Compare text

Find the difference between two text files

Real-time diff

Unified diff

Collapse lines

Highlight change

Syntax highlighting

Tools

Untitled diff

Created 7 years agoDiff never expires

/* $OpenLDAP$ */

/* This work is part of OpenLDAP Software <http://www.openldap.org/>.

* The contents of this file are subject to the Netscape Public

* License Version 1.1 (the "License"); you may not use this file

* except in compliance with the License. You may obtain a copy of

* the License at http://www.mozilla.org/NPL/

* Software distributed under the License is distributed on an "AS

* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or

* implied. See the License for the specific language governing

* rights and limitations under the License.

* Redistribution and use in source and binary forms, with or without

* The Original Code is Mozilla Communicator client code, released

* modification, are permitted only as authorized by the OpenLDAP

* March 31, 1998.

* Public License.

* A copy of this license is available in file LICENSE in the

* The Initial Developer of the Original Code is Netscape

* top-level directory of the distribution or, alternatively, at

* Communications Corporation. Portions created by Netscape are

* <http://www.OpenLDAP.org/license.html>.

* Rights Reserved.

* Redistribution and use in source and binary forms are permitted

* Contributor(s):

* provided that this notice is preserved and that due credit is given

* to the University of Michigan at Ann Arbor. The name of the University

* may not be used to endorse or promote products derived from this

* software without specific prior written permission. This software

* is provided ``as is'' without express or implied warranty.

#ifndef _LDAP_H

#define _LDAP_H

/* pull in lber */

#ifdef __cplusplus

#include <lber.h>

extern "C" {

#endif

/* include version and API feature defines */

#ifndef _SOLARIS_SDK

#include <ldap_features.h>

#define _SOLARIS_SDK

#endif

LDAP_BEGIN_DECL

#ifndef LDAP_TYPE_TIMEVAL_DEFINED

#include <sys/time.h>

#endif

#ifndef LDAP_TYPE_SOCKET_DEFINED /* API extension */

#include <sys/types.h>

#include <sys/socket.h>

#endif

#define LDAP_VERSION1 1

#include <lber.h>

#define LDAP_VERSION2 2

#define LDAP_VERSION3 3

#define LDAP_VERSION_MIN LDAP_VERSION2

#define LDAP_PORT 389

#define LDAP_VERSION LDAP_VERSION2

#define LDAPS_PORT 636

#define LDAP_VERSION_MAX LDAP_VERSION3

#define LDAP_PORT_MAX 65535 /* API extension */

#define LDAP_VERSION1 1 /* API extension */

#define LDAP_VERSION2 2

#define LDAP_VERSION3 3

#define LDAP_VERSION LDAP_VERSION2 /* API extension */

#define LDAP_VERSION_MIN LDAP_VERSION3

#define LDAP_VERSION_MAX LDAP_VERSION3

#define LDAP_VENDOR_VERSION 500 /* version # * 100 */

#define LDAP_VENDOR_NAME "Sun Microsystems Inc."

* We use 3000+n here because it is above 1823 (for RFC 1823),

* The following will be an RFC number once the LDAP C API Internet Draft

* above 2000+rev of IETF LDAPEXT draft (now quite dated),

* is published as a Proposed Standard RFC. For now we use 2000 + the

* yet below allocations for new RFCs (just in case there is

* draft revision number (currently 5) since we are close to compliance

* someday an RFC produced).

* with revision 5 of the draft.

#define LDAP_API_VERSION 3001

#define LDAP_API_VERSION 2005

#define LDAP_VENDOR_NAME "OpenLDAP"

/* OpenLDAP API Features */

#define LDAP_API_FEATURE_X_OPENLDAP LDAP_VENDOR_VERSION

* C LDAP features we support that are not (yet) part of the LDAP C API

* Internet Draft. Use the ldap_get_option() call with an option value of

* LDAP_OPT_API_FEATURE_INFO to retrieve information about a feature.

* Note that this list is incomplete; it includes only the most widely

* used extensions. Also, the version is 1 for all of these for now.

#define LDAP_API_FEATURE_SERVER_SIDE_SORT 1

#define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 1

#define LDAP_API_FEATURE_PERSISTENT_SEARCH 1

#define LDAP_API_FEATURE_PROXY_AUTHORIZATION 1

#define LDAP_API_FEATURE_X_LDERRNO 1

#define LDAP_API_FEATURE_X_MEMCACHE 1

#define LDAP_API_FEATURE_X_IO_FUNCTIONS 1

#define LDAP_API_FEATURE_X_EXTIO_FUNCTIONS 1

#define LDAP_API_FEATURE_X_DNS_FUNCTIONS 1

#define LDAP_API_FEATURE_X_MEMALLOC_FUNCTIONS 1

#define LDAP_API_FEATURE_X_THREAD_FUNCTIONS 1

#define LDAP_API_FEATURE_X_EXTHREAD_FUNCTIONS 1

#define LDAP_API_FEATURE_X_GETLANGVALUES 1

#define LDAP_API_FEATURE_X_CLIENT_SIDE_SORT 1

#define LDAP_API_FEATURE_X_URL_FUNCTIONS 1

#define LDAP_API_FEATURE_X_FILTER_FUNCTIONS 1

#if defined( LDAP_API_FEATURE_X_OPENLDAP_REENTRANT ) || \

#define LDAP_ROOT_DSE "" /* API extension */

( defined( LDAP_THREAD_SAFE ) && \

#define LDAP_NO_ATTRS "1.1"

defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )

#define LDAP_ALL_USER_ATTRS "*"

/* -lldap may or may not be thread safe */

/* -lldap_r, if available, is always thread safe */

# define LDAP_API_FEATURE_THREAD_SAFE 1

# define LDAP_API_FEATURE_SESSION_THREAD_SAFE 1

# define LDAP_API_FEATURE_OPERATION_THREAD_SAFE 1

#endif

#if defined( LDAP_THREAD_SAFE ) && \

defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )

/* #define LDAP_API_FEATURE_SESSION_SAFE 1 */

/* #define LDAP_API_OPERATION_SESSION_SAFE 1 */

#endif

#define LDAP_PORT 389 /* ldap:/// default LDAP port */

#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */

#define LDAP_ROOT_DSE ""

#define LDAP_NO_ATTRS "1.1"

#define LDAP_ALL_USER_ATTRIBUTES "*"

#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* RFC 3673 */

/* RFC 4511: maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- */

#define LDAP_MAXINT (2147483647)

* LDAP_OPTions

* Standard options (used with ldap_set_option() and ldap_get_option):

* 0x0000 - 0x0fff reserved for api options

* 0x1000 - 0x3fff reserved for api extended options

* 0x4000 - 0x7fff reserved for private and experimental options

#define LDAP_OPT_API_INFO 0x00 /* 0 */

#define LDAP_OPT_API_INFO 0x0000

#define LDAP_OPT_DESC 0x01 /* 1 */

#define LDAP_OPT_DESC 0x0001 /* historic */

#define LDAP_OPT_DEREF 0x02 /* 2 */

#define LDAP_OPT_DEREF 0x0002

#define LDAP_OPT_SIZELIMIT 0x03 /* 3 */

#define LDAP_OPT_SIZELIMIT 0x0003

#define LDAP_OPT_TIMELIMIT 0x04 /* 4 */

#define LDAP_OPT_TIMELIMIT 0x0004

#define LDAP_OPT_REFERRALS 0x08 /* 8 */

/* 0x05 - 0x07 not defined */

#define LDAP_OPT_RESTART 0x09 /* 9 */

#define LDAP_OPT_REFERRALS 0x0008

#define LDAP_OPT_PROTOCOL_VERSION 0x11 /* 17 */

#define LDAP_OPT_RESTART 0x0009

#define LDAP_OPT_SERVER_CONTROLS 0x12 /* 18 */

/* 0x0a - 0x10 not defined */

#define LDAP_OPT_CLIENT_CONTROLS 0x13 /* 19 */

#define LDAP_OPT_PROTOCOL_VERSION 0x0011

#define LDAP_OPT_API_FEATURE_INFO 0x15 /* 21 */

#define LDAP_OPT_SERVER_CONTROLS 0x0012

#define LDAP_OPT_HOST_NAME 0x30 /* 48 */

#define LDAP_OPT_CLIENT_CONTROLS 0x0013

#define LDAP_OPT_ERROR_NUMBER 0x31 /* 49 */

/* 0x14 not defined */

#define LDAP_OPT_ERROR_STRING 0x32 /* 50 */

#define LDAP_OPT_API_FEATURE_INFO 0x0015

#define LDAP_OPT_MATCHED_DN 0x33 /* 51 */

/* 0x16 - 0x2f not defined */

#define LDAP_OPT_HOST_NAME 0x0030

#define LDAP_OPT_RESULT_CODE 0x0031

#define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE

#define LDAP_OPT_DIAGNOSTIC_MESSAGE 0x0032

#define LDAP_OPT_ERROR_STRING LDAP_OPT_DIAGNOSTIC_MESSAGE

#define LDAP_OPT_MATCHED_DN 0x0033

/* 0x0034 - 0x3fff not defined */

/* 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT */

#define LDAP_OPT_SSPI_FLAGS 0x0092

/* 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO */

/* 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG */

#define LDAP_OPT_SIGN 0x0095

#define LDAP_OPT_ENCRYPT 0x0096

#define LDAP_OPT_SASL_METHOD 0x0097

/* 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE */

#define LDAP_OPT_SECURITY_CONTEXT 0x0099

/* 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE */

/* 0x009B - 0x3fff not defined */

/* API Extensions */

#define LDAP_OPT_API_EXTENSION_BASE 0x4000 /* API extensions */

/* private and experimental options */

/* OpenLDAP specific options */

#define LDAP_OPT_DEBUG_LEVEL 0x5001 /* debug level */

#define LDAP_OPT_TIMEOUT 0x5002 /* default timeout */

#define LDAP_OPT_REFHOPLIMIT 0x5003 /* ref hop limit */

#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket level timeout */

#define LDAP_OPT_URI 0x5006

#define LDAP_OPT_REFERRAL_URLS 0x5007 /* Referral URLs */

#define LDAP_OPT_SOCKBUF 0x5008 /* sockbuf */

#define LDAP_OPT_DEFBASE 0x5009 /* searchbase */

#define LDAP_OPT_CONNECT_ASYNC 0x5010 /* create connections asynchronously */

#define LDAP_OPT_CONNECT_CB 0x5011 /* connection callbacks */

#define LDAP_OPT_SESSION_REFCNT 0x5012 /* session reference count */

/* OpenLDAP TLS options */

#define LDAP_OPT_X_TLS 0x6000

* Well-behaved private and experimental extensions will use option values

#define LDAP_OPT_X_TLS_CTX 0x6001 /* OpenSSL CTX* */

* between 0x4000 (16384) and 0x7FFF (32767) inclusive.

#define LDAP_OPT_X_TLS_CACERTFILE 0x6002

#define LDAP_OPT_X_TLS_CACERTDIR 0x6003

#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000 /* to 0x7FFF inclusive */

#define LDAP_OPT_X_TLS_CERTFILE 0x6004

#define LDAP_OPT_X_TLS_KEYFILE 0x6005

* Special timeout values for poll and connect:

#define LDAP_OPT_X_TLS_REQUIRE_CERT 0x6006

#define LDAP_OPT_X_TLS_PROTOCOL_MIN 0x6007

#define LDAP_X_IO_TIMEOUT_NO_WAIT 0 /* return immediately */

#define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6008

#define LDAP_X_IO_TIMEOUT_NO_TIMEOUT (-1) /* block indefinitely */

#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009

#define LDAP_OPT_X_TLS_SSL_CTX 0x600a /* OpenSSL SSL* */

* Timeout value for nonblocking connect call

#define LDAP_OPT_X_TLS_CRLCHECK 0x600b

#define LDAP_OPT_X_TLS_CONNECT_CB 0x600c

#define LDAP_X_OPT_CONNECT_TIMEOUT (LDAP_OPT_PRIVATE_EXTENSION_BASE + 0x0F01)

#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d

/* 0x4000 + 0x0F01 = 0x4F01 = 20225 - API extension */

#define LDAP_OPT_X_TLS_DHFILE 0x600e

#define LDAP_OPT_X_TLS_NEWCTX 0x600f

#define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */

#define LDAP_OPT_X_TLS_PACKAGE 0x6011

#define LDAP_OPT_X_TLS_NEVER 0

/* for on/off options */

#define LDAP_OPT_X_TLS_HARD 1

#define LDAP_OPT_ON ((void *)1)

#define LDAP_OPT_X_TLS_DEMAND 2

#define LDAP_OPT_OFF ((void *)0)

#define LDAP_OPT_X_TLS_ALLOW 3

#define LDAP_OPT_X_TLS_TRY 4

#define LDAP_OPT_X_TLS_CRL_NONE 0

typedef struct ldap LDAP; /* opaque connection handle */

#define LDAP_OPT_X_TLS_CRL_PEER 1

typedef struct ldapmsg LDAPMessage; /* opaque result/entry handle */

#define LDAP_OPT_X_TLS_CRL_ALL 2

/* for LDAP_OPT_X_TLS_PROTOCOL_MIN */

#define NULLMSG ((LDAPMessage *)0)

#define LDAP_OPT_X_TLS_PROTOCOL(maj,min) (((maj) << 8) + (min))

#define LDAP_OPT_X_TLS_PROTOCOL_SSL2 (2 << 8)

#define LDAP_OPT_X_TLS_PROTOCOL_SSL3 (3 << 8)

#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 ((3 << 8) + 1)

#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 ((3 << 8) + 2)

#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 ((3 << 8) + 3)

/* OpenLDAP SASL options */

/* structure representing an LDAP modification */

#define LDAP_OPT_X_SASL_MECH 0x6100

typedef struct ldapmod {

#define LDAP_OPT_X_SASL_REALM 0x6101

int mod_op; /* kind of mod + form of values */

#define LDAP_OPT_X_SASL_AUTHCID 0x6102

#define LDAP_MOD_ADD 0x00

#define LDAP_OPT_X_SASL_AUTHZID 0x6103

#define LDAP_MOD_DELETE 0x01

#define LDAP_OPT_X_SASL_SSF 0x6104 /* read-only */

#define LDAP_MOD_REPLACE 0x02

#define LDAP_OPT_X_SASL_SSF_EXTERNAL 0x6105 /* write-only */

#define LDAP_MOD_BVALUES 0x80

#define LDAP_OPT_X_SASL_SECPROPS 0x6106 /* write-only */

char *mod_type; /* attribute name to modify */

#define LDAP_OPT_X_SASL_SSF_MIN 0x6107

union mod_vals_u {

#define LDAP_OPT_X_SASL_SSF_MAX 0x6108

char **modv_strvals;

#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109

struct berval **modv_bvals;

#define LDAP_OPT_X_SASL_MECHLIST 0x610a /* read-only */

} mod_vals; /* values to add/delete/replace */

#define LDAP_OPT_X_SASL_NOCANON 0x610b

#define mod_values mod_vals.modv_strvals

#define LDAP_OPT_X_SASL_USERNAME 0x610c /* read-only */

#define mod_bvalues mod_vals.modv_bvals

#define LDAP_OPT_X_SASL_GSS_CREDS 0x610d

} LDAPMod;

/* OpenLDAP GSSAPI options */

#define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT 0x6200

#define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL 0x6201

* OpenLDAP per connection tcp-keepalive settings

* structure for holding ldapv3 controls

* (Linux only, ignored where unsupported)

#define LDAP_OPT_X_KEEPALIVE_IDLE 0x6300

typedef struct ldapcontrol {

#define LDAP_OPT_X_KEEPALIVE_PROBES 0x6301

char *ldctl_oid;

#define LDAP_OPT_X_KEEPALIVE_INTERVAL 0x6302

struct berval ldctl_value;

char ldctl_iscritical;

} LDAPControl;

/* Private API Extensions -- reserved for application use */

#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000 /* Private API inclusive */

* ldap_get_option() and ldap_set_option() return values.

* LDAP API information. Can be retrieved by using a sequence like:

* As later versions may return other values indicating

* failure, current applications should only compare returned

* LDAPAPIInfo ldai;

* value against LDAP_OPT_SUCCESS.

* ldai.ldapai_info_version = LDAP_API_INFO_VERSION;

* if ( ldap_get_option( NULL, LDAP_OPT_API_INFO, &ldia ) == 0 ) ...

