4 Copyright (C) Andrew Tridgell 2004
5 Copyright (C) Stefan Metzmacher 2004
6 Copyright (C) Simo Sorce 2005-2006
8 ** NOTE! The following LGPL license applies to the ldb
9 ** library. This does NOT imply that all of Samba is released
12 This library is free software; you can redistribute it and/or
13 modify it under the terms of the GNU Lesser General Public
14 License as published by the Free Software Foundation; either
15 version 3 of the License, or (at your option) any later version.
17 This library is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 Lesser General Public License for more details.
22 You should have received a copy of the GNU Lesser General Public
23 License along with this library; if not, see <http://www.gnu.org/licenses/>.
29 * Component: ldb header
31 * Description: defines for base ldb API
33 * Author: Andrew Tridgell
34 * Author: Stefan Metzmacher
38 \file ldb.h Samba's ldb database
40 This header file provides the main API for ldb.
45 /*! \cond DOXYGEN_IGNORE */
52 #include <ldb_version.h>
53 #include <ldb_errors.h>
56 major restrictions as compared to normal LDAP:
58 - each record must have a unique key field
59 - the key must be representable as a NULL terminated C string and may not
60 contain a comma or braces
62 major restrictions as compared to tdb:
64 - no explicit locking calls, but we have transactions when using ldb_tdb
72 An individual lump of data in a result comes in this format. The
73 pointer will usually be to a UTF-8 string if the application is
74 sensible, but it can be to anything you like, including binary data
75 blobs of arbitrary size.
77 \note the data is null (0x00) terminated, but the length does not
78 include the terminator.
81 uint8_t *data; /*!< result data */
82 size_t length; /*!< length of data */
86 /*! \cond DOXYGEN_IGNORE */
87 #ifndef PRINTF_ATTRIBUTE
88 #define PRINTF_ATTRIBUTE(a,b)
92 #if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 )
93 #define _DEPRECATED_ __attribute__ ((deprecated))
100 /* opaque ldb_dn structures, see ldb_dn.c for internals */
101 struct ldb_dn_component;
105 There are a number of flags that are used with ldap_modify() in
106 ldb_message_element.flags fields. The LDB_FLAG_MOD_ADD,
107 LDB_FLAG_MOD_DELETE and LDB_FLAG_MOD_REPLACE flags are used in
108 ldap_modify() calls to specify whether attributes are being added,
109 deleted or modified respectively.
111 #define LDB_FLAG_MOD_MASK 0x3
114 use this to extract the mod type from the operation
116 #define LDB_FLAG_MOD_TYPE(flags) ((flags) & LDB_FLAG_MOD_MASK)
119 Flag value used in ldap_modify() to indicate that attributes are
122 \sa LDB_FLAG_MOD_MASK
124 #define LDB_FLAG_MOD_ADD 1
127 Flag value used in ldap_modify() to indicate that attributes are
130 \sa LDB_FLAG_MOD_MASK
132 #define LDB_FLAG_MOD_REPLACE 2
135 Flag value used in ldap_modify() to indicate that attributes are
138 \sa LDB_FLAG_MOD_MASK
140 #define LDB_FLAG_MOD_DELETE 3
143 flag bits on an element usable only by the internal implementation
145 #define LDB_FLAG_INTERNAL_MASK 0xFFFFFFF0
148 OID for logic AND comaprison.
150 This is the well known object ID for a logical AND comparitor.
152 #define LDB_OID_COMPARATOR_AND "1.2.840.113556.1.4.803"
155 OID for logic OR comparison.
157 This is the well known object ID for a logical OR comparitor.
159 #define LDB_OID_COMPARATOR_OR "1.2.840.113556.1.4.804"
162 results are given back as arrays of ldb_message_element
164 struct ldb_message_element {
167 unsigned int num_values;
168 struct ldb_val *values;
173 a ldb_message represents all or part of a record. It can contain an arbitrary
178 unsigned int num_elements;
179 struct ldb_message_element *elements;
182 enum ldb_changetype {
183 LDB_CHANGETYPE_NONE=0,
185 LDB_CHANGETYPE_DELETE,
186 LDB_CHANGETYPE_MODIFY,
187 LDB_CHANGETYPE_MODRDN
193 This structure contains a LDIF record, as returned from ldif_read()
194 and equivalent functions.
197 enum ldb_changetype changetype; /*!< The type of change */
198 struct ldb_message *msg; /*!< The changes */
201 enum ldb_scope {LDB_SCOPE_DEFAULT=-1,
203 LDB_SCOPE_ONELEVEL=1,
204 LDB_SCOPE_SUBTREE=2};
207 struct tevent_context;
209 /* debugging uses one of the following levels */
210 enum ldb_debug_level {LDB_DEBUG_FATAL, LDB_DEBUG_ERROR,
211 LDB_DEBUG_WARNING, LDB_DEBUG_TRACE};
214 the user can optionally supply a debug function. The function
215 is based on the vfprintf() style of interface, but with the addition
218 struct ldb_debug_ops {
219 void (*debug)(void *context, enum ldb_debug_level level,
220 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
225 The user can optionally supply a custom utf8 functions,
226 to handle comparisons and casefolding.
228 struct ldb_utf8_fns {
230 char *(*casefold)(void *context, TALLOC_CTX *mem_ctx, const char *s, size_t n);
234 Flag value for database connection mode.
236 If LDB_FLG_RDONLY is used in ldb_connect, then the database will be
237 opened read-only, if possible.
239 #define LDB_FLG_RDONLY 1
242 Flag value for database connection mode.
244 If LDB_FLG_NOSYNC is used in ldb_connect, then the database will be
245 opened without synchronous operations, if possible.
247 #define LDB_FLG_NOSYNC 2
250 Flag value to specify autoreconnect mode.
252 If LDB_FLG_RECONNECT is used in ldb_connect, then the backend will
253 be opened in a way that makes it try to auto reconnect if the
254 connection is dropped (actually make sense only with ldap).
256 #define LDB_FLG_RECONNECT 4
259 Flag to tell backends not to use mmap
261 #define LDB_FLG_NOMMAP 8
264 Flag to tell ldif handlers not to force encoding of binary
267 #define LDB_FLG_SHOW_BINARY 16
270 Flags to enable ldb tracing
272 #define LDB_FLG_ENABLE_TRACING 32
275 Flags to tell LDB not to create a new database file:
277 Without this flag ldb_tdb (for example) will create a blank file
278 during an invocation of ldb_connect(), even when the caller only
279 wanted read operations, for example in ldbsearch.
281 #define LDB_FLG_DONT_CREATE_DB 64
284 structures for ldb_parse_tree handling code
286 enum ldb_parse_op { LDB_OP_AND=1, LDB_OP_OR=2, LDB_OP_NOT=3,
287 LDB_OP_EQUALITY=4, LDB_OP_SUBSTRING=5,
288 LDB_OP_GREATER=6, LDB_OP_LESS=7, LDB_OP_PRESENT=8,
289 LDB_OP_APPROX=9, LDB_OP_EXTENDED=10 };
291 struct ldb_parse_tree {
292 enum ldb_parse_op operation;
295 struct ldb_parse_tree *child;
299 struct ldb_val value;
303 int start_with_wildcard;
304 int end_with_wildcard;
305 struct ldb_val **chunks;
312 struct ldb_val value;
318 struct ldb_val value;
321 unsigned int num_elements;
322 struct ldb_parse_tree **elements;
327 struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s);
328 char *ldb_filter_from_tree(TALLOC_CTX *mem_ctx, const struct ldb_parse_tree *tree);
333 This function encodes a binary blob using the encoding rules in RFC
334 2254 (Section 4). This function also escapes any non-printable
337 \param mem_ctx the memory context to allocate the return string in.
338 \param val the (potentially) binary data to be encoded
340 \return the encoded data as a null terminated string
342 \sa <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>.
344 char *ldb_binary_encode(TALLOC_CTX *mem_ctx, struct ldb_val val);
349 This function encodes a string using the encoding rules in RFC 2254
350 (Section 4). This function also escapes any non-printable
353 \param mem_ctx the memory context to allocate the return string in.
354 \param string the string to be encoded
356 \return the encoded data as a null terminated string
358 \sa <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>.
