | |
| 363 LDAP v3 server software, this part has not received much testing and | |
| 364 should be considered experimental. The framework is in place though. | |
| 365 | |
| 366 @defun ldap-decode-attribute attr | |
| 367 Decode the attribute/value pair @var{attr} according to LDAP rules. | |
| 368 The attribute name is looked up in @code{ldap-attribute-syntaxes-alist} | |
| 369 and the corresponding decoder is then retrieved from | |
| 370 @code{ldap-attribute-syntax-decoders}' and applied on the value(s). | |
| 371 @end defun | |
| 372 | |
| 373 @menu | |
| 444 | 374 * LDAP Internationalization Variables:: |
| 375 * Encoder/Decoder Functions:: | |
| 442 | 376 @end menu |
| 377 | |
| 378 @node LDAP Internationalization Variables, Encoder/Decoder Functions, LDAP Internationalization, LDAP Internationalization | |
| 379 @comment node-name, next, previous, up | |
| 380 @subsubsection LDAP Internationalization Variables | |
| 381 | |
| 382 @defvar ldap-ignore-attribute-codings | |
| 383 If non-@code{nil}, no encoding/decoding will be performed LDAP attribute values | |
| 384 @end defvar | |
| 385 | |
| 386 @defvar ldap-coding-system | |
| 387 Coding system of LDAP string values. | |
| 444 | 388 LDAP v3 specifies the coding system of strings to be UTF-8. |
| 442 | 389 You need an XEmacs with Mule support for this. |
| 390 @end defvar | |
| 391 | |
| 392 @defvar ldap-default-attribute-decoder | |
| 393 Decoder function to use for attributes whose syntax is unknown. Such a | |
| 394 function receives an encoded attribute value as a string and should | |
| 444 | 395 return the decoded value as a string. |
| 442 | 396 @end defvar |
| 397 | |
| 398 @defvar ldap-attribute-syntax-encoders | |
| 399 A vector of functions used to encode LDAP attribute values. | |
| 400 The sequence of functions corresponds to the sequence of LDAP attribute syntax | |
| 444 | 401 object identifiers of the form 1.3.6.1.4.1.1466.1115.121.1.* as defined in |
| 442 | 402 RFC2252 section 4.3.2. As of this writing, only a few encoder functions |
| 403 are available. | |
| 404 @end defvar | |
| 405 | |
| 406 @defvar ldap-attribute-syntax-decoders | |
| 407 A vector of functions used to decode LDAP attribute values. | |
| 408 The sequence of functions corresponds to the sequence of LDAP attribute syntax | |
| 444 | 409 object identifiers of the form 1.3.6.1.4.1.1466.1115.121.1.* as defined in |
| 442 | 410 RFC2252 section 4.3.2. As of this writing, only a few decoder functions |
| 411 are available. | |
| 412 @end defvar | |
| 413 | |
| 414 @defvar ldap-attribute-syntaxes-alist | |
| 415 A map of LDAP attribute names to their type object id minor number. | |
| 444 | 416 This table is built from RFC2252 Section 5 and RFC2256 Section 5. |
| 442 | 417 @end defvar |
| 418 | |
| 419 @node Encoder/Decoder Functions, , LDAP Internationalization Variables, LDAP Internationalization | |
| 420 @comment node-name, next, previous, up | |
| 421 @subsubsection Encoder/Decoder Functions | |
| 422 | |
| 423 @defun ldap-encode-boolean bool | |
| 424 A function that encodes an elisp boolean @var{bool} into a LDAP | |
| 444 | 425 boolean string representation. |
| 442 | 426 @end defun |
| 427 | |
| 428 @defun ldap-decode-boolean str | |
| 429 A function that decodes a LDAP boolean string representation | |
| 444 | 430 @var{str} into an elisp boolean. |
| 442 | 431 @end defun |
| 432 | |
| 433 @defun ldap-decode-string str | |
| 1738 | 434 Decode a string @var{str} according to @code{ldap-coding-system}. |
| 442 | 435 @end defun |
| 436 | |
| 437 @defun ldap-encode-string str | |
| 1738 | 438 Encode a string @var{str} according to @code{ldap-coding-system}. |
| 442 | 439 @end defun |
| 440 | |
| 441 @defun ldap-decode-address str | |
| 1738 | 442 Decode an address @var{str} according to @code{ldap-coding-system} and |
| 442 | 443 replacing $ signs with newlines as specified by LDAP encoding rules for |
| 444 | 444 addresses. |
| 442 | 445 @end defun |
| 446 | |
| 447 @defun ldap-encode-address str | |
| 1738 | 448 Encode an address @var{str} according to @code{ldap-coding-system} and |
| 442 | 449 replacing newlines with $ signs as specified by LDAP encoding rules for |
| 444 | 450 addresses. |
| 442 | 451 @end defun |
| 452 | |
| 428 | 453 |
| 454 | |
| 455 @node Syntax of Search Filters, , XEmacs LDAP API, LDAP Support | |
| 456 @comment node-name, next, previous, up | |
| 457 @section Syntax of Search Filters | |
| 458 | |
| 459 LDAP search functions use RFC1558 syntax to describe the search filter. | |
| 460 In that syntax simple filters have the form: | |
| 461 | |
| 462 @example | |
| 463 (<attr> <filtertype> <value>) | |
| 464 @end example | |
| 465 | |
| 466 @code{<attr>} is an attribute name such as @code{cn} for Common Name, | |
| 467 @code{o} for Organization, etc... | |
| 468 | |
| 469 @code{<value>} is the corresponding value. This is generally an exact | |
| 470 string but may also contain @code{*} characters as wildcards | |
| 471 | |
| 444 | 472 @code{filtertype} is one @code{=} @code{~=}, @code{<=}, @code{>=} which |
| 428 | 473 respectively describe equality, approximate equality, inferiority and |
| 444 | 474 superiority. |
| 428 | 475 |
| 476 Thus @code{(cn=John Smith)} matches all records having a canonical name | |
| 477 equal to John Smith. | |
| 478 | |
| 479 A special case is the presence filter @code{(<attr>=*} which matches | |
| 480 records containing a particular attribute. For instance @code{(mail=*)} | |
| 481 matches all records containing a @code{mail} attribute. | |
| 482 | |
| 483 Simple filters can be connected together with the logical operators | |
| 484 @code{&}, @code{|} and @code{!} which stand for the usual and, or and | |
| 485 not operators. | |
| 486 | |
| 487 @code{(&(objectClass=Person)(mail=*)(|(sn=Smith)(givenname=John)))} | |
| 488 matches records of class @code{Person} containing a @code{mail} | |
| 444 | 489 attribute and corresponding to people whose last name is @code{Smith} or |
| 428 | 490 whose first name is @code{John}. |