#define LDAP_OPT_SUCCESS 0

#define LDAP_API_INFO_VERSION 1

#define LDAP_OPT_ERROR (-1)

/* option on/off values */

#define LDAP_OPT_ON ((void *) &ber_pvt_opt_on)

#define LDAP_OPT_OFF ((void *) 0)

typedef struct ldapapiinfo {

int ldapai_info_version; /* version of LDAPAPIInfo */

int ldapai_info_version; /* version of this struct (1) */

#define LDAP_API_INFO_VERSION (1)

int ldapai_api_version; /* revision of API supported */

int ldapai_protocol_version; /* highest LDAP version supported */

char **ldapai_extensions; /* names of API extensions */

char *ldapai_vendor_name; /* name of supplier */

int ldapai_vendor_version; /* supplier-specific version times 100 */

int ldapai_vendor_version; /* supplier-specific version * 100 */

} LDAPAPIInfo;

typedef struct ldap_apifeature_info {

int ldapaif_info_version; /* version of LDAPAPIFeatureInfo */

#define LDAP_FEATURE_INFO_VERSION (1) /* apifeature_info struct version */

char* ldapaif_name; /* LDAP_API_FEATURE_* (less prefix) */

int ldapaif_version; /* value of LDAP_API_FEATURE_... */

} LDAPAPIFeatureInfo;

* LDAP Control structure

* LDAP API extended features info. Can be retrieved by using a sequence like:

* LDAPAPIFeatureInfo ldfi;

* ldfi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;

* ldfi.ldapaif_name = "VIRTUAL_LIST_VIEW";

* if ( ldap_get_option( NULL, LDAP_OPT_API_FEATURE_INFO, &ldfi ) == 0 ) ...

typedef struct ldapcontrol {

#define LDAP_FEATURE_INFO_VERSION 1

char * ldctl_oid; /* numericoid of control */

typedef struct ldap_apifeature_info {

struct berval ldctl_value; /* encoded value of control */

int ldapaif_info_version; /* version of this struct (1) */

char ldctl_iscritical; /* criticality */

char *ldapaif_name; /* name of supported feature */

} LDAPControl;

int ldapaif_version; /* revision of supported feature */

} LDAPAPIFeatureInfo;

/* LDAP Controls */

/* standard track controls */

#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */

#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18" /* RFC 4370 */

#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */

#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3"/* RFC 3876 */

/* possible result types a server can return */

#define LDAP_RES_BIND 0x61 /* 97 */

#define LDAP_RES_SEARCH_ENTRY 0x64 /* 100 */

#define LDAP_RES_SEARCH_RESULT 0x65 /* 101 */

#define LDAP_RES_MODIFY 0x67 /* 103 */

#define LDAP_RES_ADD 0x69 /* 105 */

#define LDAP_RES_DELETE 0x6b /* 107 */

#define LDAP_RES_MODDN 0x6d /* 109 */

#define LDAP_RES_COMPARE 0x6f /* 111 */

#define LDAP_RES_SEARCH_REFERENCE 0x73 /* 115 */

#define LDAP_RES_EXTENDED 0x78 /* 120 */

#define LDAP_CONTROL_ASSERT "1.3.6.1.1.12" /* RFC 4528 */

/* Special values for ldap_result() "msgid" parameter */

#define LDAP_CONTROL_PRE_READ "1.3.6.1.1.13.1" /* RFC 4527 */

#define LDAP_RES_ANY (-1)

#define LDAP_CONTROL_POST_READ "1.3.6.1.1.13.2" /* RFC 4527 */

#define LDAP_RES_UNSOLICITED 0

#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */

#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */

/* non-standard track controls */

#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */

/* LDAP Content Synchronization Operation -- RFC 4533 */

#define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1"

#define LDAP_CONTROL_SYNC LDAP_SYNC_OID ".1"

#define LDAP_CONTROL_SYNC_STATE LDAP_SYNC_OID ".2"

#define LDAP_CONTROL_SYNC_DONE LDAP_SYNC_OID ".3"

#define LDAP_SYNC_INFO LDAP_SYNC_OID ".4"

#define LDAP_SYNC_NONE 0x00

#define LDAP_SYNC_REFRESH_ONLY 0x01

#define LDAP_SYNC_RESERVED 0x02

#define LDAP_SYNC_REFRESH_AND_PERSIST 0x03

#define LDAP_SYNC_REFRESH_PRESENTS 0

#define LDAP_SYNC_REFRESH_DELETES 1

#define LDAP_TAG_SYNC_NEW_COOKIE ((ber_tag_t) 0x80U)

#define LDAP_TAG_SYNC_REFRESH_DELETE ((ber_tag_t) 0xa1U)

#define LDAP_TAG_SYNC_REFRESH_PRESENT ((ber_tag_t) 0xa2U)

#define LDAP_TAG_SYNC_ID_SET ((ber_tag_t) 0xa3U)

#define LDAP_TAG_SYNC_COOKIE ((ber_tag_t) 0x04U)

#define LDAP_TAG_REFRESHDELETES ((ber_tag_t) 0x01U)

#define LDAP_TAG_REFRESHDONE ((ber_tag_t) 0x01U)

#define LDAP_TAG_RELOAD_HINT ((ber_tag_t) 0x01U)

#define LDAP_SYNC_PRESENT 0

#define LDAP_SYNC_ADD 1

#define LDAP_SYNC_MODIFY 2

#define LDAP_SYNC_DELETE 3

#define LDAP_SYNC_NEW_COOKIE 4

/* LDAP Don't Use Copy Control (RFC 6171) */

#define LDAP_CONTROL_DONTUSECOPY "1.3.6.1.1.22"

/* Password policy Controls *//* work in progress */

/* ITS#3458: released; disabled by default */

#define LDAP_CONTROL_PASSWORDPOLICYREQUEST "1.3.6.1.4.1.42.2.27.8.5.1"

#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE "1.3.6.1.4.1.42.2.27.8.5.1"

/* various works in progress */

#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.666.5.2"

#define LDAP_CONTROL_NO_SUBORDINATES "1.3.6.1.4.1.4203.666.5.11"

#define LDAP_CONTROL_RELAX "1.3.6.1.4.1.4203.666.5.12"

#define LDAP_CONTROL_MANAGEDIT LDAP_CONTROL_RELAX

#define LDAP_CONTROL_SLURP "1.3.6.1.4.1.4203.666.5.13"

#define LDAP_CONTROL_VALSORT "1.3.6.1.4.1.4203.666.5.14"

#define LDAP_CONTROL_X_DEREF "1.3.6.1.4.1.4203.666.5.16"

#define LDAP_CONTROL_X_WHATFAILED "1.3.6.1.4.1.4203.666.5.17"

/* LDAP Chaining Behavior Control *//* work in progress */

/* <draft-sermersheim-ldap-chaining>;

* see also LDAP_NO_REFERRALS_FOUND, LDAP_CANNOT_CHAIN */

#define LDAP_CONTROL_X_CHAINING_BEHAVIOR "1.3.6.1.4.1.4203.666.11.3"

#define LDAP_CHAINING_PREFERRED 0

#define LDAP_CHAINING_REQUIRED 1

#define LDAP_REFERRALS_PREFERRED 2

#define LDAP_REFERRALS_REQUIRED 3

/* MS Active Directory controls (for compatibility) */

#define LDAP_CONTROL_X_INCREMENTAL_VALUES "1.2.840.113556.1.4.802"

#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"

#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"

#define LDAP_CONTROL_X_SEARCH_OPTIONS "1.2.840.113556.1.4.1340"

#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */

#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */

#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"

/* MS Active Directory controls - not implemented in slapd(8) */

/* built-in SASL methods */

#define LDAP_CONTROL_X_EXTENDED_DN "1.2.840.113556.1.4.529"

#define LDAP_SASL_SIMPLE 0 /* special value used for simple bind */

#define LDAP_SASL_EXTERNAL "EXTERNAL" /* TLS/SSL extension */

/* <draft-wahl-ldap-session> */

#ifdef _SOLARIS_SDK

#define LDAP_CONTROL_X_SESSION_TRACKING "1.3.6.1.4.1.21008.108.63.1"

#define LDAP_SASL_CRAM_MD5 "CRAM-MD5"

#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \

#define LDAP_SASL_DIGEST_MD5 "DIGEST-MD5"

LDAP_CONTROL_X_SESSION_TRACKING ".1"

#define LDAP_SASL_BIND_INPROGRESS 0x0e /* for backward compatibility */

#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_MULTI_SESSION_ID \

#endif

LDAP_CONTROL_X_SESSION_TRACKING ".2"

#define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \

LDAP_CONTROL_X_SESSION_TRACKING ".3"

/* various expired works */

/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */

/* search scopes */

#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"

#define LDAP_SCOPE_BASE 0x00

#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"

#define LDAP_SCOPE_ONELEVEL 0x01

#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"

#define LDAP_SCOPE_SUBTREE 0x02

#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST

/* LDAP Persistent Search Control *//* not implemented in slapd(8) */

/* alias dereferencing */

#define LDAP_CONTROL_PERSIST_REQUEST "2.16.840.1.113730.3.4.3"

#define LDAP_DEREF_NEVER 0

#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE "2.16.840.1.113730.3.4.7"

#define LDAP_DEREF_SEARCHING 1

#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_ADD 0x1

#define LDAP_DEREF_FINDING 2

#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_DELETE 0x2

#define LDAP_DEREF_ALWAYS 3

#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_MODIFY 0x4

#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_RENAME 0x8

/* LDAP VLV */

/* predefined size/time limits */

#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"

#define LDAP_NO_LIMIT 0

#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"

/* LDAP Unsolicited Notifications */

/* allowed values for "all" ldap_result() parameter */

#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 4511 */

#define LDAP_MSG_ONE 0

#define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION

#define LDAP_MSG_ALL 1

#define LDAP_MSG_RECEIVED 2

/* LDAP Extended Operations */

/* possible error codes we can be returned */

#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" /* RFC 4511 */

#define LDAP_SUCCESS 0x00 /* 0 */

#define LDAP_OPERATIONS_ERROR 0x01 /* 1 */

#define LDAP_PROTOCOL_ERROR 0x02 /* 2 */

#define LDAP_TIMELIMIT_EXCEEDED 0x03 /* 3 */

#define LDAP_SIZELIMIT_EXCEEDED 0x04 /* 4 */

#define LDAP_COMPARE_FALSE 0x05 /* 5 */

#define LDAP_COMPARE_TRUE 0x06 /* 6 */

#define LDAP_STRONG_AUTH_NOT_SUPPORTED 0x07 /* 7 */

#define LDAP_STRONG_AUTH_REQUIRED 0x08 /* 8 */

#define LDAP_PARTIAL_RESULTS 0x09 /* 9 (UMich LDAPv2 extn) */

#define LDAP_REFERRAL 0x0a /* 10 - LDAPv3 */

#define LDAP_ADMINLIMIT_EXCEEDED 0x0b /* 11 - LDAPv3 */

#define LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c /* 12 - LDAPv3 */

#define LDAP_CONFIDENTIALITY_REQUIRED 0x0d /* 13 */

#define LDAP_SASL_BIND_IN_PROGRESS 0x0e /* 14 - LDAPv3 */

#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" /* RFC 3062 */

#define LDAP_NO_SUCH_ATTRIBUTE 0x10 /* 16 */

#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)

#define LDAP_UNDEFINED_TYPE 0x11 /* 17 */

#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U)

#define LDAP_INAPPROPRIATE_MATCHING 0x12 /* 18 */

#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)

#define LDAP_CONSTRAINT_VIOLATION 0x13 /* 19 */

#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN ((ber_tag_t) 0x80U)

#define LDAP_TYPE_OR_VALUE_EXISTS 0x14 /* 20 */

#define LDAP_INVALID_SYNTAX 0x15 /* 21 */

#define LDAP_EXOP_CANCEL "1.3.6.1.1.8" /* RFC 3909 */

#define LDAP_NO_SUCH_OBJECT 0x20 /* 32 */

#define LDAP_EXOP_X_CANCEL LDAP_EXOP_CANCEL

#define LDAP_ALIAS_PROBLEM 0x21 /* 33 */

#define LDAP_INVALID_DN_SYNTAX 0x22 /* 34 */

#define LDAP_IS_LEAF 0x23 /* 35 (not used in LDAPv3) */

#define LDAP_ALIAS_DEREF_PROBLEM 0x24 /* 36 */

#define LDAP_EXOP_REFRESH "1.3.6.1.4.1.1466.101.119.1" /* RFC 2589 */

#define NAME_ERROR(n) ((n & 0xf0) == 0x20)

#define LDAP_TAG_EXOP_REFRESH_REQ_DN ((ber_tag_t) 0x80U)

#define LDAP_TAG_EXOP_REFRESH_REQ_TTL ((ber_tag_t) 0x81U)

#define LDAP_TAG_EXOP_REFRESH_RES_TTL ((ber_tag_t) 0x81U)

#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* RFC 4532 */

#define LDAP_INAPPROPRIATE_AUTH 0x30 /* 48 */

#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I

#define LDAP_INVALID_CREDENTIALS 0x31 /* 49 */

#define LDAP_INSUFFICIENT_ACCESS 0x32 /* 50 */

#define LDAP_BUSY 0x33 /* 51 */

#define LDAP_UNAVAILABLE 0x34 /* 52 */

#define LDAP_UNWILLING_TO_PERFORM 0x35 /* 53 */

#define LDAP_LOOP_DETECT 0x36 /* 54 */

/* various works in progress */

#define LDAP_SORT_CONTROL_MISSING 0x3C /* 60 (server side sort extn) */

#define LDAP_EXOP_TURN "1.3.6.1.1.19" /* RFC 4531 */

#define LDAP_INDEX_RANGE_ERROR 0x3D /* 61 (VLV extn) */

#define LDAP_EXOP_X_TURN LDAP_EXOP_TURN

/* LDAP Distributed Procedures <draft-sermersheim-ldap-distproc> */

#define LDAP_NAMING_VIOLATION 0x40 /* 64 */

/* a work in progress */

#define LDAP_OBJECT_CLASS_VIOLATION 0x41 /* 65 */

#define LDAP_X_DISTPROC_BASE "1.3.6.1.4.1.4203.666.11.6"

#define LDAP_NOT_ALLOWED_ON_NONLEAF 0x42 /* 66 */

#define LDAP_EXOP_X_CHAINEDREQUEST LDAP_X_DISTPROC_BASE ".1"

#define LDAP_NOT_ALLOWED_ON_RDN 0x43 /* 67 */

#define LDAP_FEATURE_X_CANCHAINOPS LDAP_X_DISTPROC_BASE ".2"

#define LDAP_ALREADY_EXISTS 0x44 /* 68 */

#define LDAP_CONTROL_X_RETURNCONTREF LDAP_X_DISTPROC_BASE ".3"

#define LDAP_NO_OBJECT_CLASS_MODS 0x45 /* 69 */

#define LDAP_URLEXT_X_LOCALREFOID LDAP_X_DISTPROC_BASE ".4"

#define LDAP_RESULTS_TOO_LARGE 0x46 /* 70 - CLDAP */

#define LDAP_URLEXT_X_REFTYPEOID LDAP_X_DISTPROC_BASE ".5"

#define LDAP_AFFECTS_MULTIPLE_DSAS 0x47 /* 71 */

#define LDAP_URLEXT_X_SEARCHEDSUBTREEOID \

LDAP_X_DISTPROC_BASE ".6"

#define LDAP_URLEXT_X_FAILEDNAMEOID LDAP_X_DISTPROC_BASE ".7"

#define LDAP_URLEXT_X_LOCALREF "x-localReference"

#define LDAP_URLEXT_X_REFTYPE "x-referenceType"

#define LDAP_URLEXT_X_SEARCHEDSUBTREE "x-searchedSubtree"

#define LDAP_URLEXT_X_FAILEDNAME "x-failedName"

#ifdef LDAP_DEVEL

#define LDAP_OTHER 0x50 /* 80 */

#define LDAP_X_TXN "1.3.6.1.4.1.4203.666.11.7" /* tmp */

#define LDAP_SERVER_DOWN 0x51 /* 81 */

#define LDAP_EXOP_X_TXN_START LDAP_X_TXN ".1"

#define LDAP_LOCAL_ERROR 0x52 /* 82 */

#define LDAP_CONTROL_X_TXN_SPEC LDAP_X_TXN ".2"

#define LDAP_ENCODING_ERROR 0x53 /* 83 */

#define LDAP_EXOP_X_TXN_END LDAP_X_TXN ".3"

#define LDAP_DECODING_ERROR 0x54 /* 84 */

#define LDAP_EXOP_X_TXN_ABORTED_NOTICE LDAP_X_TXN ".4"

#define LDAP_TIMEOUT 0x55 /* 85 */

#endif

#define LDAP_AUTH_UNKNOWN 0x56 /* 86 */

#define LDAP_FILTER_ERROR 0x57 /* 87 */

#define LDAP_USER_CANCELLED 0x58 /* 88 */

#define LDAP_PARAM_ERROR 0x59 /* 89 */

#define LDAP_NO_MEMORY 0x5a /* 90 */

#define LDAP_CONNECT_ERROR 0x5b /* 91 */

#define LDAP_NOT_SUPPORTED 0x5c /* 92 - LDAPv3 */

#define LDAP_CONTROL_NOT_FOUND 0x5d /* 93 - LDAPv3 */

#define LDAP_NO_RESULTS_RETURNED 0x5e /* 94 - LDAPv3 */

#define LDAP_MORE_RESULTS_TO_RETURN 0x5f /* 95 - LDAPv3 */

#define LDAP_CLIENT_LOOP 0x60 /* 96 - LDAPv3 */

#define LDAP_REFERRAL_LIMIT_EXCEEDED 0x61 /* 97 - LDAPv3 */

/* LDAP Features */

#define LDAP_FEATURE_ALL_OP_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* RFC 3673 */

* LDAPv3 unsolicited notification messages we know about

#define LDAP_FEATURE_OBJECTCLASS_ATTRS \

"1.3.6.1.4.1.4203.1.5.2" /* @objectClass - new number to be assigned */

#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036"

#define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3" /* (&) (|) */

#define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"

#define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"

#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.1.14"

/* LDAP Experimental (works in progress) Features */

#define LDAP_FEATURE_SUBORDINATE_SCOPE \

* LDAPv3 server controls we know about

"1.3.6.1.4.1.4203.666.8.1" /* "children" */

#define LDAP_FEATURE_CHILDREN_SCOPE LDAP_FEATURE_SUBORDINATE_SCOPE

#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2"

#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473"

#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474"

#define LDAP_CONTROL_PERSISTENTSEARCH "2.16.840.1.113730.3.4.3"

#define LDAP_CONTROL_ENTRYCHANGE "2.16.840.1.113730.3.4.7"

#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"

#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"

#define LDAP_CONTROL_PROXYAUTH "2.16.840.1.113730.3.4.12"

/* version 1 */

#define LDAP_CONTROL_PROXIEDAUTH "2.16.840.1.113730.3.4.18"

/* version 2 */

#ifdef _SOLARIS_SDK

* specific LDAP instantiations of BER types we know about

* Simple Page control OID

#define LDAP_CONTROL_SIMPLE_PAGE "1.2.840.113556.1.4.319"

/* Overview of LBER tag construction

* Begin LDAP Display Template Definitions

* Bits

* ______

* 8 7 | CLASS

* 0 0 = UNIVERSAL

* 0 1 = APPLICATION

* 1 0 = CONTEXT-SPECIFIC

* 1 1 = PRIVATE

* _____

* | 6 | DATA-TYPE

* 0 = PRIMITIVE

* 1 = CONSTRUCTED

* ___________

* | 5 ... 1 | TAG-NUMBER

#define LDAP_TEMPLATE_VERSION 1

/* general stuff */

#define LDAP_TAG_MESSAGE ((ber_tag_t) 0x30U) /* constructed + 16 */

* general types of items (confined to most significant byte)

#define LDAP_TAG_MSGID ((ber_tag_t) 0x02U) /* integer */

#define LDAP_SYN_TYPE_TEXT 0x01000000L

#define LDAP_SYN_TYPE_IMAGE 0x02000000L

#define LDAP_SYN_TYPE_BOOLEAN 0x04000000L

#define LDAP_SYN_TYPE_BUTTON 0x08000000L

#define LDAP_SYN_TYPE_ACTION 0x10000000L

#define LDAP_TAG_LDAPDN ((ber_tag_t) 0x04U) /* octet string */

#define LDAP_TAG_LDAPCRED ((ber_tag_t) 0x04U) /* octet string */

* syntax options (confined to second most significant byte)

#define LDAP_SYN_OPT_DEFER 0x00010000L

#define LDAP_TAG_CONTROLS ((ber_tag_t) 0xa0U) /* context specific + constructed + 0 */

#define LDAP_TAG_REFERRAL ((ber_tag_t) 0xa3U) /* context specific + constructed + 3 */

* display template item syntax ids (defined by common agreement)

* these are the valid values for the ti_syntaxid of the tmplitem

* struct (defined below). A general type is encoded in the

* most-significant 8 bits, and some options are encoded in the next

* 8 bits. The lower 16 bits are reserved for the distinct types.