360 char *ldb_binary_encode_string(TALLOC_CTX *mem_ctx, const char *string);
363 functions for controlling attribute handling
365 typedef int (*ldb_attr_handler_t)(struct ldb_context *, TALLOC_CTX *mem_ctx, const struct ldb_val *, struct ldb_val *);
366 typedef int (*ldb_attr_comparison_t)(struct ldb_context *, TALLOC_CTX *mem_ctx, const struct ldb_val *, const struct ldb_val *);
367 struct ldb_schema_attribute;
368 typedef int (*ldb_attr_operator_t)(struct ldb_context *, enum ldb_parse_op operation,
369 const struct ldb_schema_attribute *a,
370 const struct ldb_val *, const struct ldb_val *, bool *matched);
373 attribute handler structure
375 attr -> The attribute name
376 ldif_read_fn -> convert from ldif to binary format
377 ldif_write_fn -> convert from binary to ldif format
378 canonicalise_fn -> canonicalise a value, for use by indexing and dn construction
379 index_form_fn -> get lexicographically sorted format for index
380 comparison_fn -> compare two values
381 operator_fn -> override function for optimizing out unnecessary
382 calls to canonicalise_fn and comparison_fn
385 struct ldb_schema_syntax {
387 ldb_attr_handler_t ldif_read_fn;
388 ldb_attr_handler_t ldif_write_fn;
389 ldb_attr_handler_t canonicalise_fn;
390 ldb_attr_handler_t index_format_fn;
391 ldb_attr_comparison_t comparison_fn;
392 ldb_attr_operator_t operator_fn;
395 struct ldb_schema_attribute {
398 const struct ldb_schema_syntax *syntax;
401 const struct ldb_schema_attribute *ldb_schema_attribute_by_name(struct ldb_context *ldb,
404 struct ldb_dn_extended_syntax {
406 ldb_attr_handler_t read_fn;
407 ldb_attr_handler_t write_clear_fn;
408 ldb_attr_handler_t write_hex_fn;
411 const struct ldb_dn_extended_syntax *ldb_dn_extended_syntax_by_name(struct ldb_context *ldb,
415 The attribute is not returned by default
417 #define LDB_ATTR_FLAG_HIDDEN (1<<0)
419 /* the attribute handler name should be freed when released */
420 #define LDB_ATTR_FLAG_ALLOCATED (1<<1)
423 The attribute is supplied by the application and should not be removed
425 #define LDB_ATTR_FLAG_FIXED (1<<2)
428 when this is set, attempts to create two records which have the same
429 value for this attribute will return LDB_ERR_ENTRY_ALREADY_EXISTS
431 #define LDB_ATTR_FLAG_UNIQUE_INDEX (1<<3)
434 when this is set, attempts to create two attribute values for this attribute on a single DN will return LDB_ERR_CONSTRAINT_VIOLATION
436 #define LDB_ATTR_FLAG_SINGLE_VALUE (1<<4)
439 * The values should always be base64 encoded
441 #define LDB_ATTR_FLAG_FORCE_BASE64_LDIF (1<<5)
444 * The attribute was loaded from a DB, rather than via the C API
446 #define LDB_ATTR_FLAG_FROM_DB (1<<6)
449 * The attribute is indexed
451 #define LDB_ATTR_FLAG_INDEXED (1<<7)
454 LDAP attribute syntax for a DN
456 This is the well-known LDAP attribute syntax for a DN.
458 See <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>, Section 4.3.2
460 #define LDB_SYNTAX_DN "1.3.6.1.4.1.1466.115.121.1.12"
463 LDAP attribute syntax for a Directory String
465 This is the well-known LDAP attribute syntax for a Directory String.
467 \sa <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>, Section 4.3.2
469 #define LDB_SYNTAX_DIRECTORY_STRING "1.3.6.1.4.1.1466.115.121.1.15"
472 LDAP attribute syntax for an integer
474 This is the well-known LDAP attribute syntax for an integer.
476 See <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>, Section 4.3.2
478 #define LDB_SYNTAX_INTEGER "1.3.6.1.4.1.1466.115.121.1.27"
481 Custom attribute syntax for an integer whose index is lexicographically
482 ordered by attribute value in the database.
484 #define LDB_SYNTAX_ORDERED_INTEGER "LDB_SYNTAX_ORDERED_INTEGER"
487 LDAP attribute syntax for a boolean
489 This is the well-known LDAP attribute syntax for a boolean.
491 See <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>, Section 4.3.2
493 #define LDB_SYNTAX_BOOLEAN "1.3.6.1.4.1.1466.115.121.1.7"
496 LDAP attribute syntax for an octet string
498 This is the well-known LDAP attribute syntax for an octet string.
500 See <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>, Section 4.3.2
502 #define LDB_SYNTAX_OCTET_STRING "1.3.6.1.4.1.1466.115.121.1.40"
505 LDAP attribute syntax for UTC time.
507 This is the well-known LDAP attribute syntax for a UTC time.
509 See <a href="http://www.ietf.org/rfc/rfc2252.txt">RFC 2252</a>, Section 4.3.2
511 #define LDB_SYNTAX_UTC_TIME "1.3.6.1.4.1.1466.115.121.1.53"
512 #define LDB_SYNTAX_GENERALIZED_TIME "1.3.6.1.4.1.1466.115.121.1.24"
514 #define LDB_SYNTAX_OBJECTCLASS "LDB_SYNTAX_OBJECTCLASS"
516 /* sorting helpers */
517 typedef int (*ldb_qsort_cmp_fn_t) (void *v1, void *v2, void *opaque);
519 /* Individual controls */
522 OID for getting and manipulating attributes from the ldb
523 without interception in the operational module.
524 It can be used to access attribute that used to be stored in the sam
525 and that are now calculated.
527 #define LDB_CONTROL_BYPASS_OPERATIONAL_OID "1.3.6.1.4.1.7165.4.3.13"
528 #define LDB_CONTROL_BYPASS_OPERATIONAL_NAME "bypassoperational"
531 OID for recalculate RDN (rdn attribute and 'name') control. This control forces
532 the rdn_name module to the recalculate the rdn and name attributes as if the
533 object was just created.
535 #define LDB_CONTROL_RECALCULATE_RDN_OID "1.3.6.1.4.1.7165.4.3.30"
538 OID for recalculate SD control. This control force the
539 dsdb code to recalculate the SD of the object as if the
540 object was just created.
543 #define LDB_CONTROL_RECALCULATE_SD_OID "1.3.6.1.4.1.7165.4.3.5"
544 #define LDB_CONTROL_RECALCULATE_SD_NAME "recalculate_sd"
547 REVEAL_INTERNALS is used to reveal internal attributes and DN
548 components which are not normally shown to the user
550 #define LDB_CONTROL_REVEAL_INTERNALS "1.3.6.1.4.1.7165.4.3.6"
551 #define LDB_CONTROL_REVEAL_INTERNALS_NAME "reveal_internals"
554 LDB_CONTROL_AS_SYSTEM is used to skip access checks on operations
555 that are performed by the system, but with a user's credentials, e.g.
558 #define LDB_CONTROL_AS_SYSTEM_OID "1.3.6.1.4.1.7165.4.3.7"
561 LDB_CONTROL_PROVISION_OID is used to skip some constraint checks. It's is
562 mainly thought to be used for the provisioning.
564 #define LDB_CONTROL_PROVISION_OID "1.3.6.1.4.1.7165.4.3.16"
565 #define LDB_CONTROL_PROVISION_NAME "provision"
570 OID for the paged results control. This control is included in the
571 searchRequest and searchResultDone messages as part of the controls
572 field of the LDAPMessage, as defined in Section 4.1.12 of
575 \sa <a href="http://www.ietf.org/rfc/rfc2696.txt">RFC 2696</a>.
577 #define LDB_CONTROL_PAGED_RESULTS_OID "1.2.840.113556.1.4.319"
578 #define LDB_CONTROL_PAGED_RESULTS_NAME "paged_results"
581 OID for specifying the returned elements of the ntSecurityDescriptor
583 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_sd_flags_oid.asp">Microsoft documentation of this OID</a>
585 #define LDB_CONTROL_SD_FLAGS_OID "1.2.840.113556.1.4.801"
586 #define LDB_CONTROL_SD_FLAGS_NAME "sd_flags"
589 OID for specifying an advanced scope for the search (one partition)
591 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp">Microsoft documentation of this OID</a>
593 #define LDB_CONTROL_DOMAIN_SCOPE_OID "1.2.840.113556.1.4.1339"
594 #define LDB_CONTROL_DOMAIN_SCOPE_NAME "domain_scope"
597 OID for specifying an advanced scope for a search
599 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_search_options_oid.asp">Microsoft documentation of this OID</a>
601 #define LDB_CONTROL_SEARCH_OPTIONS_OID "1.2.840.113556.1.4.1340"
602 #define LDB_CONTROL_SEARCH_OPTIONS_NAME "search_options"
607 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_notification_oid.asp">Microsoft documentation of this OID</a>
609 #define LDB_CONTROL_NOTIFICATION_OID "1.2.840.113556.1.4.528"
610 #define LDB_CONTROL_NOTIFICATION_NAME "notification"
613 OID for performing subtree deletes
615 \sa <a href="http://msdn.microsoft.com/en-us/library/aa366991(v=VS.85).aspx">Microsoft documentation of this OID</a>
617 #define LDB_CONTROL_TREE_DELETE_OID "1.2.840.113556.1.4.805"
618 #define LDB_CONTROL_TREE_DELETE_NAME "tree_delete"
621 OID for getting deleted objects
623 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_show_deleted_oid.asp">Microsoft documentation of this OID</a>
625 #define LDB_CONTROL_SHOW_DELETED_OID "1.2.840.113556.1.4.417"
626 #define LDB_CONTROL_SHOW_DELETED_NAME "show_deleted"
629 OID for getting recycled objects
631 \sa <a href="http://msdn.microsoft.com/en-us/library/dd304621(PROT.13).aspx">Microsoft documentation of this OID</a>
633 #define LDB_CONTROL_SHOW_RECYCLED_OID "1.2.840.113556.1.4.2064"
634 #define LDB_CONTROL_SHOW_RECYCLED_NAME "show_recycled"
637 OID for getting deactivated linked attributes
639 \sa <a href="http://msdn.microsoft.com/en-us/library/dd302781(PROT.13).aspx">Microsoft documentation of this OID</a>
641 #define LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID "1.2.840.113556.1.4.2065"
642 #define LDB_CONTROL_SHOW_DEACTIVATED_LINK_NAME "show_deactivated_link"
647 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_extended_dn_oid.asp">Microsoft documentation of this OID</a>
649 #define LDB_CONTROL_EXTENDED_DN_OID "1.2.840.113556.1.4.529"
650 #define LDB_CONTROL_EXTENDED_DN_NAME "extended_dn"