#define LDAP_SYN_CASEIGNORESTR (1 | LDAP_SYN_TYPE_TEXT)

#define LDAP_SYN_MULTILINESTR (2 | LDAP_SYN_TYPE_TEXT)

#define LDAP_SYN_DN (3 | LDAP_SYN_TYPE_TEXT)

#define LDAP_SYN_BOOLEAN (4 | LDAP_SYN_TYPE_BOOLEAN)

#define LDAP_SYN_JPEGIMAGE (5 | LDAP_SYN_TYPE_IMAGE)

#define LDAP_SYN_JPEGBUTTON (6 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)

#define LDAP_SYN_FAXIMAGE (7 | LDAP_SYN_TYPE_IMAGE)

#define LDAP_SYN_FAXBUTTON (8 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)

#define LDAP_SYN_AUDIOBUTTON (9 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)

#define LDAP_SYN_TIME (10 | LDAP_SYN_TYPE_TEXT)

#define LDAP_SYN_DATE (11 | LDAP_SYN_TYPE_TEXT)

#define LDAP_SYN_LABELEDURL (12 | LDAP_SYN_TYPE_TEXT)

#define LDAP_SYN_SEARCHACTION (13 | LDAP_SYN_TYPE_ACTION)

#define LDAP_SYN_LINKACTION (14 | LDAP_SYN_TYPE_ACTION)

#define LDAP_SYN_ADDDNACTION (15 | LDAP_SYN_TYPE_ACTION)

#define LDAP_SYN_VERIFYDNACTION (16 | LDAP_SYN_TYPE_ACTION)

#define LDAP_SYN_RFC822ADDR (17 | LDAP_SYN_TYPE_TEXT)

#define LDAP_TAG_NEWSUPERIOR ((ber_tag_t) 0x80U) /* context-specific + primitive + 0 */

* handy macros

#define LDAP_GET_SYN_TYPE(syid) ((syid) & 0xFF000000UL)

#define LDAP_GET_SYN_OPTIONS(syid) ((syid) & 0x00FF0000UL)

#define LDAP_TAG_EXOP_REQ_OID ((ber_tag_t) 0x80U) /* context specific + primitive */

#define LDAP_TAG_EXOP_REQ_VALUE ((ber_tag_t) 0x81U) /* context specific + primitive */

#define LDAP_TAG_EXOP_RES_OID ((ber_tag_t) 0x8aU) /* context specific + primitive */

#define LDAP_TAG_EXOP_RES_VALUE ((ber_tag_t) 0x8bU) /* context specific + primitive */

#define LDAP_TAG_IM_RES_OID ((ber_tag_t) 0x80U) /* context specific + primitive */

#define LDAP_TAG_IM_RES_VALUE ((ber_tag_t) 0x81U) /* context specific + primitive */

* display options for output routines (used by entry2text and friends)

* use calculated label width (based on length of longest label in

* template) instead of contant width

#define LDAP_DISP_OPT_AUTOLABELWIDTH 0x00000001L

#define LDAP_DISP_OPT_HTMLBODYONLY 0x00000002L

#define LDAP_TAG_SASL_RES_CREDS ((ber_tag_t) 0x87U) /* context specific + primitive */

* perform search actions (applies to ldap_entry2text_search only)

#define LDAP_DISP_OPT_DOSEARCHACTIONS 0x00000002L

/* LDAP Request Messages */

#define LDAP_REQ_BIND ((ber_tag_t) 0x60U) /* application + constructed */

* include additional info. relevant to "non leaf" entries only

#define LDAP_REQ_UNBIND ((ber_tag_t) 0x42U) /* application + primitive */

* used by ldap_entry2html and ldap_entry2html_search to include "Browse"

#define LDAP_REQ_SEARCH ((ber_tag_t) 0x63U) /* application + constructed */

* and "Move Up" HREFs

#define LDAP_REQ_MODIFY ((ber_tag_t) 0x66U) /* application + constructed */

#define LDAP_REQ_ADD ((ber_tag_t) 0x68U) /* application + constructed */

#define LDAP_DISP_OPT_NONLEAF 0x00000004L

#define LDAP_REQ_DELETE ((ber_tag_t) 0x4aU) /* application + primitive */

#define LDAP_REQ_MODDN ((ber_tag_t) 0x6cU) /* application + constructed */

#define LDAP_REQ_MODRDN LDAP_REQ_MODDN

#define LDAP_REQ_RENAME LDAP_REQ_MODDN

#define LDAP_REQ_COMPARE ((ber_tag_t) 0x6eU) /* application + constructed */

#define LDAP_REQ_ABANDON ((ber_tag_t) 0x50U) /* application + primitive */

#define LDAP_REQ_EXTENDED ((ber_tag_t) 0x77U) /* application + constructed */

/* LDAP Response Messages */

#define LDAP_RES_BIND ((ber_tag_t) 0x61U) /* application + constructed */

* display template item options (may not apply to all types)

#define LDAP_RES_SEARCH_ENTRY ((ber_tag_t) 0x64U) /* application + constructed */

* if this bit is set in ti_options, it applies.

#define LDAP_RES_SEARCH_REFERENCE ((ber_tag_t) 0x73U) /* V3: application + constructed */

#define LDAP_RES_SEARCH_RESULT ((ber_tag_t) 0x65U) /* application + constructed */

#define LDAP_DITEM_OPT_READONLY 0x00000001L

#define LDAP_RES_MODIFY ((ber_tag_t) 0x67U) /* application + constructed */

#define LDAP_DITEM_OPT_SORTVALUES 0x00000002L

#define LDAP_RES_ADD ((ber_tag_t) 0x69U) /* application + constructed */

#define LDAP_DITEM_OPT_SINGLEVALUED 0x00000004L

#define LDAP_RES_DELETE ((ber_tag_t) 0x6bU) /* application + constructed */

#define LDAP_DITEM_OPT_HIDEIFEMPTY 0x00000008L

#define LDAP_RES_MODDN ((ber_tag_t) 0x6dU) /* application + constructed */

#define LDAP_DITEM_OPT_VALUEREQUIRED 0x00000010L

#define LDAP_RES_MODRDN LDAP_RES_MODDN /* application + constructed */

#define LDAP_DITEM_OPT_HIDEIFFALSE 0x00000020L /* booleans only */

#define LDAP_RES_RENAME LDAP_RES_MODDN /* application + constructed */

#define LDAP_RES_COMPARE ((ber_tag_t) 0x6fU) /* application + constructed */

#define LDAP_RES_EXTENDED ((ber_tag_t) 0x78U) /* V3: application + constructed */

#define LDAP_RES_INTERMEDIATE ((ber_tag_t) 0x79U) /* V3+: application + constructed */

#define LDAP_RES_ANY (-1)

#endif /* _SOLARIS_SDK */

#define LDAP_RES_UNSOLICITED (0)

/* Authentication request and response controls */

#define LDAP_CONTROL_AUTH_REQUEST "2.16.840.1.113730.3.4.16"

#define LDAP_CONTROL_AUTH_RESPONSE "2.16.840.1.113730.3.4.15"

/* sasl methods */

/* Password information sent back to client */

#define LDAP_SASL_SIMPLE ((char*)0)

#define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4"

#define LDAP_SASL_NULL ("")

#define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5"

/* authentication methods available */

#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */

* Client controls we know about

#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */

#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */

#define LDAP_CONTROL_REFERRALS "1.2.840.113556.1.4.616"

#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */

#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */

#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */

/* used by the Windows API but not used on the wire */

#define LDAP_AUTH_NEGOTIATE ((ber_tag_t) 0x04FFU)

/* filter types */

#define LDAP_FILTER_AND ((ber_tag_t) 0xa0U) /* context specific + constructed */

* LDAP_API macro definition:

#define LDAP_FILTER_OR ((ber_tag_t) 0xa1U) /* context specific + constructed */

#define LDAP_FILTER_NOT ((ber_tag_t) 0xa2U) /* context specific + constructed */

#ifndef LDAP_API

#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */

#define LDAP_API(rt) rt

#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */

#endif /* LDAP_API */

#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */

#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */

#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */

#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */

#define LDAP_FILTER_EXT ((ber_tag_t) 0xa9U) /* context specific + constructed */

/* extended filter component types */

#ifdef _SOLARIS_SDK

#define LDAP_FILTER_EXT_OID ((ber_tag_t) 0x81U) /* context specific */

/* Simple Page Control functions for Solaris SDK */

#define LDAP_FILTER_EXT_TYPE ((ber_tag_t) 0x82U) /* context specific */

int ldap_create_page_control(LDAP *ld, unsigned int pagesize,

#define LDAP_FILTER_EXT_VALUE ((ber_tag_t) 0x83U) /* context specific */

struct berval *cookie, char isCritical, LDAPControl **output);

#define LDAP_FILTER_EXT_DNATTRS ((ber_tag_t) 0x84U) /* context specific */

int ldap_parse_page_control(LDAP *ld, LDAPControl **controls,

unsigned int *totalcount, struct berval **cookie);

/* substring filter component types */

/* CRAM-MD5 functions */

#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */

int ldap_sasl_cram_md5_bind_s(LDAP *ld, char *dn,

#define LDAP_SUBSTRING_ANY ((ber_tag_t) 0x81U) /* context specific */

struct berval *cred, LDAPControl **serverctrls,

#define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */

LDAPControl **clientctrls);

/* DIGEST-MD5 Function */

int ldap_x_sasl_digest_md5_bind_s(LDAP *ld, char *dn,

struct berval *cred, LDAPControl **serverctrls,

LDAPControl **clientctrls);

int ldap_x_sasl_digest_md5_bind(LDAP *ld, char *dn,

struct berval *cred, LDAPControl **serverctrls,

LDAPControl **clientctrls, struct timeval *timeout,

LDAPMessage **result);

/* search scopes */

#endif /* _SOLARIS_SDK */

#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000)

#define LDAP_SCOPE_BASEOBJECT LDAP_SCOPE_BASE

#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001)

#define LDAP_SCOPE_ONE LDAP_SCOPE_ONELEVEL

#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002)

#define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE

#define LDAP_SCOPE_SUBORDINATE ((ber_int_t) 0x0003) /* OpenLDAP extension */

#define LDAP_SCOPE_CHILDREN LDAP_SCOPE_SUBORDINATE

#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */

/* substring filter component types */

LDAP_API(LDAP *) LDAP_CALL ldap_open(const char *host, int port);

#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */

LDAP_API(LDAP *) LDAP_CALL ldap_init(const char *defhost, int defport);

#define LDAP_SUBSTRING_ANY ((ber_tag_t) 0x81U) /* context specific */

int LDAP_CALL ldap_set_option(LDAP *ld, int option,

#define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */

const void *optdata);

int LDAP_CALL ldap_get_option(LDAP *ld, int option, void *optdata);

int LDAP_CALL ldap_unbind(LDAP *ld);

int LDAP_CALL ldap_unbind_s(LDAP *ld);

* LDAP Result Codes

* perform ldap operations and obtain results

#define LDAP_SUCCESS 0x00

int LDAP_CALL ldap_abandon(LDAP *ld, int msgid);

int LDAP_CALL ldap_add(LDAP *ld, const char *dn, LDAPMod **attrs);

int LDAP_CALL ldap_add_s(LDAP *ld, const char *dn, LDAPMod **attrs);

int LDAP_CALL ldap_simple_bind(LDAP *ld, const char *who,

const char *passwd);

int LDAP_CALL ldap_simple_bind_s(LDAP *ld, const char *who,

const char *passwd);

int LDAP_CALL ldap_modify(LDAP *ld, const char *dn, LDAPMod **mods);

int LDAP_CALL ldap_modify_s(LDAP *ld, const char *dn,

LDAPMod **mods);

int LDAP_CALL ldap_modrdn(LDAP *ld, const char *dn,

const char *newrdn);

int LDAP_CALL ldap_modrdn_s(LDAP *ld, const char *dn,

const char *newrdn);

#define LDAP_RANGE(n,x,y) (((x) <= (n)) && ((n) <= (y)))

/* The following 2 functions are deprecated */

int LDAP_CALL ldap_modrdn2(LDAP *ld, const char *dn,

const char *newrdn, int deleteoldrdn);

int LDAP_CALL ldap_modrdn2_s(LDAP *ld, const char *dn,

const char *newrdn, int deleteoldrdn);

#define LDAP_OPERATIONS_ERROR 0x01

int LDAP_CALL ldap_compare(LDAP *ld, const char *dn,

#define LDAP_PROTOCOL_ERROR 0x02

const char *attr, const char *value);

#define LDAP_TIMELIMIT_EXCEEDED 0x03

int LDAP_CALL ldap_compare_s(LDAP *ld, const char *dn,

#define LDAP_SIZELIMIT_EXCEEDED 0x04

const char *attr, const char *value);

#define LDAP_COMPARE_FALSE 0x05

int LDAP_CALL ldap_delete(LDAP *ld, const char *dn);

#define LDAP_COMPARE_TRUE 0x06

int LDAP_CALL ldap_delete_s(LDAP *ld, const char *dn);

#define LDAP_AUTH_METHOD_NOT_SUPPORTED 0x07

int LDAP_CALL ldap_search(LDAP *ld, const char *base, int scope,

#define LDAP_STRONG_AUTH_NOT_SUPPORTED LDAP_AUTH_METHOD_NOT_SUPPORTED

const char *filter, char **attrs, int attrsonly);

#define LDAP_STRONG_AUTH_REQUIRED 0x08

int LDAP_CALL ldap_search_s(LDAP *ld, const char *base, int scope,

#define LDAP_STRONGER_AUTH_REQUIRED LDAP_STRONG_AUTH_REQUIRED

const char *filter, char **attrs, int attrsonly, LDAPMessage **res);

#define LDAP_PARTIAL_RESULTS 0x09 /* LDAPv2+ (not LDAPv3) */

int LDAP_CALL ldap_search_st(LDAP *ld, const char *base, int scope,

const char *filter, char **attrs, int attrsonly,

struct timeval *timeout, LDAPMessage **res);

int LDAP_CALL ldap_result(LDAP *ld, int msgid, int all,

struct timeval *timeout, LDAPMessage **result);

int LDAP_CALL ldap_msgfree(LDAPMessage *lm);

int LDAP_CALL ldap_msgid(LDAPMessage *lm);

int LDAP_CALL ldap_msgtype(LDAPMessage *lm);

#define LDAP_REFERRAL 0x0a /* LDAPv3 */

#define LDAP_ADMINLIMIT_EXCEEDED 0x0b /* LDAPv3 */

#define LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c /* LDAPv3 */

#define LDAP_CONFIDENTIALITY_REQUIRED 0x0d /* LDAPv3 */

#define LDAP_SASL_BIND_IN_PROGRESS 0x0e /* LDAPv3 */

#define LDAP_ATTR_ERROR(n) LDAP_RANGE((n),0x10,0x15) /* 16-21 */

* Routines to parse/deal with results and errors returned

int LDAP_CALL ldap_result2error(LDAP *ld, LDAPMessage *r,

int freeit);

char *LDAP_CALL ldap_err2string(int err);

LDAP_API(void) LDAP_CALL ldap_perror(LDAP *ld, const char *s);

LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_entry(LDAP *ld,

LDAPMessage *chain);

LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_entry(LDAP *ld,

LDAPMessage *entry);

int LDAP_CALL ldap_count_entries(LDAP *ld, LDAPMessage *chain);

char *LDAP_CALL ldap_get_dn(LDAP *ld, LDAPMessage *entry);

char *LDAP_CALL ldap_dn2ufn(const char *dn);

char **LDAP_CALL ldap_explode_dn(const char *dn,

const int notypes);

char **LDAP_CALL ldap_explode_rdn(const char *rdn,

const int notypes);

char *LDAP_CALL ldap_first_attribute(LDAP *ld, LDAPMessage *entry,

BerElement **ber);

char *LDAP_CALL ldap_next_attribute(LDAP *ld, LDAPMessage *entry,

BerElement *ber);

#define LDAP_NO_SUCH_ATTRIBUTE 0x10

/* The following function is deprecated */

#define LDAP_UNDEFINED_TYPE 0x11

LDAP_API(void) LDAP_CALL ldap_ber_free(BerElement *ber, int freebuf);

#define LDAP_INAPPROPRIATE_MATCHING 0x12

#define LDAP_CONSTRAINT_VIOLATION 0x13

#define LDAP_TYPE_OR_VALUE_EXISTS 0x14

#define LDAP_INVALID_SYNTAX 0x15

#define LDAP_NAME_ERROR(n) LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */

char **LDAP_CALL ldap_get_values(LDAP *ld, LDAPMessage *entry,

const char *target);

struct berval **LDAP_CALL ldap_get_values_len(LDAP *ld,

LDAPMessage *entry, const char *target);

int LDAP_CALL ldap_count_values(char **vals);

int LDAP_CALL ldap_count_values_len(struct berval **vals);

LDAP_API(void) LDAP_CALL ldap_value_free(char **vals);

LDAP_API(void) LDAP_CALL ldap_value_free_len(struct berval **vals);

LDAP_API(void) LDAP_CALL ldap_memfree(void *p);

#define LDAP_NO_SUCH_OBJECT 0x20

#define LDAP_ALIAS_PROBLEM 0x21

#define LDAP_INVALID_DN_SYNTAX 0x22

#define LDAP_IS_LEAF 0x23 /* not LDAPv3 */

#define LDAP_ALIAS_DEREF_PROBLEM 0x24

#define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),

* LDAPv3 extended operation calls

* Note: all of the new asynchronous calls return an LDAP error code,

* not a message id. A message id is returned via the int *msgidp

* parameter (usually the last parameter) if appropriate.

int LDAP_CALL ldap_abandon_ext(LDAP *ld, int msgid,

LDAPControl **serverctrls, LDAPControl **clientctrls);

int LDAP_CALL ldap_add_ext(LDAP *ld, const char *dn, LDAPMod **attrs,

LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);

int LDAP_CALL ldap_add_ext_s(LDAP *ld, const char *dn,

LDAPMod **attrs, LDAPControl **serverctrls, LDAPControl **clientctrls);

int LDAP_CALL ldap_sasl_bind(LDAP *ld, const char *dn,

const char *mechanism, const struct berval *cred,

LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);

int LDAP_CALL ldap_sasl_bind_s(LDAP *ld, const char *dn,

const char *mechanism, const struct berval *cred,

LDAPControl **serverctrls, LDAPControl **clientctrls,

struct berval **servercredp);

int LDAP_CALL ldap_modify_ext(LDAP *ld, const char *dn,

LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls,

int *msgidp);

int LDAP_CALL ldap_modify_ext_s(LDAP *ld, const char *dn,

LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls);

int LDAP_CALL ldap_rename(LDAP *ld, const char *dn,

const char *newrdn, const char *newparent, int deleteoldrdn,

LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);

int LDAP_CALL ldap_rename_s(LDAP *ld, const char *dn,

const char *newrdn, const char *newparent, int deleteoldrdn,

LDAPControl **serverctrls, LDAPControl **clientctrls);

int LDAP_CALL ldap_compare_ext(LDAP *ld, const char *dn,

const char *attr, const struct berval *bvalue,

LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);

int LDAP_CALL ldap_compare_ext_s(LDAP *ld, const char *dn,

const char *attr, const struct berval *bvalue,

LDAPControl **serverctrls, LDAPControl **clientctrls);

int LDAP_CALL ldap_delete_ext(LDAP *ld, const char *dn,

LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);

int LDAP_CALL ldap_delete_ext_s(LDAP *ld, const char *dn,

LDAPControl **serverctrls, LDAPControl **clientctrls);

int LDAP_CALL ldap_search_ext(LDAP *ld, const char *base,

int scope, const char *filter, char **attrs, int attrsonly,

LDAPControl **serverctrls, LDAPControl **clientctrls,

struct timeval *timeoutp, int sizelimit, int *msgidp);

int LDAP_CALL ldap_search_ext_s(LDAP *ld, const char *base,

int scope, const

Saved diffs

Original text

Open file

/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 * 
 * Copyright 1998-2015 The OpenLDAP Foundation.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* Portions Copyright (c) 1990 Regents of the University of Michigan.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that this notice is preserved and that due credit is given
 * to the University of Michigan at Ann Arbor. The name of the University
 * may not be used to endorse or promote products derived from this
 * software without specific prior written permission. This software
 * is provided ``as is'' without express or implied warranty.
 */

#ifndef _LDAP_H
#define _LDAP_H

/* pull in lber */
#include <lber.h>

/* include version and API feature defines */
#include <ldap_features.h>

LDAP_BEGIN_DECL

#define LDAP_VERSION1	1
#define LDAP_VERSION2	2
#define LDAP_VERSION3	3

#define LDAP_VERSION_MIN	LDAP_VERSION2
#define	LDAP_VERSION		LDAP_VERSION2
#define LDAP_VERSION_MAX	LDAP_VERSION3

/*
 * We use 3000+n here because it is above 1823 (for RFC 1823),
 * above 2000+rev of IETF LDAPEXT draft (now quite dated),
 * yet below allocations for new RFCs (just in case there is
 * someday an RFC produced).
 */
#define LDAP_API_VERSION	3001
#define LDAP_VENDOR_NAME	"OpenLDAP"

/* OpenLDAP API Features */
#define LDAP_API_FEATURE_X_OPENLDAP LDAP_VENDOR_VERSION

#if defined( LDAP_API_FEATURE_X_OPENLDAP_REENTRANT ) || \
	( defined( LDAP_THREAD_SAFE ) && \
		defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )
	/* -lldap may or may not be thread safe */
	/* -lldap_r, if available, is always thread safe */
#	define	LDAP_API_FEATURE_THREAD_SAFE 		1
#	define  LDAP_API_FEATURE_SESSION_THREAD_SAFE	1
#	define  LDAP_API_FEATURE_OPERATION_THREAD_SAFE	1
#endif
#if defined( LDAP_THREAD_SAFE ) && \
	defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )
/* #define LDAP_API_FEATURE_SESSION_SAFE	1	*/
/* #define LDAP_API_OPERATION_SESSION_SAFE	1	*/
#endif


#define LDAP_PORT		389		/* ldap:///		default LDAP port */
#define LDAPS_PORT		636		/* ldaps:///	default LDAP over TLS port */

#define LDAP_ROOT_DSE				""
#define LDAP_NO_ATTRS				"1.1"
#define LDAP_ALL_USER_ATTRIBUTES	"*"
#define LDAP_ALL_OPERATIONAL_ATTRIBUTES	"+" /* RFC 3673 */

/* RFC 4511:  maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- */
#define LDAP_MAXINT (2147483647)

/*
 * LDAP_OPTions
 *	0x0000 - 0x0fff reserved for api options
 *	0x1000 - 0x3fff reserved for api extended options
 *	0x4000 - 0x7fff reserved for private and experimental options
 */

#define LDAP_OPT_API_INFO			0x0000
#define LDAP_OPT_DESC				0x0001 /* historic */
#define LDAP_OPT_DEREF				0x0002
#define LDAP_OPT_SIZELIMIT			0x0003
#define LDAP_OPT_TIMELIMIT			0x0004
/* 0x05 - 0x07 not defined */
#define LDAP_OPT_REFERRALS			0x0008
#define LDAP_OPT_RESTART			0x0009
/* 0x0a - 0x10 not defined */
#define LDAP_OPT_PROTOCOL_VERSION		0x0011
#define LDAP_OPT_SERVER_CONTROLS		0x0012
#define LDAP_OPT_CLIENT_CONTROLS		0x0013
/* 0x14 not defined */
#define LDAP_OPT_API_FEATURE_INFO		0x0015
/* 0x16 - 0x2f not defined */
#define LDAP_OPT_HOST_NAME			0x0030
#define LDAP_OPT_RESULT_CODE			0x0031
#define LDAP_OPT_ERROR_NUMBER			LDAP_OPT_RESULT_CODE
#define LDAP_OPT_DIAGNOSTIC_MESSAGE		0x0032
#define LDAP_OPT_ERROR_STRING			LDAP_OPT_DIAGNOSTIC_MESSAGE
#define LDAP_OPT_MATCHED_DN			0x0033
/* 0x0034 - 0x3fff not defined */
/* 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT */
#define LDAP_OPT_SSPI_FLAGS			0x0092
/* 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO */
/* 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG */
#define LDAP_OPT_SIGN				0x0095
#define LDAP_OPT_ENCRYPT			0x0096
#define LDAP_OPT_SASL_METHOD			0x0097
/* 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE */
#define LDAP_OPT_SECURITY_CONTEXT		0x0099
/* 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE */
/* 0x009B - 0x3fff not defined */

/* API Extensions */
#define LDAP_OPT_API_EXTENSION_BASE 0x4000  /* API extensions */

/* private and experimental options */
/* OpenLDAP specific options */
#define LDAP_OPT_DEBUG_LEVEL		0x5001	/* debug level */
#define LDAP_OPT_TIMEOUT			0x5002	/* default timeout */
#define LDAP_OPT_REFHOPLIMIT		0x5003	/* ref hop limit */
#define LDAP_OPT_NETWORK_TIMEOUT	0x5005	/* socket level timeout */
#define LDAP_OPT_URI				0x5006
#define LDAP_OPT_REFERRAL_URLS      0x5007  /* Referral URLs */
#define LDAP_OPT_SOCKBUF            0x5008  /* sockbuf */
#define LDAP_OPT_DEFBASE		0x5009	/* searchbase */
#define	LDAP_OPT_CONNECT_ASYNC		0x5010	/* create connections asynchronously */
#define	LDAP_OPT_CONNECT_CB			0x5011	/* connection callbacks */
#define	LDAP_OPT_SESSION_REFCNT		0x5012	/* session reference count */

/* OpenLDAP TLS options */
#define LDAP_OPT_X_TLS				0x6000
#define LDAP_OPT_X_TLS_CTX			0x6001	/* OpenSSL CTX* */
#define LDAP_OPT_X_TLS_CACERTFILE	0x6002
#define LDAP_OPT_X_TLS_CACERTDIR	0x6003
#define LDAP_OPT_X_TLS_CERTFILE		0x6004
#define LDAP_OPT_X_TLS_KEYFILE		0x6005
#define LDAP_OPT_X_TLS_REQUIRE_CERT	0x6006
#define LDAP_OPT_X_TLS_PROTOCOL_MIN	0x6007
#define LDAP_OPT_X_TLS_CIPHER_SUITE	0x6008
#define LDAP_OPT_X_TLS_RANDOM_FILE	0x6009
#define LDAP_OPT_X_TLS_SSL_CTX		0x600a	/* OpenSSL SSL* */
#define LDAP_OPT_X_TLS_CRLCHECK		0x600b
#define LDAP_OPT_X_TLS_CONNECT_CB	0x600c
#define LDAP_OPT_X_TLS_CONNECT_ARG	0x600d
#define LDAP_OPT_X_TLS_DHFILE		0x600e
#define LDAP_OPT_X_TLS_NEWCTX		0x600f
#define LDAP_OPT_X_TLS_CRLFILE		0x6010	/* GNUtls only */
#define LDAP_OPT_X_TLS_PACKAGE		0x6011

#define LDAP_OPT_X_TLS_NEVER	0
#define LDAP_OPT_X_TLS_HARD		1
#define LDAP_OPT_X_TLS_DEMAND	2
#define LDAP_OPT_X_TLS_ALLOW	3
#define LDAP_OPT_X_TLS_TRY		4

#define LDAP_OPT_X_TLS_CRL_NONE	0
#define LDAP_OPT_X_TLS_CRL_PEER	1
#define LDAP_OPT_X_TLS_CRL_ALL	2

/* for LDAP_OPT_X_TLS_PROTOCOL_MIN */
#define LDAP_OPT_X_TLS_PROTOCOL(maj,min)	(((maj) << 8) + (min))
#define LDAP_OPT_X_TLS_PROTOCOL_SSL2		(2 << 8)
#define LDAP_OPT_X_TLS_PROTOCOL_SSL3		(3 << 8)
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0		((3 << 8) + 1)
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1		((3 << 8) + 2)
#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2		((3 << 8) + 3)

/* OpenLDAP SASL options */
#define LDAP_OPT_X_SASL_MECH			0x6100
#define LDAP_OPT_X_SASL_REALM			0x6101
#define LDAP_OPT_X_SASL_AUTHCID			0x6102
#define LDAP_OPT_X_SASL_AUTHZID			0x6103
#define LDAP_OPT_X_SASL_SSF				0x6104 /* read-only */
#define LDAP_OPT_X_SASL_SSF_EXTERNAL	0x6105 /* write-only */
#define LDAP_OPT_X_SASL_SECPROPS		0x6106 /* write-only */
#define LDAP_OPT_X_SASL_SSF_MIN			0x6107
#define LDAP_OPT_X_SASL_SSF_MAX			0x6108
#define LDAP_OPT_X_SASL_MAXBUFSIZE		0x6109
#define LDAP_OPT_X_SASL_MECHLIST		0x610a /* read-only */
#define LDAP_OPT_X_SASL_NOCANON			0x610b
#define LDAP_OPT_X_SASL_USERNAME		0x610c /* read-only */
#define LDAP_OPT_X_SASL_GSS_CREDS		0x610d

/* OpenLDAP GSSAPI options */
#define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200
#define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL   0x6201

/*
 * OpenLDAP per connection tcp-keepalive settings
 * (Linux only, ignored where unsupported)
 */
#define LDAP_OPT_X_KEEPALIVE_IDLE		0x6300
#define LDAP_OPT_X_KEEPALIVE_PROBES		0x6301
#define LDAP_OPT_X_KEEPALIVE_INTERVAL	0x6302

/* Private API Extensions -- reserved for application use */
#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000  /* Private API inclusive */

/*
 * ldap_get_option() and ldap_set_option() return values.
 * As later versions may return other values indicating
 * failure, current applications should only compare returned
 * value against LDAP_OPT_SUCCESS.
 */
#define LDAP_OPT_SUCCESS	0
#define	LDAP_OPT_ERROR		(-1)

/* option on/off values */
#define LDAP_OPT_ON		((void *) &ber_pvt_opt_on)
#define LDAP_OPT_OFF	((void *) 0)

typedef struct ldapapiinfo {
	int		ldapai_info_version;		/* version of LDAPAPIInfo */
#define LDAP_API_INFO_VERSION	(1)
	int		ldapai_api_version;			/* revision of API supported */
	int		ldapai_protocol_version;	/* highest LDAP version supported */
	char	**ldapai_extensions;		/* names of API extensions */
	char	*ldapai_vendor_name;		/* name of supplier */
	int		ldapai_vendor_version;		/* supplier-specific version * 100 */
} LDAPAPIInfo;

typedef struct ldap_apifeature_info {
	int		ldapaif_info_version;		/* version of LDAPAPIFeatureInfo */
#define LDAP_FEATURE_INFO_VERSION (1)	/* apifeature_info struct version */
	char*	ldapaif_name;				/* LDAP_API_FEATURE_* (less prefix) */
	int		ldapaif_version;			/* value of LDAP_API_FEATURE_... */
} LDAPAPIFeatureInfo;

/*
 * LDAP Control structure
 */
typedef struct ldapcontrol {
	char *			ldctl_oid;			/* numericoid of control */
	struct berval	ldctl_value;		/* encoded value of control */
	char			ldctl_iscritical;	/* criticality */
} LDAPControl;

/* LDAP Controls */
/*	standard track controls */
#define LDAP_CONTROL_MANAGEDSAIT	"2.16.840.1.113730.3.4.2"  /* RFC 3296 */
#define LDAP_CONTROL_PROXY_AUTHZ	"2.16.840.1.113730.3.4.18" /* RFC 4370 */
#define LDAP_CONTROL_SUBENTRIES		"1.3.6.1.4.1.4203.1.10.1"  /* RFC 3672 */

#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3"/* RFC 3876 */

#define LDAP_CONTROL_ASSERT				"1.3.6.1.1.12"			/* RFC 4528 */
#define LDAP_CONTROL_PRE_READ			"1.3.6.1.1.13.1"		/* RFC 4527 */
#define LDAP_CONTROL_POST_READ			"1.3.6.1.1.13.2"		/* RFC 4527 */

#define LDAP_CONTROL_SORTREQUEST    "1.2.840.113556.1.4.473" /* RFC 2891 */
#define LDAP_CONTROL_SORTRESPONSE	"1.2.840.113556.1.4.474" /* RFC 2891 */

/*	non-standard track controls */
#define LDAP_CONTROL_PAGEDRESULTS	"1.2.840.113556.1.4.319"   /* RFC 2696 */

/* LDAP Content Synchronization Operation -- RFC 4533 */
#define LDAP_SYNC_OID			"1.3.6.1.4.1.4203.1.9.1"
#define LDAP_CONTROL_SYNC		LDAP_SYNC_OID ".1"
#define LDAP_CONTROL_SYNC_STATE	LDAP_SYNC_OID ".2"
#define LDAP_CONTROL_SYNC_DONE	LDAP_SYNC_OID ".3"
#define LDAP_SYNC_INFO			LDAP_SYNC_OID ".4"

#define LDAP_SYNC_NONE					0x00
#define LDAP_SYNC_REFRESH_ONLY			0x01
#define LDAP_SYNC_RESERVED				0x02
#define LDAP_SYNC_REFRESH_AND_PERSIST	0x03

#define LDAP_SYNC_REFRESH_PRESENTS		0
#define LDAP_SYNC_REFRESH_DELETES		1

#define LDAP_TAG_SYNC_NEW_COOKIE		((ber_tag_t) 0x80U)
#define LDAP_TAG_SYNC_REFRESH_DELETE	((ber_tag_t) 0xa1U)
#define LDAP_TAG_SYNC_REFRESH_PRESENT	((ber_tag_t) 0xa2U)
#define	LDAP_TAG_SYNC_ID_SET			((ber_tag_t) 0xa3U)

#define LDAP_TAG_SYNC_COOKIE			((ber_tag_t) 0x04U)
#define LDAP_TAG_REFRESHDELETES			((ber_tag_t) 0x01U)
#define LDAP_TAG_REFRESHDONE			((ber_tag_t) 0x01U)
#define LDAP_TAG_RELOAD_HINT			((ber_tag_t) 0x01U)

#define LDAP_SYNC_PRESENT				0
#define LDAP_SYNC_ADD					1
#define LDAP_SYNC_MODIFY				2
#define LDAP_SYNC_DELETE				3
#define LDAP_SYNC_NEW_COOKIE			4

/* LDAP Don't Use Copy Control (RFC 6171) */
#define LDAP_CONTROL_DONTUSECOPY		"1.3.6.1.1.22"

/* Password policy Controls *//* work in progress */
/* ITS#3458: released; disabled by default */
#define LDAP_CONTROL_PASSWORDPOLICYREQUEST	"1.3.6.1.4.1.42.2.27.8.5.1"
#define LDAP_CONTROL_PASSWORDPOLICYRESPONSE	"1.3.6.1.4.1.42.2.27.8.5.1"

/* various works in progress */
#define LDAP_CONTROL_NOOP				"1.3.6.1.4.1.4203.666.5.2"
#define LDAP_CONTROL_NO_SUBORDINATES	"1.3.6.1.4.1.4203.666.5.11"
#define LDAP_CONTROL_RELAX				"1.3.6.1.4.1.4203.666.5.12"
#define LDAP_CONTROL_MANAGEDIT			LDAP_CONTROL_RELAX
#define LDAP_CONTROL_SLURP				"1.3.6.1.4.1.4203.666.5.13"
#define LDAP_CONTROL_VALSORT			"1.3.6.1.4.1.4203.666.5.14"
#define	LDAP_CONTROL_X_DEREF			"1.3.6.1.4.1.4203.666.5.16"
#define	LDAP_CONTROL_X_WHATFAILED		"1.3.6.1.4.1.4203.666.5.17"

/* LDAP Chaining Behavior Control *//* work in progress */
/* <draft-sermersheim-ldap-chaining>;
 * see also LDAP_NO_REFERRALS_FOUND, LDAP_CANNOT_CHAIN */
#define LDAP_CONTROL_X_CHAINING_BEHAVIOR	"1.3.6.1.4.1.4203.666.11.3"

#define	LDAP_CHAINING_PREFERRED				0
#define	LDAP_CHAINING_REQUIRED				1
#define LDAP_REFERRALS_PREFERRED			2
#define LDAP_REFERRALS_REQUIRED				3

/* MS Active Directory controls (for compatibility) */
#define LDAP_CONTROL_X_INCREMENTAL_VALUES	"1.2.840.113556.1.4.802"
#define LDAP_CONTROL_X_DOMAIN_SCOPE			"1.2.840.113556.1.4.1339"
#define LDAP_CONTROL_X_PERMISSIVE_MODIFY	"1.2.840.113556.1.4.1413"
#define LDAP_CONTROL_X_SEARCH_OPTIONS		"1.2.840.113556.1.4.1340"
#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
#define LDAP_CONTROL_X_TREE_DELETE		"1.2.840.113556.1.4.805"

/* MS Active Directory controls - not implemented in slapd(8) */
#define LDAP_CONTROL_X_EXTENDED_DN		"1.2.840.113556.1.4.529"

/* <draft-wahl-ldap-session> */
#define LDAP_CONTROL_X_SESSION_TRACKING		"1.3.6.1.4.1.21008.108.63.1"
#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \
						LDAP_CONTROL_X_SESSION_TRACKING ".1"
#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_MULTI_SESSION_ID \
						LDAP_CONTROL_X_SESSION_TRACKING ".2"
#define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \
						LDAP_CONTROL_X_SESSION_TRACKING ".3"
/* various expired works */

/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
#define LDAP_CONTROL_DUPENT_REQUEST		"2.16.840.1.113719.1.27.101.1"
#define LDAP_CONTROL_DUPENT_RESPONSE	"2.16.840.1.113719.1.27.101.2"
#define LDAP_CONTROL_DUPENT_ENTRY		"2.16.840.1.113719.1.27.101.3"
#define LDAP_CONTROL_DUPENT	LDAP_CONTROL_DUPENT_REQUEST

/* LDAP Persistent Search Control *//* not implemented in slapd(8) */
#define LDAP_CONTROL_PERSIST_REQUEST				"2.16.840.1.113730.3.4.3"
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE	"2.16.840.1.113730.3.4.7"
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_ADD		0x1
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_DELETE	0x2
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_MODIFY	0x4
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_RENAME	0x8

/* LDAP VLV */
#define LDAP_CONTROL_VLVREQUEST    	"2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE    "2.16.840.1.113730.3.4.10"

/* LDAP Unsolicited Notifications */
#define	LDAP_NOTICE_OF_DISCONNECTION	"1.3.6.1.4.1.1466.20036" /* RFC 4511 */
#define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION

/* LDAP Extended Operations */
#define LDAP_EXOP_START_TLS		"1.3.6.1.4.1.1466.20037"	/* RFC 4511 */