653 OID for LDAP server sort result extension.
655 This control is included in the searchRequest message as part of
656 the controls field of the LDAPMessage, as defined in Section 4.1.12
657 of LDAP v3. The controlType is set to
658 "1.2.840.113556.1.4.473". The criticality MAY be either TRUE or
659 FALSE (where absent is also equivalent to FALSE) at the client's
662 \sa <a href="http://www.ietf.org/rfc/rfc2891.txt">RFC 2891</a>.
664 #define LDB_CONTROL_SERVER_SORT_OID "1.2.840.113556.1.4.473"
665 #define LDB_CONTROL_SERVER_SORT_NAME "server_sort"
668 OID for LDAP server sort result response extension.
670 This control is included in the searchResultDone message as part of
671 the controls field of the LDAPMessage, as defined in Section 4.1.12 of
674 \sa <a href="http://www.ietf.org/rfc/rfc2891.txt">RFC 2891</a>.
676 #define LDB_CONTROL_SORT_RESP_OID "1.2.840.113556.1.4.474"
677 #define LDB_CONTROL_SORT_RESP_NAME "server_sort_resp"
680 OID for LDAP Attribute Scoped Query extension.
682 This control is included in SearchRequest or SearchResponse
683 messages as part of the controls field of the LDAPMessage.
685 #define LDB_CONTROL_ASQ_OID "1.2.840.113556.1.4.1504"
686 #define LDB_CONTROL_ASQ_NAME "asq"
689 OID for LDAP Directory Sync extension.
691 This control is included in SearchRequest or SearchResponse
692 messages as part of the controls field of the LDAPMessage.
694 #define LDB_CONTROL_DIRSYNC_OID "1.2.840.113556.1.4.841"
695 #define LDB_CONTROL_DIRSYNC_NAME "dirsync"
696 #define LDB_CONTROL_DIRSYNC_EX_OID "1.2.840.113556.1.4.2090"
697 #define LDB_CONTROL_DIRSYNC_EX_NAME "dirsync_ex"
701 OID for LDAP Virtual List View Request extension.
703 This control is included in SearchRequest messages
704 as part of the controls field of the LDAPMessage.
706 #define LDB_CONTROL_VLV_REQ_OID "2.16.840.1.113730.3.4.9"
707 #define LDB_CONTROL_VLV_REQ_NAME "vlv"
710 OID for LDAP Virtual List View Response extension.
712 This control is included in SearchResponse messages
713 as part of the controls field of the LDAPMessage.
715 #define LDB_CONTROL_VLV_RESP_OID "2.16.840.1.113730.3.4.10"
716 #define LDB_CONTROL_VLV_RESP_NAME "vlv_resp"
719 OID to let modifies don't give an error when adding an existing
720 attribute with the same value or deleting an nonexisting one attribute
722 \sa <a href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_permissive_modify_oid.asp">Microsoft documentation of this OID</a>
724 #define LDB_CONTROL_PERMISSIVE_MODIFY_OID "1.2.840.113556.1.4.1413"
725 #define LDB_CONTROL_PERMISSIVE_MODIFY_NAME "permissive_modify"
728 OID to allow the server to be more 'fast and loose' with the data being added.
730 \sa <a href="http://msdn.microsoft.com/en-us/library/aa366982(v=VS.85).aspx">Microsoft documentation of this OID</a>
732 #define LDB_CONTROL_SERVER_LAZY_COMMIT "1.2.840.113556.1.4.619"
735 Control for RODC join -see [MS-ADTS] section 3.1.1.3.4.1.23
737 \sa <a href="">Microsoft documentation of this OID</a>
739 #define LDB_CONTROL_RODC_DCPROMO_OID "1.2.840.113556.1.4.1341"
740 #define LDB_CONTROL_RODC_DCPROMO_NAME "rodc_join"
742 /* Other standardised controls */
745 OID for the allowing client to request temporary relaxed
746 enforcement of constraints of the x.500 model.
748 Mainly used for the OpenLDAP backend.
750 \sa <a href="http://opends.dev.java.net/public/standards/draft-zeilenga-ldap-managedit.txt">draft managedit</a>.
752 #define LDB_CONTROL_RELAX_OID "1.3.6.1.4.1.4203.666.5.12"
753 #define LDB_CONTROL_RELAX_NAME "relax"
756 OID for the allowing some kind of relax check for attributes with DNs
759 \sa 3.1.1.3.4.1.16 in [MS-ADTS].pdf
761 #define LDB_CONTROL_VERIFY_NAME_OID "1.2.840.113556.1.4.1338"
762 #define LDB_CONTROL_VERIFY_NAME_NAME "verify_name"
764 /* Extended operations */
767 OID for LDAP Extended Operation SEQUENCE_NUMBER
769 This extended operation is used to retrieve the extended sequence number.
771 #define LDB_EXTENDED_SEQUENCE_NUMBER "1.3.6.1.4.1.7165.4.4.3"
774 OID for LDAP Extended Operation PASSWORD_CHANGE.
776 This Extended operation is used to allow user password changes by the user
779 #define LDB_EXTENDED_PASSWORD_CHANGE_OID "1.3.6.1.4.1.4203.1.11.1"
783 OID for LDAP Extended Operation FAST_BIND
785 This Extended operations is used to perform a fast bind.
787 #define LDB_EXTENDED_FAST_BIND_OID "1.2.840.113556.1.4.1781"
790 OID for LDAP Extended Operation START_TLS.
792 This Extended operation is used to start a new TLS channel on top of a clear
795 #define LDB_EXTENDED_START_TLS_OID "1.3.6.1.4.1.1466.20037"
798 OID for LDAP Extended Operation DYNAMIC_REFRESH.
800 This Extended operation is used to create and maintain objects which exist
801 only a specific time, e.g. when a certain client or a certain person is
802 logged in. Data refreshes have to be periodically sent in a specific
803 interval. Otherwise the entry is going to be removed.
805 #define LDB_EXTENDED_DYNAMIC_OID "1.3.6.1.4.1.1466.101.119.1"
807 struct ldb_sd_flags_control {
809 * request the owner 0x00000001
810 * request the group 0x00000002
811 * request the DACL 0x00000004
812 * request the SACL 0x00000008
814 unsigned secinfo_flags;
818 * DOMAIN_SCOPE 0x00000001
819 * this limits the search to one partition,
820 * and no referrals will be returned.
821 * (Note this doesn't limit the entries by there
822 * objectSid belonging to a domain! Builtin and Foreign Sids
823 * are still returned)
825 * PHANTOM_ROOT 0x00000002
826 * this search on the whole tree on a domain controller
827 * over multiple partitions without referrals.