#define LDAP_EXOP_MODIFY_PASSWD	"1.3.6.1.4.1.4203.1.11.1"	/* RFC 3062 */
#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID	((ber_tag_t) 0x80U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD	((ber_tag_t) 0x81U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW	((ber_tag_t) 0x82U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN	((ber_tag_t) 0x80U)

#define LDAP_EXOP_CANCEL		"1.3.6.1.1.8"					/* RFC 3909 */
#define LDAP_EXOP_X_CANCEL		LDAP_EXOP_CANCEL

#define	LDAP_EXOP_REFRESH		"1.3.6.1.4.1.1466.101.119.1"	/* RFC 2589 */
#define	LDAP_TAG_EXOP_REFRESH_REQ_DN	((ber_tag_t) 0x80U)
#define	LDAP_TAG_EXOP_REFRESH_REQ_TTL	((ber_tag_t) 0x81U)
#define	LDAP_TAG_EXOP_REFRESH_RES_TTL	((ber_tag_t) 0x81U)

#define LDAP_EXOP_WHO_AM_I		"1.3.6.1.4.1.4203.1.11.3"		/* RFC 4532 */
#define LDAP_EXOP_X_WHO_AM_I	LDAP_EXOP_WHO_AM_I

/* various works in progress */
#define LDAP_EXOP_TURN		"1.3.6.1.1.19"				/* RFC 4531 */
#define LDAP_EXOP_X_TURN	LDAP_EXOP_TURN

/* LDAP Distributed Procedures <draft-sermersheim-ldap-distproc> */
/* a work in progress */
#define LDAP_X_DISTPROC_BASE		"1.3.6.1.4.1.4203.666.11.6"
#define LDAP_EXOP_X_CHAINEDREQUEST	LDAP_X_DISTPROC_BASE ".1"
#define LDAP_FEATURE_X_CANCHAINOPS	LDAP_X_DISTPROC_BASE ".2"
#define LDAP_CONTROL_X_RETURNCONTREF	LDAP_X_DISTPROC_BASE ".3"
#define LDAP_URLEXT_X_LOCALREFOID	LDAP_X_DISTPROC_BASE ".4"
#define LDAP_URLEXT_X_REFTYPEOID	LDAP_X_DISTPROC_BASE ".5"
#define LDAP_URLEXT_X_SEARCHEDSUBTREEOID \
					LDAP_X_DISTPROC_BASE ".6"
#define LDAP_URLEXT_X_FAILEDNAMEOID	LDAP_X_DISTPROC_BASE ".7"
#define LDAP_URLEXT_X_LOCALREF		"x-localReference"
#define LDAP_URLEXT_X_REFTYPE		"x-referenceType"
#define LDAP_URLEXT_X_SEARCHEDSUBTREE	"x-searchedSubtree"
#define LDAP_URLEXT_X_FAILEDNAME	"x-failedName"

#ifdef LDAP_DEVEL
#define LDAP_X_TXN						"1.3.6.1.4.1.4203.666.11.7" /* tmp */
#define LDAP_EXOP_X_TXN_START			LDAP_X_TXN ".1"
#define LDAP_CONTROL_X_TXN_SPEC			LDAP_X_TXN ".2"
#define LDAP_EXOP_X_TXN_END				LDAP_X_TXN ".3"
#define LDAP_EXOP_X_TXN_ABORTED_NOTICE	LDAP_X_TXN ".4"
#endif

/* LDAP Features */
#define LDAP_FEATURE_ALL_OP_ATTRS	"1.3.6.1.4.1.4203.1.5.1"	/* RFC 3673 */
#define LDAP_FEATURE_OBJECTCLASS_ATTRS \
	"1.3.6.1.4.1.4203.1.5.2" /*  @objectClass - new number to be assigned */
#define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3"  /* (&) (|) */
#define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"
#define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"
#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.1.14"

/* LDAP Experimental (works in progress) Features */
#define LDAP_FEATURE_SUBORDINATE_SCOPE \
	"1.3.6.1.4.1.4203.666.8.1" /* "children" */
#define LDAP_FEATURE_CHILDREN_SCOPE LDAP_FEATURE_SUBORDINATE_SCOPE

/*
 * specific LDAP instantiations of BER types we know about
 */

/* Overview of LBER tag construction
 *
 *	Bits
 *	______
 *	8 7 | CLASS
 *	0 0 = UNIVERSAL
 *	0 1 = APPLICATION
 *	1 0 = CONTEXT-SPECIFIC
 *	1 1 = PRIVATE
 *		_____
 *		| 6 | DATA-TYPE
 *		  0 = PRIMITIVE
 *		  1 = CONSTRUCTED
 *			___________
 *			| 5 ... 1 | TAG-NUMBER
 */

/* general stuff */
#define LDAP_TAG_MESSAGE	((ber_tag_t) 0x30U)	/* constructed + 16 */
#define LDAP_TAG_MSGID		((ber_tag_t) 0x02U)	/* integer */

#define LDAP_TAG_LDAPDN		((ber_tag_t) 0x04U)	/* octet string */
#define LDAP_TAG_LDAPCRED	((ber_tag_t) 0x04U)	/* octet string */

#define LDAP_TAG_CONTROLS	((ber_tag_t) 0xa0U)	/* context specific + constructed + 0 */
#define LDAP_TAG_REFERRAL	((ber_tag_t) 0xa3U)	/* context specific + constructed + 3 */

#define LDAP_TAG_NEWSUPERIOR	((ber_tag_t) 0x80U)	/* context-specific + primitive + 0 */

#define LDAP_TAG_EXOP_REQ_OID   ((ber_tag_t) 0x80U)	/* context specific + primitive */
#define LDAP_TAG_EXOP_REQ_VALUE ((ber_tag_t) 0x81U)	/* context specific + primitive */
#define LDAP_TAG_EXOP_RES_OID   ((ber_tag_t) 0x8aU)	/* context specific + primitive */
#define LDAP_TAG_EXOP_RES_VALUE ((ber_tag_t) 0x8bU)	/* context specific + primitive */

#define LDAP_TAG_IM_RES_OID   ((ber_tag_t) 0x80U)	/* context specific + primitive */
#define LDAP_TAG_IM_RES_VALUE ((ber_tag_t) 0x81U)	/* context specific + primitive */

#define LDAP_TAG_SASL_RES_CREDS	((ber_tag_t) 0x87U)	/* context specific + primitive */

/* LDAP Request Messages */
#define LDAP_REQ_BIND		((ber_tag_t) 0x60U)	/* application + constructed */
#define LDAP_REQ_UNBIND		((ber_tag_t) 0x42U)	/* application + primitive   */
#define LDAP_REQ_SEARCH		((ber_tag_t) 0x63U)	/* application + constructed */
#define LDAP_REQ_MODIFY		((ber_tag_t) 0x66U)	/* application + constructed */
#define LDAP_REQ_ADD		((ber_tag_t) 0x68U)	/* application + constructed */
#define LDAP_REQ_DELETE		((ber_tag_t) 0x4aU)	/* application + primitive   */
#define LDAP_REQ_MODDN		((ber_tag_t) 0x6cU)	/* application + constructed */
#define LDAP_REQ_MODRDN		LDAP_REQ_MODDN
#define LDAP_REQ_RENAME		LDAP_REQ_MODDN
#define LDAP_REQ_COMPARE	((ber_tag_t) 0x6eU)	/* application + constructed */
#define LDAP_REQ_ABANDON	((ber_tag_t) 0x50U)	/* application + primitive   */
#define LDAP_REQ_EXTENDED	((ber_tag_t) 0x77U)	/* application + constructed */

/* LDAP Response Messages */
#define LDAP_RES_BIND		((ber_tag_t) 0x61U)	/* application + constructed */
#define LDAP_RES_SEARCH_ENTRY	((ber_tag_t) 0x64U)	/* application + constructed */
#define LDAP_RES_SEARCH_REFERENCE	((ber_tag_t) 0x73U)	/* V3: application + constructed */
#define LDAP_RES_SEARCH_RESULT	((ber_tag_t) 0x65U)	/* application + constructed */
#define LDAP_RES_MODIFY		((ber_tag_t) 0x67U)	/* application + constructed */
#define LDAP_RES_ADD		((ber_tag_t) 0x69U)	/* application + constructed */
#define LDAP_RES_DELETE		((ber_tag_t) 0x6bU)	/* application + constructed */
#define LDAP_RES_MODDN		((ber_tag_t) 0x6dU)	/* application + constructed */
#define LDAP_RES_MODRDN		LDAP_RES_MODDN	/* application + constructed */
#define LDAP_RES_RENAME		LDAP_RES_MODDN	/* application + constructed */
#define LDAP_RES_COMPARE	((ber_tag_t) 0x6fU)	/* application + constructed */
#define LDAP_RES_EXTENDED	((ber_tag_t) 0x78U)	/* V3: application + constructed */
#define LDAP_RES_INTERMEDIATE	((ber_tag_t) 0x79U) /* V3+: application + constructed */

#define LDAP_RES_ANY			(-1)
#define LDAP_RES_UNSOLICITED	(0)


/* sasl methods */
#define LDAP_SASL_SIMPLE	((char*)0)
#define LDAP_SASL_NULL		("")


/* authentication methods available */
#define LDAP_AUTH_NONE   ((ber_tag_t) 0x00U) /* no authentication */
#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
#define LDAP_AUTH_SASL   ((ber_tag_t) 0xa3U) /* context specific + constructed */
#define LDAP_AUTH_KRBV4  ((ber_tag_t) 0xffU) /* means do both of the following */
#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */

/* used by the Windows API but not used on the wire */
#define LDAP_AUTH_NEGOTIATE ((ber_tag_t) 0x04FFU)

/* filter types */
#define LDAP_FILTER_AND	((ber_tag_t) 0xa0U)	/* context specific + constructed */
#define LDAP_FILTER_OR	((ber_tag_t) 0xa1U)	/* context specific + constructed */
#define LDAP_FILTER_NOT	((ber_tag_t) 0xa2U)	/* context specific + constructed */
#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */
#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */
#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */
#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */
#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive   */
#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U)	/* context specific + constructed */
#define LDAP_FILTER_EXT	((ber_tag_t) 0xa9U)	/* context specific + constructed */

/* extended filter component types */
#define LDAP_FILTER_EXT_OID		((ber_tag_t) 0x81U)	/* context specific */
#define LDAP_FILTER_EXT_TYPE	((ber_tag_t) 0x82U)	/* context specific */
#define LDAP_FILTER_EXT_VALUE	((ber_tag_t) 0x83U)	/* context specific */
#define LDAP_FILTER_EXT_DNATTRS	((ber_tag_t) 0x84U)	/* context specific */

/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL	((ber_tag_t) 0x80U)	/* context specific */
#define LDAP_SUBSTRING_ANY		((ber_tag_t) 0x81U)	/* context specific */
#define LDAP_SUBSTRING_FINAL	((ber_tag_t) 0x82U)	/* context specific */

/* search scopes */
#define LDAP_SCOPE_BASE			((ber_int_t) 0x0000)
#define LDAP_SCOPE_BASEOBJECT	LDAP_SCOPE_BASE
#define LDAP_SCOPE_ONELEVEL		((ber_int_t) 0x0001)
#define LDAP_SCOPE_ONE			LDAP_SCOPE_ONELEVEL
#define LDAP_SCOPE_SUBTREE		((ber_int_t) 0x0002)
#define LDAP_SCOPE_SUB			LDAP_SCOPE_SUBTREE
#define LDAP_SCOPE_SUBORDINATE	((ber_int_t) 0x0003) /* OpenLDAP extension */
#define LDAP_SCOPE_CHILDREN		LDAP_SCOPE_SUBORDINATE
#define LDAP_SCOPE_DEFAULT		((ber_int_t) -1)	 /* OpenLDAP extension */

/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL	((ber_tag_t) 0x80U)	/* context specific */
#define LDAP_SUBSTRING_ANY		((ber_tag_t) 0x81U)	/* context specific */
#define LDAP_SUBSTRING_FINAL	((ber_tag_t) 0x82U)	/* context specific */

/*
 * LDAP Result Codes
 */
#define LDAP_SUCCESS				0x00

#define LDAP_RANGE(n,x,y)	(((x) <= (n)) && ((n) <= (y)))

#define LDAP_OPERATIONS_ERROR		0x01
#define LDAP_PROTOCOL_ERROR			0x02
#define LDAP_TIMELIMIT_EXCEEDED		0x03
#define LDAP_SIZELIMIT_EXCEEDED		0x04
#define LDAP_COMPARE_FALSE			0x05
#define LDAP_COMPARE_TRUE			0x06
#define LDAP_AUTH_METHOD_NOT_SUPPORTED	0x07
#define LDAP_STRONG_AUTH_NOT_SUPPORTED	LDAP_AUTH_METHOD_NOT_SUPPORTED
#define LDAP_STRONG_AUTH_REQUIRED	0x08
#define LDAP_STRONGER_AUTH_REQUIRED	LDAP_STRONG_AUTH_REQUIRED
#define LDAP_PARTIAL_RESULTS		0x09	/* LDAPv2+ (not LDAPv3) */

#define	LDAP_REFERRAL				0x0a /* LDAPv3 */
#define LDAP_ADMINLIMIT_EXCEEDED	0x0b /* LDAPv3 */
#define	LDAP_UNAVAILABLE_CRITICAL_EXTENSION	0x0c /* LDAPv3 */
#define LDAP_CONFIDENTIALITY_REQUIRED	0x0d /* LDAPv3 */
#define	LDAP_SASL_BIND_IN_PROGRESS	0x0e /* LDAPv3 */

#define LDAP_ATTR_ERROR(n)	LDAP_RANGE((n),0x10,0x15) /* 16-21 */

#define LDAP_NO_SUCH_ATTRIBUTE		0x10
#define LDAP_UNDEFINED_TYPE			0x11
#define LDAP_INAPPROPRIATE_MATCHING	0x12
#define LDAP_CONSTRAINT_VIOLATION	0x13
#define LDAP_TYPE_OR_VALUE_EXISTS	0x14
#define LDAP_INVALID_SYNTAX			0x15

#define LDAP_NAME_ERROR(n)	LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */

#define LDAP_NO_SUCH_OBJECT			0x20
#define LDAP_ALIAS_PROBLEM			0x21
#define LDAP_INVALID_DN_SYNTAX		0x22
#define LDAP_IS_LEAF				0x23 /* not LDAPv3 */
#define LDAP_ALIAS_DEREF_PROBLEM	0x24

#define LDAP_SECURITY_ERROR(n)	LDAP_RANGE((n),0x2F,0x32) /* 47-50 */

#define LDAP_X_PROXY_AUTHZ_FAILURE	0x2F /* LDAPv3 proxy authorization */
#define LDAP_INAPPROPRIATE_AUTH		0x30
#define LDAP_INVALID_CREDENTIALS	0x31
#define LDAP_INSUFFICIENT_ACCESS	0x32

#define LDAP_SERVICE_ERROR(n)	LDAP_RANGE((n),0x33,0x36) /* 51-54 */

#define LDAP_BUSY					0x33
#define LDAP_UNAVAILABLE			0x34
#define LDAP_UNWILLING_TO_PERFORM	0x35
#define LDAP_LOOP_DETECT			0x36

#define LDAP_UPDATE_ERROR(n)	LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */

#define LDAP_NAMING_VIOLATION		0x40
#define LDAP_OBJECT_CLASS_VIOLATION	0x41
#define LDAP_NOT_ALLOWED_ON_NONLEAF	0x42
#define LDAP_NOT_ALLOWED_ON_RDN		0x43
#define LDAP_ALREADY_EXISTS			0x44
#define LDAP_NO_OBJECT_CLASS_MODS	0x45
#define LDAP_RESULTS_TOO_LARGE		0x46 /* CLDAP */
#define LDAP_AFFECTS_MULTIPLE_DSAS	0x47

#define LDAP_VLV_ERROR				0x4C

#define LDAP_OTHER					0x50

/* LCUP operation codes (113-117) - not implemented */
#define LDAP_CUP_RESOURCES_EXHAUSTED	0x71
#define LDAP_CUP_SECURITY_VIOLATION		0x72
#define LDAP_CUP_INVALID_DATA			0x73
#define LDAP_CUP_UNSUPPORTED_SCHEME		0x74
#define LDAP_CUP_RELOAD_REQUIRED		0x75

/* Cancel operation codes (118-121) */
#define LDAP_CANCELLED				0x76
#define LDAP_NO_SUCH_OPERATION		0x77
#define LDAP_TOO_LATE				0x78
#define LDAP_CANNOT_CANCEL			0x79

/* Assertion control (122) */ 
#define LDAP_ASSERTION_FAILED		0x7A

/* Proxied Authorization Denied (123) */ 
#define LDAP_PROXIED_AUTHORIZATION_DENIED		0x7B

/* Experimental result codes */
#define LDAP_E_ERROR(n)	LDAP_RANGE((n),0x1000,0x3FFF)

/* LDAP Sync (4096) */
#define LDAP_SYNC_REFRESH_REQUIRED		0x1000


/* Private Use result codes */
#define LDAP_X_ERROR(n)	LDAP_RANGE((n),0x4000,0xFFFF)

#define LDAP_X_SYNC_REFRESH_REQUIRED	0x4100 /* defunct */
#define LDAP_X_ASSERTION_FAILED			0x410f /* defunct */

/* for the LDAP No-Op control */
#define LDAP_X_NO_OPERATION				0x410e

/* for the Chaining Behavior control (consecutive result codes requested;
 * see <draft-sermersheim-ldap-chaining> ) */
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
#define	LDAP_X_NO_REFERRALS_FOUND		0x4110
#define LDAP_X_CANNOT_CHAIN			0x4111
#endif

/* for Distributed Procedures (see <draft-sermersheim-ldap-distproc>) */
#ifdef LDAP_X_DISTPROC_BASE
#define LDAP_X_INVALIDREFERENCE			0x4112
#endif

#ifdef LDAP_X_TXN
#define LDAP_X_TXN_SPECIFY_OKAY		0x4120
#define LDAP_X_TXN_ID_INVALID		0x4121
#endif

/* API Error Codes
 *
 * Based on draft-ietf-ldap-c-api-xx
 * but with new negative code values
 */
#define LDAP_API_ERROR(n)		((n)<0)
#define LDAP_API_RESULT(n)		((n)<=0)

#define LDAP_SERVER_DOWN				(-1)
#define LDAP_LOCAL_ERROR				(-2)
#define LDAP_ENCODING_ERROR				(-3)
#define LDAP_DECODING_ERROR				(-4)
#define LDAP_TIMEOUT					(-5)
#define LDAP_AUTH_UNKNOWN				(-6)
#define LDAP_FILTER_ERROR				(-7)
#define LDAP_USER_CANCELLED				(-8)
#define LDAP_PARAM_ERROR				(-9)
#define LDAP_NO_MEMORY					(-10)
#define LDAP_CONNECT_ERROR				(-11)
#define LDAP_NOT_SUPPORTED				(-12)
#define LDAP_CONTROL_NOT_FOUND			(-13)
#define LDAP_NO_RESULTS_RETURNED		(-14)
#define LDAP_MORE_RESULTS_TO_RETURN		(-15)	/* Obsolete */
#define LDAP_CLIENT_LOOP				(-16)
#define LDAP_REFERRAL_LIMIT_EXCEEDED	(-17)
#define	LDAP_X_CONNECTING			(-18)