828 * (This is the default behavior on the Global Catalog Port)
831 #define LDB_SEARCH_OPTION_DOMAIN_SCOPE 0x00000001
832 #define LDB_SEARCH_OPTION_PHANTOM_ROOT 0x00000002
834 struct ldb_search_options_control {
835 unsigned search_options;
838 struct ldb_paged_control {
844 struct ldb_extended_dn_control {
848 struct ldb_server_sort_control {
849 const char *attributeName;
850 const char *orderingRule;
854 struct ldb_sort_resp_control {
859 struct ldb_asq_control {
861 char *source_attribute;
866 struct ldb_dirsync_control {
873 struct ldb_vlv_req_control {
891 struct ldb_vlv_resp_control {
899 struct ldb_verify_name_control {
911 enum ldb_request_type {
918 LDB_REQ_REGISTER_CONTROL,
919 LDB_REQ_REGISTER_PARTITION
922 enum ldb_reply_type {
939 struct ldb_extended {
941 void *data; /* NULL or a valid talloc pointer! talloc_get_type() will be used on it */
944 enum ldb_sequence_type {
946 LDB_SEQ_HIGHEST_TIMESTAMP,
950 #define LDB_SEQ_GLOBAL_SEQUENCE 0x01
951 #define LDB_SEQ_TIMESTAMP_SEQUENCE 0x02
953 struct ldb_seqnum_request {
954 enum ldb_sequence_type type;
957 struct ldb_seqnum_result {
964 struct ldb_message **msgs;
965 struct ldb_extended *extended;
966 struct ldb_control **controls;
972 enum ldb_reply_type type;
973 struct ldb_message *message;
974 struct ldb_extended *response;
975 struct ldb_control **controls;
984 enum ldb_scope scope;
985 struct ldb_parse_tree *tree;
986 const char * const *attrs;
987 struct ldb_result *res;
991 const struct ldb_message *message;
995 const struct ldb_message *message;
1003 struct ldb_dn *olddn;
1004 struct ldb_dn *newdn;
1007 struct ldb_register_control {
1011 struct ldb_register_partition {
1015 typedef int (*ldb_request_callback_t)(struct ldb_request *, struct ldb_reply *);
1017 struct ldb_request {
1019 enum ldb_request_type operation;
1022 struct ldb_search search;
1024 struct ldb_modify mod;
1025 struct ldb_delete del;
1026 struct ldb_rename rename;
1027 struct ldb_extended extended;
1028 struct ldb_register_control reg_control;
1029 struct ldb_register_partition reg_partition;
1032 struct ldb_control **controls;
1035 ldb_request_callback_t callback;
1039 struct ldb_handle *handle;
1042 int ldb_request(struct ldb_context *ldb, struct ldb_request *request);
1043 int ldb_request_done(struct ldb_request *req, int status);
1044 bool ldb_request_is_done(struct ldb_request *req);
1046 int ldb_modules_wait(struct ldb_handle *handle);
1047 int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type);
1049 int ldb_set_timeout(struct ldb_context *ldb, struct ldb_request *req, int timeout);
1050 int ldb_set_timeout_from_prev_req(struct ldb_context *ldb, struct ldb_request *oldreq, struct ldb_request *newreq);
1051 void ldb_set_create_perms(struct ldb_context *ldb, unsigned int perms);
1052 void ldb_set_modules_dir(struct ldb_context *ldb, const char *path);
1053 struct tevent_context;
1054 void ldb_set_event_context(struct ldb_context *ldb, struct tevent_context *ev);
1055 struct tevent_context * ldb_get_event_context(struct ldb_context *ldb);
1058 Initialise ldbs' global information
1060 This is required before any other LDB call
1062 \return 0 if initialisation succeeded, -1 otherwise
1064 int ldb_global_init(void);
1067 Initialise an ldb context
1069 This is required before any other LDB call.
1071 \param mem_ctx pointer to a talloc memory context. Pass NULL if there is
1072 no suitable context available.
1074 \note The LDB modules will be loaded from directory specified by the environment
1075 variable LDB_MODULES_PATH. If the variable is not specified, the compiled-in default
1078 \return pointer to ldb_context that should be free'd (using talloc_free())
1079 at the end of the program.
1081 struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx);
1083 typedef void (*ldb_async_timeout_fn) (void *);
1084 typedef bool (*ldb_async_callback_fn) (void *);
1085 typedef int (*ldb_async_ctx_add_op_fn)(void *, time_t, void *, ldb_async_timeout_fn, ldb_async_callback_fn);
1086 typedef int (*ldb_async_ctx_wait_op_fn)(void *);
1088 void ldb_async_ctx_set_private_data(struct ldb_context *ldb,
1089 void *private_data);
1090 void ldb_async_ctx_set_add_op(struct ldb_context *ldb,
1091 ldb_async_ctx_add_op_fn add_op);
1092 void ldb_async_ctx_set_wait_op(struct ldb_context *ldb,
1093 ldb_async_ctx_wait_op_fn wait_op);
1096 Connect to a database.
1098 This is typically called soon after ldb_init(), and is required prior to
1099 any search or database modification operations.
1101 The URL can be one of the following forms:
1107 \param ldb the context associated with the database (from ldb_init())
1108 \param url the URL of the database to connect to, as noted above
1109 \param flags a combination of LDB_FLG_* to modify the connection behaviour
1110 \param options backend specific options - passed uninterpreted to the backend
1112 \return result code (LDB_SUCCESS on success, or a failure code)
1114 \note It is an error to connect to a database that does not exist in readonly mode
1115 (that is, with LDB_FLG_RDONLY). However in read-write mode, the database will be
1116 created if it does not exist.
1118 int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[]);
1121 return an automatic basedn from the rootDomainNamingContext of the rootDSE
1122 This value have been set in an opaque pointer at connection time
1124 struct ldb_dn *ldb_get_root_basedn(struct ldb_context *ldb);
1127 return an automatic basedn from the configurationNamingContext of the rootDSE
1128 This value have been set in an opaque pointer at connection time
1130 struct ldb_dn *ldb_get_config_basedn(struct ldb_context *ldb);
1133 return an automatic basedn from the schemaNamingContext of the rootDSE
1134 This value have been set in an opaque pointer at connection time
1136 struct ldb_dn *ldb_get_schema_basedn(struct ldb_context *ldb);
1139 return an automatic baseDN from the defaultNamingContext of the rootDSE
1140 This value have been set in an opaque pointer at connection time
1142 struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb);
1145 The default async search callback function
1147 \param req the request we are callback of
1148 \param ares a single reply from the async core
1150 \return result code (LDB_SUCCESS on success, or a failure code)
1152 \note this function expects req->context to always be an struct ldb_result pointer
1153 AND a talloc context, this function will steal on the context each message
1154 from the ares reply passed on by the async core so that in the end all the
1155 messages will be in the context (ldb_result) memory tree.
1156 Freeing the passed context (ldb_result tree) will free all the resources
1157 (the request need to be freed separately and the result doe not depend on the
1158 request that can be freed as sson as the search request is finished)
1161 int ldb_search_default_callback(struct ldb_request *req, struct ldb_reply *ares);
1164 The default async extended operation callback function
1166 \param req the request we are callback of
1167 \param ares a single reply from the async core
1169 \return result code (LDB_SUCCESS on success, or a failure code)
1171 int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares);
1173 int ldb_modify_default_callback(struct ldb_request *req, struct ldb_reply *ares);
1176 Helper function to build a search request
1178 \param ret_req the request structure is returned here (talloced on mem_ctx)
1179 \param ldb the context associated with the database (from ldb_init())
1180 \param mem_ctx a talloc memory context (used as parent of ret_req)
1181 \param base the Base Distinguished Name for the query (use ldb_dn_new() for an empty one)
1182 \param scope the search scope for the query
1183 \param expression the search expression to use for this query
1184 \param attrs the search attributes for the query (pass NULL if none required)
1185 \param controls an array of controls
1186 \param context the callback function context
1187 \param the callback function to handle the async replies
1188 \param the parent request if any
1190 \return result code (LDB_SUCCESS on success, or a failure code)
1193 int ldb_build_search_req(struct ldb_request **ret_req,
1194 struct ldb_context *ldb,
1195 TALLOC_CTX *mem_ctx,
1196 struct ldb_dn *base,
1197 enum ldb_scope scope,
1198 const char *expression,
1199 const char * const *attrs,
1200 struct ldb_control **controls,
1202 ldb_request_callback_t callback,
1203 struct ldb_request *parent);
1205 int ldb_build_search_req_ex(struct ldb_request **ret_req,
1206 struct ldb_context *ldb,
1207 TALLOC_CTX *mem_ctx,
1208 struct ldb_dn *base,
1209 enum ldb_scope scope,
1210 struct ldb_parse_tree *tree,
1211 const char * const *attrs,
1212 struct ldb_control **controls,
1214 ldb_request_callback_t callback,
1215 struct ldb_request *parent);
1218 Helper function to build an add request
1220 \param ret_req the request structure is returned here (talloced on mem_ctx)
1221 \param ldb the context associated with the database (from ldb_init())
1222 \param mem_ctx a talloc memory context (used as parent of ret_req)
1223 \param message contains the entry to be added
1224 \param controls an array of controls
1225 \param context the callback function context
1226 \param the callback function to handle the async replies
1227 \param the parent request if any
1229 \return result code (LDB_SUCCESS on success, or a failure code)
1232 int ldb_build_add_req(struct ldb_request **ret_req,
1233 struct ldb_context *ldb,
1234 TALLOC_CTX *mem_ctx,
1235 const struct ldb_message *message,
1236 struct ldb_control **controls,
1238 ldb_request_callback_t callback,
1239 struct ldb_request *parent);
1242 Helper function to build a modify request
1244 \param ret_req the request structure is returned here (talloced on mem_ctx)
1245 \param ldb the context associated with the database (from ldb_init())
1246 \param mem_ctx a talloc memory context (used as parent of ret_req)
1247 \param message contains the entry to be modified
1248 \param controls an array of controls
1249 \param context the callback function context
1250 \param the callback function to handle the async replies
1251 \param the parent request if any
1253 \return result code (LDB_SUCCESS on success, or a failure code)
1256 int ldb_build_mod_req(struct ldb_request **ret_req,
1257 struct ldb_context *ldb,
1258 TALLOC_CTX *mem_ctx,
1259 const struct ldb_message *message,
1260 struct ldb_control **controls,
1262 ldb_request_callback_t callback,
1263 struct ldb_request *parent);
1266 Helper function to build a delete request