/*
 * This structure represents both ldap messages and ldap responses.
 * These are really the same, except in the case of search responses,
 * where a response has multiple messages.
 */

typedef struct ldapmsg LDAPMessage;

/* for modifications */
typedef struct ldapmod {
	int		mod_op;

#define LDAP_MOD_OP			(0x0007)
#define LDAP_MOD_ADD		(0x0000)
#define LDAP_MOD_DELETE		(0x0001)
#define LDAP_MOD_REPLACE	(0x0002)
#define LDAP_MOD_INCREMENT	(0x0003) /* OpenLDAP extension */
#define LDAP_MOD_BVALUES	(0x0080)
/* IMPORTANT: do not use code 0x1000 (or above),
 * it is used internally by the backends!
 * (see ldap/servers/slapd/slap.h)
 */

	char		*mod_type;
	union mod_vals_u {
		char		**modv_strvals;
		struct berval	**modv_bvals;
	} mod_vals;
#define mod_values	mod_vals.modv_strvals
#define mod_bvalues	mod_vals.modv_bvals
} LDAPMod;

/*
 * structure representing an ldap session which can
 * encompass connections to multiple servers (in the
 * face of referrals).
 */
typedef struct ldap LDAP;

#define LDAP_DEREF_NEVER		0x00
#define LDAP_DEREF_SEARCHING	0x01
#define LDAP_DEREF_FINDING		0x02
#define LDAP_DEREF_ALWAYS		0x03

#define LDAP_NO_LIMIT			0

/* how many messages to retrieve results for */
#define LDAP_MSG_ONE			0x00
#define LDAP_MSG_ALL			0x01
#define LDAP_MSG_RECEIVED		0x02

/*
 * types for ldap URL handling
 */
typedef struct ldap_url_desc {
	struct ldap_url_desc *lud_next;
	char	*lud_scheme;
	char	*lud_host;
	int		lud_port;
	char	*lud_dn;
	char	**lud_attrs;
	int		lud_scope;
	char	*lud_filter;
	char	**lud_exts;
	int		lud_crit_exts;
} LDAPURLDesc;

#define LDAP_URL_SUCCESS		0x00	/* Success */
#define LDAP_URL_ERR_MEM		0x01	/* can't allocate memory space */
#define LDAP_URL_ERR_PARAM		0x02	/* parameter is bad */

#define LDAP_URL_ERR_BADSCHEME	0x03	/* URL doesn't begin with "ldap[si]://" */
#define LDAP_URL_ERR_BADENCLOSURE 0x04	/* URL is missing trailing ">" */
#define LDAP_URL_ERR_BADURL		0x05	/* URL is bad */
#define LDAP_URL_ERR_BADHOST	0x06	/* host port is bad */
#define LDAP_URL_ERR_BADATTRS	0x07	/* bad (or missing) attributes */
#define LDAP_URL_ERR_BADSCOPE	0x08	/* scope string is invalid (or missing) */
#define LDAP_URL_ERR_BADFILTER	0x09	/* bad or missing filter */
#define LDAP_URL_ERR_BADEXTS	0x0a	/* bad or missing extensions */

/*
 * LDAP sync (RFC4533) API
 */

typedef struct ldap_sync_t ldap_sync_t;

typedef enum {
	/* these are private - the client should never see them */
	LDAP_SYNC_CAPI_NONE		= -1,

	LDAP_SYNC_CAPI_PHASE_FLAG	= 0x10U,
	LDAP_SYNC_CAPI_IDSET_FLAG	= 0x20U,
	LDAP_SYNC_CAPI_DONE_FLAG	= 0x40U,

	/* these are passed to ls_search_entry() */
	LDAP_SYNC_CAPI_PRESENT		= LDAP_SYNC_PRESENT,
	LDAP_SYNC_CAPI_ADD		= LDAP_SYNC_ADD,
	LDAP_SYNC_CAPI_MODIFY		= LDAP_SYNC_MODIFY,
	LDAP_SYNC_CAPI_DELETE		= LDAP_SYNC_DELETE,

	/* these are passed to ls_intermediate() */
	LDAP_SYNC_CAPI_PRESENTS		= ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_PRESENT ),
	LDAP_SYNC_CAPI_DELETES		= ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_DELETE ),

	LDAP_SYNC_CAPI_PRESENTS_IDSET	= ( LDAP_SYNC_CAPI_PRESENTS | LDAP_SYNC_CAPI_IDSET_FLAG ),
	LDAP_SYNC_CAPI_DELETES_IDSET	= ( LDAP_SYNC_CAPI_DELETES | LDAP_SYNC_CAPI_IDSET_FLAG ),

	LDAP_SYNC_CAPI_DONE		= ( LDAP_SYNC_CAPI_DONE_FLAG | LDAP_SYNC_CAPI_PRESENTS )
} ldap_sync_refresh_t;

/*
 * Called when an entry is returned by ldap_result().
 * If phase is LDAP_SYNC_CAPI_ADD or LDAP_SYNC_CAPI_MODIFY,
 * the entry has been either added or modified, and thus
 * the complete view of the entry should be in the LDAPMessage.
 * If phase is LDAP_SYNC_CAPI_PRESENT or LDAP_SYNC_CAPI_DELETE,
 * only the DN should be in the LDAPMessage.
 */
typedef int (*ldap_sync_search_entry_f) LDAP_P((
	ldap_sync_t			*ls,
	LDAPMessage			*msg,
	struct berval			*entryUUID,
	ldap_sync_refresh_t		phase ));

/*
 * Called when a reference is returned; the client should know 
 * what to do with it.
 */
typedef int (*ldap_sync_search_reference_f) LDAP_P((
	ldap_sync_t			*ls,
	LDAPMessage			*msg ));

/*
 * Called when specific intermediate/final messages are returned.
 * If phase is LDAP_SYNC_CAPI_PRESENTS or LDAP_SYNC_CAPI_DELETES,
 * a "presents" or "deletes" phase begins.
 * If phase is LDAP_SYNC_CAPI_DONE, a special "presents" phase
 * with refreshDone set to "TRUE" has been returned, to indicate
 * that the refresh phase of a refreshAndPersist is complete.
 * In the above cases, syncUUIDs is NULL.
 *
 * If phase is LDAP_SYNC_CAPI_PRESENTS_IDSET or 
 * LDAP_SYNC_CAPI_DELETES_IDSET, syncUUIDs is an array of UUIDs
 * that are either present or have been deleted.
 */
typedef int (*ldap_sync_intermediate_f) LDAP_P((
	ldap_sync_t			*ls,
	LDAPMessage			*msg,
	BerVarray			syncUUIDs,
	ldap_sync_refresh_t		phase ));

/*
 * Called when a searchResultDone is returned.  In refreshAndPersist,
 * this can only occur if the search for any reason is being terminated
 * by the server.
 */
typedef int (*ldap_sync_search_result_f) LDAP_P((
	ldap_sync_t			*ls,
	LDAPMessage			*msg,
	int				refreshDeletes ));

/*
 * This structure contains all information about the persistent search;
 * the caller is responsible for connecting, setting version, binding, tls...
 */
struct ldap_sync_t {
	/* conf search params */
	char				*ls_base;
	int				ls_scope;
	char				*ls_filter;
	char				**ls_attrs;
	int				ls_timelimit;
	int				ls_sizelimit;

	/* poll timeout */
	int				ls_timeout;

	/* helpers - add as appropriate */
	ldap_sync_search_entry_f	ls_search_entry;
	ldap_sync_search_reference_f	ls_search_reference;
	ldap_sync_intermediate_f	ls_intermediate;
	ldap_sync_search_result_f	ls_search_result;

	/* set by the caller as appropriate */
	void				*ls_private;

	/* conn stuff */
	LDAP				*ls_ld;

	/* --- the parameters below are private - do not modify --- */

	/* FIXME: make the structure opaque, and provide an interface
	 * to modify the public values? */

	/* result stuff */
	int				ls_msgid;

	/* sync stuff */
	/* needed by refreshOnly */
	int				ls_reloadHint;

	/* opaque - need to pass between sessions, updated by the API */
	struct berval			ls_cookie;

	/* state variable - do not modify */
	ldap_sync_refresh_t		ls_refreshPhase;
};

/*
 * End of LDAP sync (RFC4533) API
 */

/*
 * Connection callbacks...
 */
struct ldap_conncb;
struct sockaddr;

/* Called after a connection is established */
typedef int (ldap_conn_add_f) LDAP_P(( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, struct sockaddr *addr,
	struct ldap_conncb *ctx ));
/* Called before a connection is closed */
typedef void (ldap_conn_del_f) LDAP_P(( LDAP *ld, Sockbuf *sb, struct ldap_conncb *ctx ));

/* Callbacks are pushed on a stack. Last one pushed is first one executed. The
 * delete callback is called with a NULL Sockbuf just before freeing the LDAP handle.
 */
typedef struct ldap_conncb {
	ldap_conn_add_f *lc_add;
	ldap_conn_del_f *lc_del;
	void *lc_arg;
} ldap_conncb;

/*
 * The API draft spec says we should declare (or cause to be declared)
 * 'struct timeval'.   We don't.  See IETF LDAPext discussions.
 */
struct timeval;

/*
 * in options.c:
 */
LDAP_F( int )
ldap_get_option LDAP_P((
	LDAP *ld,
	int option,
	void *outvalue));

LDAP_F( int )
ldap_set_option LDAP_P((
	LDAP *ld,
	int option,
	LDAP_CONST void *invalue));

/* V3 REBIND Function Callback Prototype */
typedef int (LDAP_REBIND_PROC) LDAP_P((
	LDAP *ld, LDAP_CONST char *url,
	ber_tag_t request, ber_int_t msgid,
	void *params ));

LDAP_F( int )
ldap_set_rebind_proc LDAP_P((
	LDAP *ld,
	LDAP_REBIND_PROC *rebind_proc,
	void *params ));

/* V3 referral selection Function Callback Prototype */
typedef int (LDAP_NEXTREF_PROC) LDAP_P((
	LDAP *ld, char ***refsp, int *cntp,
	void *params ));

LDAP_F( int )
ldap_set_nextref_proc LDAP_P((
	LDAP *ld,
	LDAP_NEXTREF_PROC *nextref_proc,
	void *params ));

/* V3 URLLIST Function Callback Prototype */
typedef int (LDAP_URLLIST_PROC) LDAP_P((
	LDAP *ld, 
	LDAPURLDesc **urllist,
	LDAPURLDesc **url,
	void *params ));

LDAP_F( int )
ldap_set_urllist_proc LDAP_P((
	LDAP *ld,
	LDAP_URLLIST_PROC *urllist_proc,
	void *params ));

/*
 * in controls.c:
 */
#if LDAP_DEPRECATED	
LDAP_F( int )
ldap_create_control LDAP_P((	/* deprecated, use ldap_control_create */
	LDAP_CONST char *requestOID,
	BerElement *ber,
	int iscritical,
	LDAPControl **ctrlp ));

LDAP_F( LDAPControl * )
ldap_find_control LDAP_P((	/* deprecated, use ldap_control_find */
	LDAP_CONST char *oid,
	LDAPControl **ctrls ));
#endif

LDAP_F( int )
ldap_control_create LDAP_P((
	LDAP_CONST char *requestOID,
	int iscritical,
	struct berval *value,
	int dupval,
	LDAPControl **ctrlp ));

LDAP_F( LDAPControl * )
ldap_control_find LDAP_P((
	LDAP_CONST char *oid,
	LDAPControl **ctrls,
	LDAPControl ***nextctrlp ));

LDAP_F( void )
ldap_control_free LDAP_P((
	LDAPControl *ctrl ));

LDAP_F( void )
ldap_controls_free LDAP_P((
	LDAPControl **ctrls ));

LDAP_F( LDAPControl ** )
ldap_controls_dup LDAP_P((
	LDAPControl *LDAP_CONST *controls ));

LDAP_F( LDAPControl * )
ldap_control_dup LDAP_P((
	LDAP_CONST LDAPControl *c ));

/*
 * in dnssrv.c:
 */
LDAP_F( int )
ldap_domain2dn LDAP_P((
	LDAP_CONST char* domain,
	char** dn ));

LDAP_F( int )
ldap_dn2domain LDAP_P((
	LDAP_CONST char* dn,
	char** domain ));

LDAP_F( int )
ldap_domain2hostlist LDAP_P((
	LDAP_CONST char *domain,
	char** hostlist ));

/*
 * in extended.c:
 */
LDAP_F( int )
ldap_extended_operation LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*reqoid,
	struct berval	*reqdata,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_extended_operation_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*reqoid,
	struct berval	*reqdata,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	char			**retoidp,
	struct berval	**retdatap ));

LDAP_F( int )
ldap_parse_extended_result LDAP_P((
	LDAP			*ld,
	LDAPMessage		*res,
	char			**retoidp,
	struct berval	**retdatap,
	int				freeit ));

LDAP_F( int )
ldap_parse_intermediate LDAP_P((
	LDAP			*ld,
	LDAPMessage		*res,
	char			**retoidp,
	struct berval	**retdatap,
	LDAPControl		***serverctrls,
	int				freeit ));


/*
 * in abandon.c:
 */
LDAP_F( int )
ldap_abandon_ext LDAP_P((
	LDAP			*ld,
	int				msgid,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls ));

#if LDAP_DEPRECATED	
LDAP_F( int )
ldap_abandon LDAP_P((	/* deprecated, use ldap_abandon_ext */
	LDAP *ld,
	int msgid ));
#endif

/*
 * in add.c:
 */
LDAP_F( int )
ldap_add_ext LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAPMod			**attrs,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	int 			*msgidp ));

LDAP_F( int )
ldap_add_ext_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAPMod			**attrs,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_add LDAP_P((	/* deprecated, use ldap_add_ext */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAPMod **attrs ));

LDAP_F( int )
ldap_add_s LDAP_P((	/* deprecated, use ldap_add_ext_s */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAPMod **attrs ));
#endif


/*
 * in sasl.c:
 */
LDAP_F( int )
ldap_sasl_bind LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAP_CONST char	*mechanism,
	struct berval	*cred,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	int				*msgidp ));

/* Interaction flags (should be passed about in a control)
 *  Automatic (default): use defaults, prompt otherwise
 *  Interactive: prompt always
 *  Quiet: never prompt
 */
#define LDAP_SASL_AUTOMATIC		0U
#define LDAP_SASL_INTERACTIVE	1U
#define LDAP_SASL_QUIET			2U

/*
 * V3 SASL Interaction Function Callback Prototype
 *	when using Cyrus SASL, interact is pointer to sasl_interact_t
 *  should likely passed in a control (and provided controls)
 */
typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
	LDAP *ld, unsigned flags, void* defaults, void *interact ));

LDAP_F( int )
ldap_sasl_interactive_bind LDAP_P((
	LDAP *ld,
	LDAP_CONST char *dn, /* usually NULL */
	LDAP_CONST char *saslMechanism,
	LDAPControl **serverControls,
	LDAPControl **clientControls,

	/* should be client controls */
	unsigned flags,
	LDAP_SASL_INTERACT_PROC *proc,
	void *defaults,
	
	/* as obtained from ldap_result() */
	LDAPMessage *result,

	/* returned during bind processing */
	const char **rmech,
	int *msgid ));

LDAP_F( int )
ldap_sasl_interactive_bind_s LDAP_P((
	LDAP *ld,
	LDAP_CONST char *dn, /* usually NULL */
	LDAP_CONST char *saslMechanism,
	LDAPControl **serverControls,
	LDAPControl **clientControls,

	/* should be client controls */
	unsigned flags,
	LDAP_SASL_INTERACT_PROC *proc,
	void *defaults ));

LDAP_F( int )
ldap_sasl_bind_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAP_CONST char	*mechanism,
	struct berval	*cred,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	struct berval	**servercredp ));

LDAP_F( int )
ldap_parse_sasl_bind_result LDAP_P((
	LDAP			*ld,
	LDAPMessage		*res,
	struct berval	**servercredp,
	int				freeit ));

/*
 * in gssapi.c:
 */
LDAP_F( int )
ldap_gssapi_bind_s LDAP_P((
	LDAP  *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *creds));


#if LDAP_DEPRECATED
/*
 * in bind.c:
 *	(deprecated)
 */
LDAP_F( int )
ldap_bind LDAP_P((	/* deprecated, use ldap_sasl_bind */
	LDAP *ld,
	LDAP_CONST char *who,
	LDAP_CONST char *passwd,
	int authmethod ));

LDAP_F( int )
ldap_bind_s LDAP_P((	/* deprecated, use ldap_sasl_bind_s */
	LDAP *ld,
	LDAP_CONST char *who,
	LDAP_CONST char *cred,
	int authmethod ));

/*
 * in sbind.c:
 */
LDAP_F( int )
ldap_simple_bind LDAP_P(( /* deprecated, use ldap_sasl_bind */
	LDAP *ld,
	LDAP_CONST char *who,
	LDAP_CONST char *passwd ));

LDAP_F( int )
ldap_simple_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
	LDAP *ld,
	LDAP_CONST char *who,
	LDAP_CONST char *passwd ));

#endif


/*
 * in compare.c:
 */
LDAP_F( int )
ldap_compare_ext LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAP_CONST char	*attr,
	struct berval	*bvalue,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	int 			*msgidp ));

LDAP_F( int )
ldap_compare_ext_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAP_CONST char	*attr,
	struct berval	*bvalue,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_compare LDAP_P((	/* deprecated, use ldap_compare_ext */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *attr,
	LDAP_CONST char *value ));

LDAP_F( int )
ldap_compare_s LDAP_P((	/* deprecated, use ldap_compare_ext_s */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *attr,
	LDAP_CONST char *value ));
#endif


/*
 * in delete.c:
 */
LDAP_F( int )
ldap_delete_ext LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	int 			*msgidp ));

LDAP_F( int )
ldap_delete_ext_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_delete LDAP_P((	/* deprecated, use ldap_delete_ext */
	LDAP *ld,
	LDAP_CONST char *dn ));

LDAP_F( int )
ldap_delete_s LDAP_P((	/* deprecated, use ldap_delete_ext_s */
	LDAP *ld,
	LDAP_CONST char *dn ));
#endif


/*
 * in error.c:
 */
LDAP_F( int )
ldap_parse_result LDAP_P((
	LDAP			*ld,
	LDAPMessage		*res,
	int				*errcodep,
	char			**matcheddnp,
	char			**errmsgp,
	char			***referralsp,
	LDAPControl		***serverctrls,
	int				freeit ));

LDAP_F( char * )
ldap_err2string LDAP_P((
	int err ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_result2error LDAP_P((	/* deprecated, use ldap_parse_result */
	LDAP *ld,
	LDAPMessage *r,
	int freeit ));

LDAP_F( void )
ldap_perror LDAP_P((	/* deprecated, use ldap_err2string */
	LDAP *ld,
	LDAP_CONST char *s ));
#endif