1268 \param ret_req the request structure is returned here (talloced on mem_ctx)
1269 \param ldb the context associated with the database (from ldb_init())
1270 \param mem_ctx a talloc memory context (used as parent of ret_req)
1271 \param dn the DN to be deleted
1272 \param controls an array of controls
1273 \param context the callback function context
1274 \param the callback function to handle the async replies
1275 \param the parent request if any
1277 \return result code (LDB_SUCCESS on success, or a failure code)
1280 int ldb_build_del_req(struct ldb_request **ret_req,
1281 struct ldb_context *ldb,
1282 TALLOC_CTX *mem_ctx,
1284 struct ldb_control **controls,
1286 ldb_request_callback_t callback,
1287 struct ldb_request *parent);
1290 Helper function to build a rename request
1292 \param ret_req the request structure is returned here (talloced on mem_ctx)
1293 \param ldb the context associated with the database (from ldb_init())
1294 \param mem_ctx a talloc memory context (used as parent of ret_req)
1295 \param olddn the old DN
1296 \param newdn the new DN
1297 \param controls an array of controls
1298 \param context the callback function context
1299 \param the callback function to handle the async replies
1300 \param the parent request if any
1302 \return result code (LDB_SUCCESS on success, or a failure code)
1305 int ldb_build_rename_req(struct ldb_request **ret_req,
1306 struct ldb_context *ldb,
1307 TALLOC_CTX *mem_ctx,
1308 struct ldb_dn *olddn,
1309 struct ldb_dn *newdn,
1310 struct ldb_control **controls,
1312 ldb_request_callback_t callback,
1313 struct ldb_request *parent);
1316 Add a ldb_control to a ldb_request
1318 \param req the request struct where to add the control
1319 \param oid the object identifier of the control as string
1320 \param critical whether the control should be critical or not
1321 \param data a talloc pointer to the control specific data
1323 \return result code (LDB_SUCCESS on success, or a failure code)
1325 int ldb_request_add_control(struct ldb_request *req, const char *oid, bool critical, void *data);
1328 replace a ldb_control in a ldb_request
1330 \param req the request struct where to add the control
1331 \param oid the object identifier of the control as string
1332 \param critical whether the control should be critical or not
1333 \param data a talloc pointer to the control specific data
1335 \return result code (LDB_SUCCESS on success, or a failure code)
1337 int ldb_request_replace_control(struct ldb_request *req, const char *oid, bool critical, void *data);
1340 check if a control with the specified "oid" exist and return it
1341 \param req the request struct where to add the control
1342 \param oid the object identifier of the control as string
1344 \return the control, NULL if not found
1346 struct ldb_control *ldb_request_get_control(struct ldb_request *req, const char *oid);
1349 check if a control with the specified "oid" exist and return it
1350 \param rep the reply struct where to add the control
1351 \param oid the object identifier of the control as string
1353 \return the control, NULL if not found
1355 struct ldb_control *ldb_reply_get_control(struct ldb_reply *rep, const char *oid);
1360 This function searches the database, and returns
1361 records that match an LDAP-like search expression
1363 \param ldb the context associated with the database (from ldb_init())
1364 \param mem_ctx the memory context to use for the request and the results
1365 \param result the return result
1366 \param base the Base Distinguished Name for the query (use ldb_dn_new() for an empty one)
1367 \param scope the search scope for the query
1368 \param attrs the search attributes for the query (pass NULL if none required)
1369 \param exp_fmt the search expression to use for this query (printf like)
1371 \return result code (LDB_SUCCESS on success, or a failure code)
1373 \note use talloc_free() to free the ldb_result returned
1375 int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1376 struct ldb_result **result, struct ldb_dn *base,
1377 enum ldb_scope scope, const char * const *attrs,
1378 const char *exp_fmt, ...) PRINTF_ATTRIBUTE(7,8);
1381 Add a record to the database.
1383 This function adds a record to the database. This function will fail
1384 if a record with the specified class and key already exists in the
1387 \param ldb the context associated with the database (from
1389 \param message the message containing the record to add.
1391 \return result code (LDB_SUCCESS if the record was added, otherwise
1394 int ldb_add(struct ldb_context *ldb,
1395 const struct ldb_message *message);
1398 Modify the specified attributes of a record
1400 This function modifies a record that is in the database.
1402 \param ldb the context associated with the database (from
1404 \param message the message containing the changes required.
1406 \return result code (LDB_SUCCESS if the record was modified as
1407 requested, otherwise a failure code)
1409 int ldb_modify(struct ldb_context *ldb,
1410 const struct ldb_message *message);
1413 Rename a record in the database
1415 This function renames a record in the database.
1417 \param ldb the context associated with the database (from
1419 \param olddn the DN for the record to be renamed.
1420 \param newdn the new DN
1422 \return result code (LDB_SUCCESS if the record was renamed as
1423 requested, otherwise a failure code)
1425 int ldb_rename(struct ldb_context *ldb, struct ldb_dn *olddn, struct ldb_dn *newdn);
1428 Delete a record from the database
1430 This function deletes a record from the database.
1432 \param ldb the context associated with the database (from
1434 \param dn the DN for the record to be deleted.
1436 \return result code (LDB_SUCCESS if the record was deleted,
1437 otherwise a failure code)
1439 int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn);
1442 The default async extended operation callback function
1444 \param req the request we are callback of
1445 \param ares a single reply from the async core
1447 \return result code (LDB_SUCCESS on success, or a failure code)
1449 \note this function expects req->context to always be an struct ldb_result pointer
1450 AND a talloc context, this function will steal on the context each message
1451 from the ares reply passed on by the async core so that in the end all the
1452 messages will be in the context (ldb_result) memory tree.
1453 Freeing the passed context (ldb_result tree) will free all the resources
1454 (the request need to be freed separately and the result doe not depend on the
1455 request that can be freed as sson as the search request is finished)
1458 int ldb_extended_default_callback(struct ldb_request *req, struct ldb_reply *ares);
1462 Helper function to build a extended request
1464 \param ret_req the request structure is returned here (talloced on mem_ctx)
1465 \param ldb the context associated with the database (from ldb_init())
1466 \param mem_ctx a talloc memory context (used as parent of ret_req)
1467 \param oid the OID of the extended operation.
1468 \param data a void pointer a the extended operation specific parameters,
1469 it needs to be NULL or a valid talloc pointer! talloc_get_type() will be used on it
1470 \param controls an array of controls
1471 \param context the callback function context
1472 \param the callback function to handle the async replies
1473 \param the parent request if any
1475 \return result code (LDB_SUCCESS on success, or a failure code)
1477 int ldb_build_extended_req(struct ldb_request **ret_req,
1478 struct ldb_context *ldb,
1479 TALLOC_CTX *mem_ctx,
1481 void *data,/* NULL or a valid talloc pointer! talloc_get_type() will be used on it */
1482 struct ldb_control **controls,
1484 ldb_request_callback_t callback,
1485 struct ldb_request *parent);
1488 call an extended operation
1490 \param ldb the context associated with the database (from ldb_init())
1491 \param oid the OID of the extended operation.
1492 \param data a void pointer a the extended operation specific parameters,
1493 it needs to be NULL or a valid talloc pointer! talloc_get_type() will be used on it
1494 \param res the result of the extended operation
1496 \return result code (LDB_SUCCESS if the extended operation returned fine,
1497 otherwise a failure code)
1499 int ldb_extended(struct ldb_context *ldb,
1501 void *data,/* NULL or a valid talloc pointer! talloc_get_type() will be used on it */
1502 struct ldb_result **res);
1505 Obtain current/next database sequence number
1507 int ldb_sequence_number(struct ldb_context *ldb, enum ldb_sequence_type type, uint64_t *seq_num);
1512 int ldb_transaction_start(struct ldb_context *ldb);
1515 first phase of two phase commit
1517 int ldb_transaction_prepare_commit(struct ldb_context *ldb);
1520 commit a transaction
1522 int ldb_transaction_commit(struct ldb_context *ldb);
1525 cancel a transaction
1527 int ldb_transaction_cancel(struct ldb_context *ldb);
1530 cancel a transaction with no error if no transaction is pending
1531 used when we fork() to clear any parent transactions
1533 int ldb_transaction_cancel_noerr(struct ldb_context *ldb);
1537 return extended error information from the last call
1539 const char *ldb_errstring(struct ldb_context *ldb);
1542 return a string explaining what a ldb error constant meancs
1544 const char *ldb_strerror(int ldb_err);
1547 setup the default utf8 functions
1548 FIXME: these functions do not yet handle utf8
1550 void ldb_set_utf8_default(struct ldb_context *ldb);
1555 \param ldb the ldb context
1556 \param mem_ctx the memory context to allocate the result string
1558 \param s the string that is to be folded
1559 \return a copy of the string, converted to upper case
1561 \note The default function is not yet UTF8 aware. Provide your own
1562 set of functions through ldb_set_utf8_fns()
1564 char *ldb_casefold(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *s, size_t n);
1567 Check the attribute name is valid according to rfc2251
1568 \param s the string to check
1570 \return 1 if the name is ok
1572 int ldb_valid_attr_name(const char *s);
1575 ldif manipulation functions
1579 Write an LDIF message
1581 This function writes an LDIF message using a caller supplied write
1584 \param ldb the ldb context (from ldb_init())
1585 \param fprintf_fn a function pointer for the write function. This must take
1586 a private data pointer, followed by a format string, and then a variable argument
1588 \param private_data pointer that will be provided back to the write
1589 function. This is useful for maintaining state or context.
1590 \param ldif the message to write out
1592 \return the total number of bytes written, or an error code as returned
1593 from the write function.
1595 \sa ldb_ldif_write_file for a more convenient way to write to a
1598 \sa ldb_ldif_read for the reader equivalent to this function.
1600 int ldb_ldif_write(struct ldb_context *ldb,
1601 int (*fprintf_fn)(void *, const char *, ...) PRINTF_ATTRIBUTE(2,3),
1603 const struct ldb_ldif *ldif);
1606 Clean up an LDIF message
1608 This function cleans up a LDIF message read using ldb_ldif_read()
1609 or related functions (such as ldb_ldif_read_string() and
1610 ldb_ldif_read_file().
1612 \param ldb the ldb context (from ldb_init())
1613 \param msg the message to clean up and free
1616 void ldb_ldif_read_free(struct ldb_context *ldb, struct ldb_ldif *msg);
1619 Read an LDIF message
1621 This function creates an LDIF message using a caller supplied read
1624 \param ldb the ldb context (from ldb_init())
1625 \param fgetc_fn a function pointer for the read function. This must
1626 take a private data pointer, and must return a pointer to an
1627 integer corresponding to the next byte read (or EOF if there is no
1628 more data to be read).
1629 \param private_data pointer that will be provided back to the read
1630 function. This is udeful for maintaining state or context.
1632 \return the LDIF message that has been read in
1634 \note You must free the LDIF message when no longer required, using
1635 ldb_ldif_read_free().
1637 \sa ldb_ldif_read_file for a more convenient way to read from a
1640 \sa ldb_ldif_read_string for a more convenient way to read from a
1641 string (char array).
1643 \sa ldb_ldif_write for the writer equivalent to this function.
1645 struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb,
1646 int (*fgetc_fn)(void *), void *private_data);
1649 Read an LDIF message from a file
1651 This function reads the next LDIF message from the contents of a
1652 file stream. If you want to get all of the LDIF messages, you will
1653 need to repeatedly call this function, until it returns NULL.
1655 \param ldb the ldb context (from ldb_init())
1656 \param f the file stream to read from (typically from fdopen())
1658 \sa ldb_ldif_read_string for an equivalent function that will read
1659 from a string (char array).
1661 \sa ldb_ldif_write_file for the writer equivalent to this function.
1664 struct ldb_ldif *ldb_ldif_read_file(struct ldb_context *ldb, FILE *f);
1667 Read an LDIF message from a string
1669 This function reads the next LDIF message from the contents of a char
1670 array. If you want to get all of the LDIF messages, you will need
1671 to repeatedly call this function, until it returns NULL.
1673 \param ldb the ldb context (from ldb_init())
1674 \param s pointer to the char array to read from
1676 \sa ldb_ldif_read_file for an equivalent function that will read
1679 \sa ldb_ldif_write for a more general (arbitrary read function)
1680 version of this function.
1682 struct ldb_ldif *ldb_ldif_read_string(struct ldb_context *ldb, const char **s);
1685 Parse a modrdn LDIF message from a struct ldb_message
1687 \param ldb the ldb context (from ldb_init())
1688 \param ldif the preparsed LDIF chunk (from ldb_ldif_read())
1690 \param mem_ctx the memory context that's used for return values
1692 \param olddn the old dn as struct ldb_dn, if not needed pass NULL
1693 \param newrdn the new rdn as struct ldb_dn, if not needed pass NULL
1694 \param deleteoldrdn the deleteoldrdn value as bool, if not needed pass NULL
1695 \param newsuperior the newsuperior dn as struct ldb_dn, if not needed pass NULL
1696 *newsuperior can be NULL as it is optional in the LDIF
1697 \param newdn the full constructed new dn as struct ldb_dn, if not needed pass NULL
1700 int ldb_ldif_parse_modrdn(struct ldb_context *ldb,
1701 const struct ldb_ldif *ldif,
1702 TALLOC_CTX *mem_ctx,
1703 struct ldb_dn **olddn,
1704 struct ldb_dn **newrdn,
1706 struct ldb_dn **newsuperior,
1707 struct ldb_dn **newdn);
1710 Write an LDIF message to a file
1712 \param ldb the ldb context (from ldb_init())
1713 \param f the file stream to write to (typically from fdopen())
1714 \param msg the message to write out
1716 \return the total number of bytes written, or a negative error code
1718 \sa ldb_ldif_read_file for the reader equivalent to this function.
1720 int ldb_ldif_write_file(struct ldb_context *ldb, FILE *f, const struct ldb_ldif *msg);
1723 Write an LDIF message to a string
1725 \param ldb the ldb context (from ldb_init())
1726 \param mem_ctx the talloc context on which to attach the string)
1727 \param msg the message to write out
1729 \return the string containing the LDIF, or NULL on error
1731 \sa ldb_ldif_read_string for the reader equivalent to this function.
1733 char * ldb_ldif_write_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1734 const struct ldb_ldif *msg);
1738 Write an LDB message to a string
1740 \param ldb the ldb context (from ldb_init())
1741 \param mem_ctx the talloc context on which to attach the string)
1742 \param changetype LDB_CHANGETYPE_ADD or LDB_CHANGETYPE_MODIFY
1743 \param msg the message to write out
1745 \return the string containing the LDIF, or NULL on error
1747 \sa ldb_ldif_message_redacted_string for a safer version of this
1750 char *ldb_ldif_message_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
1751 enum ldb_changetype changetype,
1752 const struct ldb_message *msg);
1755 Write an LDB message to a string
1757 \param ldb the ldb context (from ldb_init())
1758 \param mem_ctx the talloc context on which to attach the string)
1759 \param changetype LDB_CHANGETYPE_ADD or LDB_CHANGETYPE_MODIFY
1760 \param msg the message to write out
1762 \return the string containing the LDIF, or NULL on error, but
1763 with secret attributes redacted
1765 \note The secret attributes are specified in a
1766 'const char * const *' within the LDB_SECRET_ATTRIBUTE_LIST
1767 opaque set on the ldb
1769 \sa ldb_ldif_message_string for an exact representiation of the
1772 char *ldb_ldif_message_redacted_string(struct ldb_context *ldb,
1773 TALLOC_CTX *mem_ctx,
1774 enum ldb_changetype changetype,
1775 const struct ldb_message *msg);
1779 Base64 encode a buffer
1781 \param mem_ctx the memory context that the result is allocated
1783 \param buf pointer to the array that is to be encoded
1784 \param len the number of elements in the array to be encoded
1786 \return pointer to an array containing the encoded data
1788 \note The caller is responsible for freeing the result
1790 char *ldb_base64_encode(TALLOC_CTX *mem_ctx, const char *buf, int len);
1793 Base64 decode a buffer
1795 This function decodes a base64 encoded string in place.
1797 \param s the string to decode.
1799 \return the length of the returned (decoded) string.
1801 \note the string is null terminated, but the null terminator is not
1802 included in the length.