/*
 * gssapi.c:
 */
LDAP_F( int )
ldap_gssapi_bind LDAP_P((
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *creds ));

LDAP_F( int )
ldap_gssapi_bind_s LDAP_P((
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *creds ));


/*
 * in modify.c:
 */
LDAP_F( int )
ldap_modify_ext LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAPMod			**mods,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	int 			*msgidp ));

LDAP_F( int )
ldap_modify_ext_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*dn,
	LDAPMod			**mods,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_modify LDAP_P((	/* deprecated, use ldap_modify_ext */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAPMod **mods ));

LDAP_F( int )
ldap_modify_s LDAP_P((	/* deprecated, use ldap_modify_ext_s */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAPMod **mods ));
#endif


/*
 * in modrdn.c:
 */
LDAP_F( int )
ldap_rename LDAP_P((
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn,
	LDAP_CONST char *newSuperior,
	int deleteoldrdn,
	LDAPControl **sctrls,
	LDAPControl **cctrls,
	int *msgidp ));

LDAP_F( int )
ldap_rename_s LDAP_P((
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn,
	LDAP_CONST char *newSuperior,
	int deleteoldrdn,
	LDAPControl **sctrls,
	LDAPControl **cctrls ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_rename2 LDAP_P((	/* deprecated, use ldap_rename */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn,
	LDAP_CONST char *newSuperior,
	int deleteoldrdn ));

LDAP_F( int )
ldap_rename2_s LDAP_P((	/* deprecated, use ldap_rename_s */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn,
	LDAP_CONST char *newSuperior,
	int deleteoldrdn ));

LDAP_F( int )
ldap_modrdn LDAP_P((	/* deprecated, use ldap_rename */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn ));

LDAP_F( int )
ldap_modrdn_s LDAP_P((	/* deprecated, use ldap_rename_s */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn ));

LDAP_F( int )
ldap_modrdn2 LDAP_P((	/* deprecated, use ldap_rename */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn,
	int deleteoldrdn ));

LDAP_F( int )
ldap_modrdn2_s LDAP_P((	/* deprecated, use ldap_rename_s */
	LDAP *ld,
	LDAP_CONST char *dn,
	LDAP_CONST char *newrdn,
	int deleteoldrdn));
#endif


/*
 * in open.c:
 */
#if LDAP_DEPRECATED
LDAP_F( LDAP * )
ldap_init LDAP_P(( /* deprecated, use ldap_create or ldap_initialize */
	LDAP_CONST char *host,
	int port ));

LDAP_F( LDAP * )
ldap_open LDAP_P((	/* deprecated, use ldap_create or ldap_initialize */
	LDAP_CONST char *host,
	int port ));
#endif

LDAP_F( int )
ldap_create LDAP_P((
	LDAP **ldp ));

LDAP_F( int )
ldap_initialize LDAP_P((
	LDAP **ldp,
	LDAP_CONST char *url ));

LDAP_F( LDAP * )
ldap_dup LDAP_P((
	LDAP *old ));

/*
 * in tls.c
 */

LDAP_F( int )
ldap_tls_inplace LDAP_P((
	LDAP *ld ));

LDAP_F( int )
ldap_start_tls LDAP_P((
	LDAP *ld,
	LDAPControl **serverctrls,
	LDAPControl **clientctrls,
	int *msgidp ));

LDAP_F( int )
ldap_install_tls LDAP_P((
	LDAP *ld ));

LDAP_F( int )
ldap_start_tls_s LDAP_P((
	LDAP *ld,
	LDAPControl **serverctrls,
	LDAPControl **clientctrls ));

/*
 * in messages.c:
 */
LDAP_F( LDAPMessage * )
ldap_first_message LDAP_P((
	LDAP *ld,
	LDAPMessage *chain ));

LDAP_F( LDAPMessage * )
ldap_next_message LDAP_P((
	LDAP *ld,
	LDAPMessage *msg ));

LDAP_F( int )
ldap_count_messages LDAP_P((
	LDAP *ld,
	LDAPMessage *chain ));

/*
 * in references.c:
 */
LDAP_F( LDAPMessage * )
ldap_first_reference LDAP_P((
	LDAP *ld,
	LDAPMessage *chain ));

LDAP_F( LDAPMessage * )
ldap_next_reference LDAP_P((
	LDAP *ld,
	LDAPMessage *ref ));

LDAP_F( int )
ldap_count_references LDAP_P((
	LDAP *ld,
	LDAPMessage *chain ));

LDAP_F( int )
ldap_parse_reference LDAP_P((
	LDAP			*ld,
	LDAPMessage		*ref,
	char			***referralsp,
	LDAPControl		***serverctrls,
	int				freeit));


/*
 * in getentry.c:
 */
LDAP_F( LDAPMessage * )
ldap_first_entry LDAP_P((
	LDAP *ld,
	LDAPMessage *chain ));

LDAP_F( LDAPMessage * )
ldap_next_entry LDAP_P((
	LDAP *ld,
	LDAPMessage *entry ));

LDAP_F( int )
ldap_count_entries LDAP_P((
	LDAP *ld,
	LDAPMessage *chain ));

LDAP_F( int )
ldap_get_entry_controls LDAP_P((
	LDAP			*ld,
	LDAPMessage		*entry,
	LDAPControl		***serverctrls));


/*
 * in addentry.c
 */
LDAP_F( LDAPMessage * )
ldap_delete_result_entry LDAP_P((
	LDAPMessage **list,
	LDAPMessage *e ));

LDAP_F( void )
ldap_add_result_entry LDAP_P((
	LDAPMessage **list,
	LDAPMessage *e ));


/*
 * in getdn.c
 */
LDAP_F( char * )
ldap_get_dn LDAP_P((
	LDAP *ld,
	LDAPMessage *entry ));

typedef struct ldap_ava {
	struct berval la_attr;
	struct berval la_value;
	unsigned la_flags;
#define LDAP_AVA_NULL				0x0000U
#define LDAP_AVA_STRING				0x0001U
#define LDAP_AVA_BINARY				0x0002U
#define LDAP_AVA_NONPRINTABLE		0x0004U
#define LDAP_AVA_FREE_ATTR			0x0010U
#define LDAP_AVA_FREE_VALUE			0x0020U

	void *la_private;
} LDAPAVA;

typedef LDAPAVA** LDAPRDN;
typedef LDAPRDN* LDAPDN;

/* DN formats */
#define LDAP_DN_FORMAT_LDAP			0x0000U
#define LDAP_DN_FORMAT_LDAPV3		0x0010U
#define LDAP_DN_FORMAT_LDAPV2		0x0020U
#define LDAP_DN_FORMAT_DCE			0x0030U
#define LDAP_DN_FORMAT_UFN			0x0040U	/* dn2str only */
#define LDAP_DN_FORMAT_AD_CANONICAL	0x0050U	/* dn2str only */
#define LDAP_DN_FORMAT_LBER			0x00F0U /* for testing only */
#define LDAP_DN_FORMAT_MASK			0x00F0U

/* DN flags */
#define LDAP_DN_PRETTY				0x0100U
#define LDAP_DN_SKIP				0x0200U
#define LDAP_DN_P_NOLEADTRAILSPACES	0x1000U
#define LDAP_DN_P_NOSPACEAFTERRDN	0x2000U
#define LDAP_DN_PEDANTIC			0xF000U

LDAP_F( void ) ldap_rdnfree LDAP_P(( LDAPRDN rdn ));
LDAP_F( void ) ldap_dnfree LDAP_P(( LDAPDN dn ));

LDAP_F( int )
ldap_bv2dn LDAP_P(( 
	struct berval *bv, 
	LDAPDN *dn, 
	unsigned flags ));

LDAP_F( int )
ldap_str2dn LDAP_P((
	LDAP_CONST char *str,
	LDAPDN *dn,
	unsigned flags ));

LDAP_F( int )
ldap_dn2bv LDAP_P((
	LDAPDN dn,
	struct berval *bv,
	unsigned flags ));

LDAP_F( int )
ldap_dn2str LDAP_P((
	LDAPDN dn,
	char **str,
	unsigned flags ));

LDAP_F( int )
ldap_bv2rdn LDAP_P((
	struct berval *bv,
	LDAPRDN *rdn,
	char **next,
	unsigned flags ));

LDAP_F( int )
ldap_str2rdn LDAP_P((
	LDAP_CONST char *str,
	LDAPRDN *rdn,
	char **next,
	unsigned flags ));

LDAP_F( int )
ldap_rdn2bv LDAP_P((
	LDAPRDN rdn,
	struct berval *bv,
	unsigned flags ));

LDAP_F( int )
ldap_rdn2str LDAP_P((
	LDAPRDN rdn,
	char **str,
	unsigned flags ));

LDAP_F( int )
ldap_dn_normalize LDAP_P((
	LDAP_CONST char *in, unsigned iflags,
	char **out, unsigned oflags ));

LDAP_F( char * )
ldap_dn2ufn LDAP_P(( /* deprecated, use ldap_str2dn/dn2str */
	LDAP_CONST char *dn ));

LDAP_F( char ** )
ldap_explode_dn LDAP_P(( /* deprecated, ldap_str2dn */
	LDAP_CONST char *dn,
	int notypes ));

LDAP_F( char ** )
ldap_explode_rdn LDAP_P(( /* deprecated, ldap_str2rdn */
	LDAP_CONST char *rdn,
	int notypes ));

typedef int LDAPDN_rewrite_func
	LDAP_P(( LDAPDN dn, unsigned flags, void *ctx ));

LDAP_F( int )
ldap_X509dn2bv LDAP_P(( void *x509_name, struct berval *dn,
	LDAPDN_rewrite_func *func, unsigned flags ));

LDAP_F( char * )
ldap_dn2dcedn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
	LDAP_CONST char *dn ));

LDAP_F( char * )
ldap_dcedn2dn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
	LDAP_CONST char *dce ));

LDAP_F( char * )
ldap_dn2ad_canonical LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
	LDAP_CONST char *dn ));

LDAP_F( int )
ldap_get_dn_ber LDAP_P((
	LDAP *ld, LDAPMessage *e, BerElement **berout, struct berval *dn ));

LDAP_F( int )
ldap_get_attribute_ber LDAP_P((
	LDAP *ld, LDAPMessage *e, BerElement *ber, struct berval *attr,
	struct berval **vals ));

/*
 * in getattr.c
 */
LDAP_F( char * )
ldap_first_attribute LDAP_P((
	LDAP *ld,
	LDAPMessage *entry,
	BerElement **ber ));

LDAP_F( char * )
ldap_next_attribute LDAP_P((
	LDAP *ld,
	LDAPMessage *entry,
	BerElement *ber ));


/*
 * in getvalues.c
 */
LDAP_F( struct berval ** )
ldap_get_values_len LDAP_P((
	LDAP *ld,
	LDAPMessage *entry,
	LDAP_CONST char *target ));

LDAP_F( int )
ldap_count_values_len LDAP_P((
	struct berval **vals ));

LDAP_F( void )
ldap_value_free_len LDAP_P((
	struct berval **vals ));

#if LDAP_DEPRECATED
LDAP_F( char ** )
ldap_get_values LDAP_P((	/* deprecated, use ldap_get_values_len */
	LDAP *ld,
	LDAPMessage *entry,
	LDAP_CONST char *target ));

LDAP_F( int )
ldap_count_values LDAP_P((	/* deprecated, use ldap_count_values_len */
	char **vals ));

LDAP_F( void )
ldap_value_free LDAP_P((	/* deprecated, use ldap_value_free_len */
	char **vals ));
#endif

/*
 * in result.c:
 */
LDAP_F( int )
ldap_result LDAP_P((
	LDAP *ld,
	int msgid,
	int all,
	struct timeval *timeout,
	LDAPMessage **result ));

LDAP_F( int )
ldap_msgtype LDAP_P((
	LDAPMessage *lm ));

LDAP_F( int )
ldap_msgid   LDAP_P((
	LDAPMessage *lm ));

LDAP_F( int )
ldap_msgfree LDAP_P((
	LDAPMessage *lm ));

LDAP_F( int )
ldap_msgdelete LDAP_P((
	LDAP *ld,
	int msgid ));


/*
 * in search.c:
 */
LDAP_F( int )
ldap_bv2escaped_filter_value LDAP_P(( 
	struct berval *in, 
	struct berval *out ));

LDAP_F( int )
ldap_search_ext LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*base,
	int				scope,
	LDAP_CONST char	*filter,
	char			**attrs,
	int				attrsonly,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	struct timeval	*timeout,
	int				sizelimit,
	int				*msgidp ));

LDAP_F( int )
ldap_search_ext_s LDAP_P((
	LDAP			*ld,
	LDAP_CONST char	*base,
	int				scope,
	LDAP_CONST char	*filter,
	char			**attrs,
	int				attrsonly,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls,
	struct timeval	*timeout,
	int				sizelimit,
	LDAPMessage		**res ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_search LDAP_P((	/* deprecated, use ldap_search_ext */
	LDAP *ld,
	LDAP_CONST char *base,
	int scope,
	LDAP_CONST char *filter,
	char **attrs,
	int attrsonly ));

LDAP_F( int )
ldap_search_s LDAP_P((	/* deprecated, use ldap_search_ext_s */
	LDAP *ld,
	LDAP_CONST char *base,
	int scope,
	LDAP_CONST char *filter,
	char **attrs,
	int attrsonly,
	LDAPMessage **res ));

LDAP_F( int )
ldap_search_st LDAP_P((	/* deprecated, use ldap_search_ext_s */
	LDAP *ld,
	LDAP_CONST char *base,
	int scope,
	LDAP_CONST char *filter,
    char **attrs,
	int attrsonly,
	struct timeval *timeout,
	LDAPMessage **res ));
#endif

/*
 * in unbind.c
 */
LDAP_F( int )
ldap_unbind_ext LDAP_P((
	LDAP			*ld,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls));

LDAP_F( int )
ldap_unbind_ext_s LDAP_P((
	LDAP			*ld,
	LDAPControl		**serverctrls,
	LDAPControl		**clientctrls));

LDAP_F( int )
ldap_destroy LDAP_P((
	LDAP			*ld));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_unbind LDAP_P(( /* deprecated, use ldap_unbind_ext */
	LDAP *ld ));

LDAP_F( int )
ldap_unbind_s LDAP_P(( /* deprecated, use ldap_unbind_ext_s */
	LDAP *ld ));
#endif

/*
 * in filter.c
 */
LDAP_F( int )
ldap_put_vrFilter LDAP_P((
	BerElement *ber,
	const char *vrf ));

/*
 * in free.c
 */

LDAP_F( void * )
ldap_memalloc LDAP_P((
	ber_len_t s ));

LDAP_F( void * )
ldap_memrealloc LDAP_P((
	void* p,
	ber_len_t s ));

LDAP_F( void * )
ldap_memcalloc LDAP_P((
	ber_len_t n,
	ber_len_t s ));

LDAP_F( void )
ldap_memfree LDAP_P((
	void* p ));

LDAP_F( void )
ldap_memvfree LDAP_P((
	void** v ));

LDAP_F( char * )
ldap_strdup LDAP_P((
	LDAP_CONST char * ));

LDAP_F( void )
ldap_mods_free LDAP_P((
	LDAPMod **mods,
	int freemods ));


#if LDAP_DEPRECATED
/*
 * in sort.c (deprecated, use custom code instead)
 */
typedef int (LDAP_SORT_AD_CMP_PROC) LDAP_P(( /* deprecated */
	LDAP_CONST char *left,
	LDAP_CONST char *right ));

typedef int (LDAP_SORT_AV_CMP_PROC) LDAP_P(( /* deprecated */
	LDAP_CONST void *left,
	LDAP_CONST void *right ));

LDAP_F( int )	/* deprecated */
ldap_sort_entries LDAP_P(( LDAP *ld,
	LDAPMessage **chain,
	LDAP_CONST char *attr,
	LDAP_SORT_AD_CMP_PROC *cmp ));

LDAP_F( int )	/* deprecated */
ldap_sort_values LDAP_P((
	LDAP *ld,
	char **vals,
	LDAP_SORT_AV_CMP_PROC *cmp ));

LDAP_F( int ) /* deprecated */
ldap_sort_strcasecmp LDAP_P((
	LDAP_CONST void *a,
	LDAP_CONST void *b ));
#endif

/*
 * in url.c
 */
LDAP_F( int )
ldap_is_ldap_url LDAP_P((
	LDAP_CONST char *url ));

LDAP_F( int )
ldap_is_ldaps_url LDAP_P((
	LDAP_CONST char *url ));

LDAP_F( int )
ldap_is_ldapi_url LDAP_P((
	LDAP_CONST char *url ));

LDAP_F( int )
ldap_url_parse LDAP_P((
	LDAP_CONST char *url,
	LDAPURLDesc **ludpp ));

LDAP_F( char * )
ldap_url_desc2str LDAP_P((
	LDAPURLDesc *ludp ));

LDAP_F( void )
ldap_free_urldesc LDAP_P((
	LDAPURLDesc *ludp ));


/*
 * LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
 *  in cancel.c
 */
#define LDAP_API_FEATURE_CANCEL 1000

LDAP_F( int )
ldap_cancel LDAP_P(( LDAP *ld,
	int cancelid,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_cancel_s LDAP_P(( LDAP *ld,
	int cancelid,
	LDAPControl **sctrl,
	LDAPControl **cctrl ));

/*
 * LDAP Turn Extended Operation <draft-zeilenga-ldap-turn-xx.txt>
 *  in turn.c
 */
#define LDAP_API_FEATURE_TURN 1000

LDAP_F( int )
ldap_turn LDAP_P(( LDAP *ld,
	int mutual,
	LDAP_CONST char* identifier,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_turn_s LDAP_P(( LDAP *ld,
	int mutual,
	LDAP_CONST char* identifier,
	LDAPControl **sctrl,
	LDAPControl **cctrl ));

/*
 * LDAP Paged Results
 *	in pagectrl.c
 */
#define LDAP_API_FEATURE_PAGED_RESULTS 2000

LDAP_F( int )
ldap_create_page_control_value LDAP_P((
	LDAP *ld,
	ber_int_t pagesize,
	struct berval *cookie,
	struct berval *value ));

LDAP_F( int )
ldap_create_page_control LDAP_P((
	LDAP *ld,
	ber_int_t pagesize,
	struct berval *cookie,
	int iscritical,
	LDAPControl **ctrlp ));

#if LDAP_DEPRECATED
LDAP_F( int )
ldap_parse_page_control LDAP_P((
	/* deprecated, use ldap_parse_pageresponse_control */
	LDAP *ld,
	LDAPControl **ctrls,
	ber_int_t *count,
	struct berval **cookie ));
#endif

LDAP_F( int )
ldap_parse_pageresponse_control LDAP_P((
	LDAP *ld,
	LDAPControl *ctrl,
	ber_int_t *count,
	struct berval *cookie ));

/*
 * LDAP Server Side Sort
 *	in sortctrl.c
 */
#define LDAP_API_FEATURE_SERVER_SIDE_SORT 2000

/* structure for a sort-key */
typedef struct ldapsortkey {
	char *attributeType;
	char *orderingRule;
	int reverseOrder;
} LDAPSortKey;