1804 int ldb_base64_decode(char *s);
1806 /* The following definitions come from lib/ldb/common/ldb_dn.c */
1809 Get the linear form of a DN (without any extended components)
1811 \param dn The DN to linearize
1814 const char *ldb_dn_get_linearized(struct ldb_dn *dn);
1817 Allocate a copy of the linear form of a DN (without any extended components) onto the supplied memory context
1819 \param dn The DN to linearize
1820 \param mem_ctx TALLOC context to return result on
1823 char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
1826 Get the linear form of a DN (with any extended components)
1828 \param mem_ctx TALLOC context to return result on
1829 \param dn The DN to linearize
1830 \param mode Style of extended DN to return (0 is HEX representation of binary form, 1 is a string form)
1832 char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int mode);
1833 const struct ldb_val *ldb_dn_get_extended_component(struct ldb_dn *dn, const char *name);
1834 int ldb_dn_set_extended_component(struct ldb_dn *dn, const char *name, const struct ldb_val *val);
1835 void ldb_dn_extended_filter(struct ldb_dn *dn, const char * const *accept_list);
1836 void ldb_dn_remove_extended_components(struct ldb_dn *dn);
1837 bool ldb_dn_has_extended(struct ldb_dn *dn);
1839 int ldb_dn_extended_add_syntax(struct ldb_context *ldb,
1841 const struct ldb_dn_extended_syntax *syntax);
1844 Allocate a new DN from a string
1846 \param mem_ctx TALLOC context to return resulting ldb_dn structure on
1847 \param dn The new DN
1849 \note The DN will not be parsed at this time. Use ldb_dn_validate to tell if the DN is syntacticly correct
1852 struct ldb_dn *ldb_dn_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *dn);
1854 Allocate a new DN from a printf style format string and arguments
1856 \param mem_ctx TALLOC context to return resulting ldb_dn structure on
1857 \param new_fms The new DN as a format string (plus arguments)
1859 \note The DN will not be parsed at this time. Use ldb_dn_validate to tell if the DN is syntacticly correct
1862 struct ldb_dn *ldb_dn_new_fmt(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *new_fmt, ...) PRINTF_ATTRIBUTE(3,4);
1864 Allocate a new DN from a struct ldb_val (useful to avoid buffer overrun)
1866 \param mem_ctx TALLOC context to return resulting ldb_dn structure on
1867 \param dn The new DN
1869 \note The DN will not be parsed at this time. Use ldb_dn_validate to tell if the DN is syntacticly correct
1872 struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_val *strdn);
1875 Determine if this DN is syntactically valid
1877 \param dn The DN to validate
1880 bool ldb_dn_validate(struct ldb_dn *dn);
1882 char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value);
1883 const char *ldb_dn_get_casefold(struct ldb_dn *dn);
1884 char *ldb_dn_alloc_casefold(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
1886 int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn);
1887 int ldb_dn_compare(struct ldb_dn *edn0, struct ldb_dn *edn1);
1889 bool ldb_dn_add_base(struct ldb_dn *dn, struct ldb_dn *base);
1890 bool ldb_dn_add_base_fmt(struct ldb_dn *dn, const char *base_fmt, ...) PRINTF_ATTRIBUTE(2,3);
1891 bool ldb_dn_add_child(struct ldb_dn *dn, struct ldb_dn *child);
1892 bool ldb_dn_add_child_fmt(struct ldb_dn *dn, const char *child_fmt, ...) PRINTF_ATTRIBUTE(2,3);
1893 bool ldb_dn_remove_base_components(struct ldb_dn *dn, unsigned int num);
1894 bool ldb_dn_remove_child_components(struct ldb_dn *dn, unsigned int num);
1895 bool ldb_dn_add_child_val(struct ldb_dn *dn,
1897 struct ldb_val value);
1899 struct ldb_dn *ldb_dn_copy(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
1900 struct ldb_dn *ldb_dn_get_parent(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
1901 char *ldb_dn_canonical_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
1902 char *ldb_dn_canonical_ex_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn);
1903 int ldb_dn_get_comp_num(struct ldb_dn *dn);
1904 int ldb_dn_get_extended_comp_num(struct ldb_dn *dn);
1905 const char *ldb_dn_get_component_name(struct ldb_dn *dn, unsigned int num);
1906 const struct ldb_val *ldb_dn_get_component_val(struct ldb_dn *dn, unsigned int num);
1907 const char *ldb_dn_get_rdn_name(struct ldb_dn *dn);
1908 const struct ldb_val *ldb_dn_get_rdn_val(struct ldb_dn *dn);
1909 int ldb_dn_set_component(struct ldb_dn *dn, int num, const char *name, const struct ldb_val val);
1911 bool ldb_dn_is_valid(struct ldb_dn *dn);
1912 bool ldb_dn_is_special(struct ldb_dn *dn);
1913 bool ldb_dn_check_special(struct ldb_dn *dn, const char *check);
1914 bool ldb_dn_is_null(struct ldb_dn *dn);
1915 int ldb_dn_update_components(struct ldb_dn *dn, const struct ldb_dn *ref_dn);
1919 Compare two attributes
1921 This function compares to attribute names. Note that this is a
1922 case-insensitive comparison.
1924 \param a the first attribute name to compare
1925 \param b the second attribute name to compare
1927 \return 0 if the attribute names are the same, or only differ in
1928 case; non-zero if there are any differences
1930 attribute names are restricted by rfc2251 so using
1931 strcasecmp and toupper here is ok.
1934 #define ldb_attr_cmp(a, b) strcasecmp(a, b)
1935 char *ldb_attr_casefold(TALLOC_CTX *mem_ctx, const char *s);
1936 int ldb_attr_dn(const char *attr);
1939 Create an empty message
1941 \param mem_ctx the memory context to create in. You can pass NULL
1942 to get the top level context, however the ldb context (from
1943 ldb_init()) may be a better choice
1945 struct ldb_message *ldb_msg_new(TALLOC_CTX *mem_ctx);
1948 Find an element within an message
1950 struct ldb_message_element *ldb_msg_find_element(const struct ldb_message *msg,
1951 const char *attr_name);
1954 Compare two ldb_val values
1956 \param v1 first ldb_val structure to be tested
1957 \param v2 second ldb_val structure to be tested
1959 \return 1 for a match, 0 if there is any difference
1961 int ldb_val_equal_exact(const struct ldb_val *v1, const struct ldb_val *v2);
1964 find a value within an ldb_message_element
1966 \param el the element to search
1967 \param val the value to search for
1969 \note This search is case sensitive
1971 struct ldb_val *ldb_msg_find_val(const struct ldb_message_element *el,
1972 struct ldb_val *val);
1975 add a new empty element to a ldb_message
1977 int ldb_msg_add_empty(struct ldb_message *msg,
1978 const char *attr_name,
1980 struct ldb_message_element **return_el);
1983 add a element to a ldb_message
1985 int ldb_msg_add(struct ldb_message *msg,
1986 const struct ldb_message_element *el,
1988 int ldb_msg_add_value(struct ldb_message *msg,
1989 const char *attr_name,
1990 const struct ldb_val *val,
1991 struct ldb_message_element **return_el);
1992 int ldb_msg_add_steal_value(struct ldb_message *msg,
1993 const char *attr_name,
1994 struct ldb_val *val);
1995 int ldb_msg_add_steal_string(struct ldb_message *msg,
1996 const char *attr_name, char *str);
1997 int ldb_msg_add_string(struct ldb_message *msg,
1998 const char *attr_name, const char *str);
1999 int ldb_msg_add_linearized_dn(struct ldb_message *msg, const char *attr_name,
2001 int ldb_msg_add_fmt(struct ldb_message *msg,
2002 const char *attr_name, const char *fmt, ...) PRINTF_ATTRIBUTE(3,4);
2005 compare two message elements - return 0 on match
2007 int ldb_msg_element_compare(struct ldb_message_element *el1,
2008 struct ldb_message_element *el2);
2009 int ldb_msg_element_compare_name(struct ldb_message_element *el1,
2010 struct ldb_message_element *el2);
2013 Find elements in a message.
2015 This function finds elements and converts to a specific type, with
2016 a give default value if not found. Assumes that elements are
2019 const struct ldb_val *ldb_msg_find_ldb_val(const struct ldb_message *msg, const char *attr_name);
2020 int ldb_msg_find_attr_as_int(const struct ldb_message *msg,
2021 const char *attr_name,
2023 unsigned int ldb_msg_find_attr_as_uint(const struct ldb_message *msg,
2024 const char *attr_name,
2025 unsigned int default_value);
2026 int64_t ldb_msg_find_attr_as_int64(const struct ldb_message *msg,
2027 const char *attr_name,
2028 int64_t default_value);
2029 uint64_t ldb_msg_find_attr_as_uint64(const struct ldb_message *msg,
2030 const char *attr_name,
2031 uint64_t default_value);
2032 double ldb_msg_find_attr_as_double(const struct ldb_message *msg,
2033 const char *attr_name,
2034 double default_value);
2035 int ldb_msg_find_attr_as_bool(const struct ldb_message *msg,
2036 const char *attr_name,
2038 const char *ldb_msg_find_attr_as_string(const struct ldb_message *msg,
2039 const char *attr_name,
2040 const char *default_value);
2042 struct ldb_dn *ldb_msg_find_attr_as_dn(struct ldb_context *ldb,
2043 TALLOC_CTX *mem_ctx,
2044 const struct ldb_message *msg,
2045 const char *attr_name);
2047 void ldb_msg_sort_elements(struct ldb_message *msg);
2049 struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
2050 const struct ldb_message *msg);
2051 struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
2052 const struct ldb_message *msg);
2055 * ldb_msg_canonicalize() is now depreciated
2056 * Please use ldb_msg_normalize() instead
2058 * NOTE: Returned ldb_message object is allocated
2059 * into *ldb's context. Callers are recommended
2060 * to steal the returned object into a TALLOC_CTX
2061 * with short lifetime.
2063 struct ldb_message *ldb_msg_canonicalize(struct ldb_context *ldb,
2064 const struct ldb_message *msg) _DEPRECATED_;
2066 int ldb_msg_normalize(struct ldb_context *ldb,
2067 TALLOC_CTX *mem_ctx,
2068 const struct ldb_message *msg,
2069 struct ldb_message **_msg_out);
2073 * ldb_msg_diff() is now depreciated
2074 * Please use ldb_msg_difference() instead
2076 * NOTE: Returned ldb_message object is allocated
2077 * into *ldb's context. Callers are recommended
2078 * to steal the returned object into a TALLOC_CTX
2079 * with short lifetime.
2081 struct ldb_message *ldb_msg_diff(struct ldb_context *ldb,
2082 struct ldb_message *msg1,
2083 struct ldb_message *msg2) _DEPRECATED_;
2086 * return a ldb_message representing the differences between msg1 and msg2.
2087 * If you then use this in a ldb_modify() call,
2088 * it can be used to save edits to a message
2090 * Result message is constructed as follows:
2091 * - LDB_FLAG_MOD_ADD - elements found only in msg2
2092 * - LDB_FLAG_MOD_REPLACE - elements in msg2 that have
2093 * different value in msg1
2094 * Value for msg2 element is used
2095 * - LDB_FLAG_MOD_DELETE - elements found only in msg2
2097 * @return LDB_SUCCESS or LDB_ERR_OPERATIONS_ERROR
2099 int ldb_msg_difference(struct ldb_context *ldb,
2100 TALLOC_CTX *mem_ctx,
2101 struct ldb_message *msg1,
2102 struct ldb_message *msg2,
2103 struct ldb_message **_msg_out);
2106 Tries to find a certain string attribute in a message
2108 \param msg the message to check
2109 \param name attribute name
2110 \param value attribute value
2112 \return 1 on match and 0 otherwise.
2114 int ldb_msg_check_string_attribute(const struct ldb_message *msg,
2119 Integrity check an ldb_message
2121 This function performs basic sanity / integrity checks on an
2124 \param ldb context in which to perform the checks
2125 \param msg the message to check
2127 \return LDB_SUCCESS if the message is OK, or a non-zero error code
2128 (one of LDB_ERR_INVALID_DN_SYNTAX, LDB_ERR_ENTRY_ALREADY_EXISTS or
2129 LDB_ERR_INVALID_ATTRIBUTE_SYNTAX) if there is a problem with a
2132 int ldb_msg_sanity_check(struct ldb_context *ldb,
2133 const struct ldb_message *msg);
2136 Duplicate an ldb_val structure
2138 This function copies an ldb value structure.
2140 \param mem_ctx the memory context that the duplicated value will be
2142 \param v the ldb_val to be duplicated.
2144 \return the duplicated ldb_val structure.
2146 struct ldb_val ldb_val_dup(TALLOC_CTX *mem_ctx, const struct ldb_val *v);
2149 this allows the user to set a debug function for error reporting
2151 int ldb_set_debug(struct ldb_context *ldb,
2152 void (*debug)(void *context, enum ldb_debug_level level,
2153 const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0),
2157 this allows the user to set custom utf8 function for error reporting
2159 void ldb_set_utf8_fns(struct ldb_context *ldb,
2161 char *(*casefold)(void *, void *, const char *, size_t n));
2164 this sets up debug to print messages on stderr
2166 int ldb_set_debug_stderr(struct ldb_context *ldb);
2168 /* control backend specific opaque values */
2169 int ldb_set_opaque(struct ldb_context *ldb, const char *name, void *value);
2170 void *ldb_get_opaque(struct ldb_context *ldb, const char *name);
2172 const char **ldb_attr_list_copy(TALLOC_CTX *mem_ctx, const char * const *attrs);
2173 const char **ldb_attr_list_copy_add(TALLOC_CTX *mem_ctx, const char * const *attrs, const char *new_attr);
2174 int ldb_attr_in_list(const char * const *attrs, const char *attr);
2176 int ldb_msg_rename_attr(struct ldb_message *msg, const char *attr, const char *replace);
2177 int ldb_msg_copy_attr(struct ldb_message *msg, const char *attr, const char *replace);
2178 void ldb_msg_remove_attr(struct ldb_message *msg, const char *attr);
2179 void ldb_msg_remove_element(struct ldb_message *msg, struct ldb_message_element *el);
2182 void ldb_parse_tree_attr_replace(struct ldb_parse_tree *tree,
2184 const char *replace);
2187 shallow copy a tree - copying only the elements array so that the caller
2188 can safely add new elements without changing the message
2190 struct ldb_parse_tree *ldb_parse_tree_copy_shallow(TALLOC_CTX *mem_ctx,
2191 const struct ldb_parse_tree *ot);
2194 Convert a time structure to a string
2196 This function converts a time_t structure to an LDAP formatted
2197 GeneralizedTime string.
2199 \param mem_ctx the memory context to allocate the return string in
2200 \param t the time structure to convert
2202 \return the formatted string, or NULL if the time structure could
2205 char *ldb_timestring(TALLOC_CTX *mem_ctx, time_t t);
2208 Convert a string to a time structure
2210 This function converts an LDAP formatted GeneralizedTime string
2211 to a time_t structure.
2213 \param s the string to convert
2215 \return the time structure, or 0 if the string cannot be converted
2217 time_t ldb_string_to_time(const char *s);
2220 convert a LDAP GeneralizedTime string in ldb_val format to a
2223 int ldb_val_to_time(const struct ldb_val *v, time_t *t);
2226 Convert a time structure to a string
2228 This function converts a time_t structure to an LDAP formatted
2231 \param mem_ctx the memory context to allocate the return string in
2232 \param t the time structure to convert
2234 \return the formatted string, or NULL if the time structure could
2237 char *ldb_timestring_utc(TALLOC_CTX *mem_ctx, time_t t);
2240 Convert a string to a time structure
2242 This function converts an LDAP formatted UTCTime string
2243 to a time_t structure.
2245 \param s the string to convert
2247 \return the time structure, or 0 if the string cannot be converted
2249 time_t ldb_string_utc_to_time(const char *s);
2252 void ldb_qsort (void *const pbase, size_t total_elems, size_t size, void *opaque, ldb_qsort_cmp_fn_t cmp);
2254 #ifndef discard_const
2255 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
2259 a wrapper around ldb_qsort() that ensures the comparison function is
2260 type safe. This will produce a compilation warning if the types
2263 #define LDB_TYPESAFE_QSORT(base, numel, opaque, comparison) \
2266 ldb_qsort(base, numel, sizeof((base)[0]), discard_const(opaque), (ldb_qsort_cmp_fn_t)comparison); \
2267 comparison(&((base)[0]), &((base)[1]), opaque); \
2271 /* allow ldb to also call TYPESAFE_QSORT() */
2272 #ifndef TYPESAFE_QSORT
2273 #define TYPESAFE_QSORT(base, numel, comparison) \
2276 qsort(base, numel, sizeof((base)[0]), (int (*)(const void *, const void *))comparison); \
2277 comparison(&((base)[0]), &((base)[1])); \
2285 Convert a control into its string representation.
2287 \param mem_ctx TALLOC context to return result on, and to allocate error_string on
2288 \param control A struct ldb_control to convert
2290 \return string representation of the control
2292 char* ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *control);
2294 Convert a string representing a control into a ldb_control structure
2296 \param ldb LDB context
2297 \param mem_ctx TALLOC context to return result on, and to allocate error_string on
2298 \param control_strings A string-formatted control
2300 \return a ldb_control element
2302 struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *control_strings);
2304 Convert an array of string represention of a control into an array of ldb_control structures
2306 \param ldb LDB context
2307 \param mem_ctx TALLOC context to return result on, and to allocate error_string on
2308 \param control_strings Array of string-formatted controls
2310 \return array of ldb_control elements
2312 struct ldb_control **ldb_parse_control_strings(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char **control_strings);
2315 return the ldb flags
2317 unsigned int ldb_get_flags(struct ldb_context *ldb);
2319 /* set the ldb flags */
2320 void ldb_set_flags(struct ldb_context *ldb, unsigned flags);
2323 struct ldb_dn *ldb_dn_binary_from_ldb_val(TALLOC_CTX *mem_ctx,
2324 struct ldb_context *ldb,
2325 const struct ldb_val *strdn);
2327 int ldb_dn_get_binary(struct ldb_dn *dn, struct ldb_val *val);
2328 int ldb_dn_set_binary(struct ldb_dn *dn, struct ldb_val *val);
2330 /* debugging functions for ldb requests */
2331 void ldb_req_set_location(struct ldb_request *req, const char *location);
2332 const char *ldb_req_location(struct ldb_request *req);
2334 /* set the location marker on a request handle - used for debugging */
2335 #define LDB_REQ_SET_LOCATION(req) ldb_req_set_location(req, __location__)
2338 minimise a DN. The caller must pass in a validated DN.
2340 If the DN has an extended component then only the first extended
2341 component is kept, the DN string is stripped.
2343 The existing dn is modified
2345 bool ldb_dn_minimise(struct ldb_dn *dn);
2348 compare a ldb_val to a string
2350 int ldb_val_string_cmp(const struct ldb_val *v, const char *str);