LDAP_F( int )
ldap_create_sort_keylist LDAP_P((
	LDAPSortKey ***sortKeyList,
	char *keyString ));

LDAP_F( void )
ldap_free_sort_keylist LDAP_P((
	LDAPSortKey **sortkeylist ));

LDAP_F( int )
ldap_create_sort_control_value LDAP_P((
	LDAP *ld,
	LDAPSortKey **keyList,
	struct berval *value ));

LDAP_F( int )
ldap_create_sort_control LDAP_P((
	LDAP *ld,
	LDAPSortKey **keyList,
	int iscritical,
	LDAPControl **ctrlp ));

LDAP_F( int )
ldap_parse_sortresponse_control LDAP_P((
	LDAP *ld,
	LDAPControl *ctrl,
	ber_int_t *result,
	char **attribute ));

/*
 * LDAP Virtual List View
 *	in vlvctrl.c
 */
#define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 2000

/* structure for virtual list */
typedef struct ldapvlvinfo {
	ber_int_t ldvlv_version;
    ber_int_t ldvlv_before_count;
    ber_int_t ldvlv_after_count;
    ber_int_t ldvlv_offset;
    ber_int_t ldvlv_count;
    struct berval *	ldvlv_attrvalue;
    struct berval *	ldvlv_context;
    void *			ldvlv_extradata;
} LDAPVLVInfo;

LDAP_F( int )
ldap_create_vlv_control_value LDAP_P((
	LDAP *ld,
	LDAPVLVInfo *ldvlistp,
	struct berval *value));

LDAP_F( int )
ldap_create_vlv_control LDAP_P((
	LDAP *ld,
	LDAPVLVInfo *ldvlistp,
	LDAPControl **ctrlp ));

LDAP_F( int )
ldap_parse_vlvresponse_control LDAP_P((
	LDAP          *ld,
	LDAPControl   *ctrls,
	ber_int_t *target_posp,
	ber_int_t *list_countp,
	struct berval **contextp,
	int           *errcodep ));

/*
 * LDAP Who Am I?
 *	in whoami.c
 */
#define LDAP_API_FEATURE_WHOAMI 1000

LDAP_F( int )
ldap_parse_whoami LDAP_P((
	LDAP *ld,
	LDAPMessage *res,
	struct berval **authzid ));

LDAP_F( int )
ldap_whoami LDAP_P(( LDAP *ld,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_whoami_s LDAP_P((
	LDAP *ld,
	struct berval **authzid,
	LDAPControl **sctrls,
	LDAPControl **cctrls ));

/*
 * LDAP Password Modify
 *	in passwd.c
 */
#define LDAP_API_FEATURE_PASSWD_MODIFY 1000

LDAP_F( int )
ldap_parse_passwd LDAP_P((
	LDAP *ld,
	LDAPMessage *res,
	struct berval *newpasswd ));

LDAP_F( int )
ldap_passwd LDAP_P(( LDAP *ld,
	struct berval	*user,
	struct berval	*oldpw,
	struct berval	*newpw,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_passwd_s LDAP_P((
	LDAP *ld,
	struct berval	*user,
	struct berval	*oldpw,
	struct berval	*newpw,
	struct berval *newpasswd,
	LDAPControl **sctrls,
	LDAPControl **cctrls ));

#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
/*
 * LDAP Password Policy controls
 *	in ppolicy.c
 */
#define LDAP_API_FEATURE_PASSWORD_POLICY 1000

typedef enum passpolicyerror_enum {
       PP_passwordExpired = 0,
       PP_accountLocked = 1,
       PP_changeAfterReset = 2,
       PP_passwordModNotAllowed = 3,
       PP_mustSupplyOldPassword = 4,
       PP_insufficientPasswordQuality = 5,
       PP_passwordTooShort = 6,
       PP_passwordTooYoung = 7,
       PP_passwordInHistory = 8,
       PP_noError = 65535
} LDAPPasswordPolicyError;

LDAP_F( int )
ldap_create_passwordpolicy_control LDAP_P((
        LDAP *ld,
        LDAPControl **ctrlp ));

LDAP_F( int )
ldap_parse_passwordpolicy_control LDAP_P((
        LDAP *ld,
        LDAPControl *ctrl,
        ber_int_t *expirep,
        ber_int_t *gracep,
        LDAPPasswordPolicyError *errorp ));

LDAP_F( const char * )
ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
#endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */

/*
 * LDAP Dynamic Directory Services Refresh -- RFC 2589
 *	in dds.c
 */
#define LDAP_API_FEATURE_REFRESH 1000

LDAP_F( int )
ldap_parse_refresh LDAP_P((
	LDAP *ld,
	LDAPMessage *res,
	ber_int_t *newttl ));

LDAP_F( int )
ldap_refresh LDAP_P(( LDAP *ld,
	struct berval	*dn,
	ber_int_t ttl,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_refresh_s LDAP_P((
	LDAP *ld,
	struct berval	*dn,
	ber_int_t ttl,
	ber_int_t *newttl,
	LDAPControl **sctrls,
	LDAPControl **cctrls ));

/*
 * LDAP Transactions
 */
#ifdef LDAP_X_TXN
LDAP_F( int )
ldap_txn_start LDAP_P(( LDAP *ld,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_txn_start_s LDAP_P(( LDAP *ld,
	LDAPControl **sctrl,
	LDAPControl **cctrl,
	struct berval **rettxnid ));

LDAP_F( int )
ldap_txn_end LDAP_P(( LDAP *ld,
	int	commit,
	struct berval	*txnid,
	LDAPControl		**sctrls,
	LDAPControl		**cctrls,
	int				*msgidp ));

LDAP_F( int )
ldap_txn_end_s LDAP_P(( LDAP *ld,
	int	commit,
	struct berval *txnid,
	LDAPControl **sctrl,
	LDAPControl **cctrl,
	int *retidp ));
#endif

/*
 * in ldap_sync.c
 */

/*
 * initialize the persistent search structure
 */
LDAP_F( ldap_sync_t * )
ldap_sync_initialize LDAP_P((
	ldap_sync_t	*ls ));

/*
 * destroy the persistent search structure
 */
LDAP_F( void )
ldap_sync_destroy LDAP_P((
	ldap_sync_t	*ls,
	int		freeit ));

/*
 * initialize a refreshOnly sync
 */
LDAP_F( int )
ldap_sync_init LDAP_P((
	ldap_sync_t	*ls,
	int		mode ));

/*
 * initialize a refreshOnly sync
 */
LDAP_F( int )
ldap_sync_init_refresh_only LDAP_P((
	ldap_sync_t	*ls ));

/*
 * initialize a refreshAndPersist sync
 */
LDAP_F( int )
ldap_sync_init_refresh_and_persist LDAP_P((
	ldap_sync_t	*ls ));

/*
 * poll for new responses
 */
LDAP_F( int )
ldap_sync_poll LDAP_P((
	ldap_sync_t	*ls ));

#ifdef LDAP_CONTROL_X_SESSION_TRACKING

/*
 * in stctrl.c
 */
LDAP_F( int )
ldap_create_session_tracking_value LDAP_P((
	LDAP		*ld,
	char		*sessionSourceIp,
	char		*sessionSourceName,
	char		*formatOID,
	struct berval	*sessionTrackingIdentifier,
	struct berval	*value ));

LDAP_F( int )
ldap_create_session_tracking_control LDAP_P((
	LDAP		*ld,
	char		*sessionSourceIp,
	char		*sessionSourceName,
	char		*formatOID,
	struct berval	*sessionTrackingIdentifier,
	LDAPControl	**ctrlp ));

LDAP_F( int )
ldap_parse_session_tracking_control LDAP_P((
	LDAP *ld,
	LDAPControl *ctrl,
	struct berval *ip,
	struct berval *name,
	struct berval *oid,
	struct berval *id ));

#endif /* LDAP_CONTROL_X_SESSION_TRACKING */

/*
 * in assertion.c
 */
LDAP_F (int)
ldap_create_assertion_control_value LDAP_P((
	LDAP		*ld,
	char		*assertion,
	struct berval	*value ));

LDAP_F( int )
ldap_create_assertion_control LDAP_P((
	LDAP		*ld,
	char		*filter,
	int		iscritical,
	LDAPControl	**ctrlp ));

/*
 * in deref.c
 */

typedef struct LDAPDerefSpec {
	char *derefAttr;
	char **attributes;
} LDAPDerefSpec;

typedef struct LDAPDerefVal {
	char *type;
	BerVarray vals;
	struct LDAPDerefVal *next;
} LDAPDerefVal;

typedef struct LDAPDerefRes {
	char *derefAttr;
	struct berval derefVal;
	LDAPDerefVal *attrVals;
	struct LDAPDerefRes *next;
} LDAPDerefRes;

LDAP_F( int )
ldap_create_deref_control_value LDAP_P((
	LDAP *ld,
	LDAPDerefSpec *ds,
	struct berval *value ));

LDAP_F( int )
ldap_create_deref_control LDAP_P((
	LDAP		*ld,
	LDAPDerefSpec	*ds,
	int		iscritical,
	LDAPControl	**ctrlp ));

LDAP_F( void )
ldap_derefresponse_free LDAP_P((
	LDAPDerefRes *dr ));

LDAP_F( int )
ldap_parse_derefresponse_control LDAP_P((
	LDAP *ld,
	LDAPControl *ctrl,
	LDAPDerefRes **drp ));

LDAP_F( int )
ldap_parse_deref_control LDAP_P((
	LDAP		*ld,
	LDAPControl	**ctrls,
	LDAPDerefRes	**drp ));

/*
 * hacks for NTLM
 */
#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
#define LDAP_AUTH_NTLM_RESPONSE  ((ber_tag_t) 0x8bU)
LDAP_F( int )
ldap_ntlm_bind LDAP_P((
      LDAP    *ld,
      LDAP_CONST char *dn,
      ber_tag_t tag,
      struct berval *cred,
      LDAPControl **sctrls,
      LDAPControl **cctrls,
      int   *msgidp ));
LDAP_F( int )
ldap_parse_ntlm_bind_result LDAP_P((
      LDAP    *ld,
      LDAPMessage *res,
      struct berval *challenge));

LDAP_END_DECL
#endif /* _LDAP_H */

Changed text

Open file

/*
 * Copyright (c) 2001, 2003, Oracle and/or its affiliates. All rights reserved.
 */

/*
 * The contents of this file are subject to the Netscape Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/NPL/
 *
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 * The Original Code is Mozilla Communicator client code, released
 * March 31, 1998.
 *
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation. Portions created by Netscape are
 * Copyright (C) 1998-1999 Netscape Communications Corporation. All
 * Rights Reserved.
 *
 * Contributor(s):
 */

#ifndef _LDAP_H
#define _LDAP_H

#ifdef  __cplusplus
extern "C" {
#endif

#ifndef _SOLARIS_SDK
#define _SOLARIS_SDK
#endif

#ifndef LDAP_TYPE_TIMEVAL_DEFINED
#include <sys/time.h>
#endif
#ifndef LDAP_TYPE_SOCKET_DEFINED        /* API extension */
#include <sys/types.h>
#include <sys/socket.h>
#endif

#include <lber.h>

#define LDAP_PORT               389
#define LDAPS_PORT              636
#define LDAP_PORT_MAX           65535           /* API extension */
#define LDAP_VERSION1           1               /* API extension */
#define LDAP_VERSION2           2
#define LDAP_VERSION3           3
#define LDAP_VERSION            LDAP_VERSION2   /* API extension */
#define LDAP_VERSION_MIN        LDAP_VERSION3
#define LDAP_VERSION_MAX        LDAP_VERSION3

#define LDAP_VENDOR_VERSION     500     /* version # * 100 */
#define LDAP_VENDOR_NAME        "Sun Microsystems Inc."
/*
 * The following will be an RFC number once the LDAP C API Internet Draft
 * is published as a Proposed Standard RFC.  For now we use 2000 + the
 * draft revision number (currently 5) since we are close to compliance
 * with revision 5 of the draft.
 */
#define LDAP_API_VERSION        2005

/*
 * C LDAP features we support that are not (yet) part of the LDAP C API
 * Internet Draft.  Use the ldap_get_option() call with an option value of
 * LDAP_OPT_API_FEATURE_INFO to retrieve information about a feature.
 *
 * Note that this list is incomplete; it includes only the most widely
 * used extensions.  Also, the version is 1 for all of these for now.
 */
#define LDAP_API_FEATURE_SERVER_SIDE_SORT       1
#define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW      1
#define LDAP_API_FEATURE_PERSISTENT_SEARCH      1
#define LDAP_API_FEATURE_PROXY_AUTHORIZATION    1
#define LDAP_API_FEATURE_X_LDERRNO              1
#define LDAP_API_FEATURE_X_MEMCACHE             1
#define LDAP_API_FEATURE_X_IO_FUNCTIONS         1
#define LDAP_API_FEATURE_X_EXTIO_FUNCTIONS      1
#define LDAP_API_FEATURE_X_DNS_FUNCTIONS        1
#define LDAP_API_FEATURE_X_MEMALLOC_FUNCTIONS   1
#define LDAP_API_FEATURE_X_THREAD_FUNCTIONS     1
#define LDAP_API_FEATURE_X_EXTHREAD_FUNCTIONS   1
#define LDAP_API_FEATURE_X_GETLANGVALUES        1
#define LDAP_API_FEATURE_X_CLIENT_SIDE_SORT     1
#define LDAP_API_FEATURE_X_URL_FUNCTIONS        1
#define LDAP_API_FEATURE_X_FILTER_FUNCTIONS     1

#define LDAP_ROOT_DSE           ""              /* API extension */
#define LDAP_NO_ATTRS           "1.1"
#define LDAP_ALL_USER_ATTRS     "*"

/*
 * Standard options (used with ldap_set_option() and ldap_get_option):
 */
#define LDAP_OPT_API_INFO               0x00    /*  0 */
#define LDAP_OPT_DESC                   0x01    /*  1 */
#define LDAP_OPT_DEREF                  0x02    /*  2 */
#define LDAP_OPT_SIZELIMIT              0x03    /*  3 */
#define LDAP_OPT_TIMELIMIT              0x04    /*  4 */
#define LDAP_OPT_REFERRALS              0x08    /*  8 */
#define LDAP_OPT_RESTART                0x09    /*  9 */
#define LDAP_OPT_PROTOCOL_VERSION       0x11    /* 17 */
#define LDAP_OPT_SERVER_CONTROLS        0x12    /* 18 */
#define LDAP_OPT_CLIENT_CONTROLS        0x13    /* 19 */
#define LDAP_OPT_API_FEATURE_INFO       0x15    /* 21 */
#define LDAP_OPT_HOST_NAME              0x30    /* 48 */
#define LDAP_OPT_ERROR_NUMBER           0x31    /* 49 */
#define LDAP_OPT_ERROR_STRING           0x32    /* 50 */
#define LDAP_OPT_MATCHED_DN             0x33    /* 51 */

/*
 * Well-behaved private and experimental extensions will use option values
 * between 0x4000 (16384) and 0x7FFF (32767) inclusive.
 */
#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000  /* to 0x7FFF inclusive */
/*
 * Special timeout values for poll and connect:
 */
#define LDAP_X_IO_TIMEOUT_NO_WAIT       0       /* return immediately */
#define LDAP_X_IO_TIMEOUT_NO_TIMEOUT    (-1)    /* block indefinitely */
/*
 * Timeout value for nonblocking connect call
 */
#define LDAP_X_OPT_CONNECT_TIMEOUT    (LDAP_OPT_PRIVATE_EXTENSION_BASE + 0x0F01)
        /* 0x4000 + 0x0F01 = 0x4F01 = 20225 - API extension */

/* for on/off options */
#define LDAP_OPT_ON     ((void *)1)
#define LDAP_OPT_OFF    ((void *)0)

typedef struct ldap     LDAP;           /* opaque connection handle */
typedef struct ldapmsg  LDAPMessage;    /* opaque result/entry handle */

#define NULLMSG ((LDAPMessage *)0)

/* structure representing an LDAP modification */
typedef struct ldapmod {
        int             mod_op;         /* kind of mod + form of values */
#define LDAP_MOD_ADD            0x00
#define LDAP_MOD_DELETE         0x01
#define LDAP_MOD_REPLACE        0x02
#define LDAP_MOD_BVALUES        0x80
        char                    *mod_type;      /* attribute name to modify */
        union mod_vals_u {
                char            **modv_strvals;
                struct berval   **modv_bvals;
        } mod_vals;             /* values to add/delete/replace */
#define mod_values      mod_vals.modv_strvals
#define mod_bvalues     mod_vals.modv_bvals
} LDAPMod;


/*
 * structure for holding ldapv3 controls
 */
typedef struct ldapcontrol {
    char                *ldctl_oid;
    struct berval       ldctl_value;
    char                ldctl_iscritical;
} LDAPControl;


/*
 * LDAP API information.  Can be retrieved by using a sequence like:
 *
 *    LDAPAPIInfo ldai;
 *    ldai.ldapai_info_version = LDAP_API_INFO_VERSION;
 *    if ( ldap_get_option( NULL, LDAP_OPT_API_INFO, &ldia ) == 0 ) ...
 */
#define LDAP_API_INFO_VERSION           1
typedef struct ldapapiinfo {
    int  ldapai_info_version;     /* version of this struct (1) */
    int ldapai_api_version;     /* revision of API supported */
    int  ldapai_protocol_version; /* highest LDAP version supported */
    char **ldapai_extensions;   /* names of API extensions */
    char *ldapai_vendor_name;   /* name of supplier */
    int  ldapai_vendor_version;   /* supplier-specific version times 100 */
} LDAPAPIInfo;


/*
 * LDAP API extended features info.  Can be retrieved by using a sequence like:
 *
 *    LDAPAPIFeatureInfo ldfi;
 *    ldfi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
 *    ldfi.ldapaif_name = "VIRTUAL_LIST_VIEW";
 *    if ( ldap_get_option( NULL, LDAP_OPT_API_FEATURE_INFO, &ldfi ) == 0 ) ...
 */
#define LDAP_FEATURE_INFO_VERSION       1
typedef struct ldap_apifeature_info {
    int   ldapaif_info_version; /* version of this struct (1) */
    char  *ldapaif_name;        /* name of supported feature */
    int   ldapaif_version;      /* revision of supported feature */
} LDAPAPIFeatureInfo;


/* possible result types a server can return */
#define LDAP_RES_BIND                   0x61    /* 97 */
#define LDAP_RES_SEARCH_ENTRY           0x64    /* 100 */
#define LDAP_RES_SEARCH_RESULT          0x65    /* 101 */
#define LDAP_RES_MODIFY                 0x67    /* 103 */
#define LDAP_RES_ADD                    0x69    /* 105 */
#define LDAP_RES_DELETE                 0x6b    /* 107 */
#define LDAP_RES_MODDN                  0x6d    /* 109 */
#define LDAP_RES_COMPARE                0x6f    /* 111 */
#define LDAP_RES_SEARCH_REFERENCE       0x73    /* 115 */
#define LDAP_RES_EXTENDED               0x78    /* 120 */

/* Special values for ldap_result() "msgid" parameter */
#define LDAP_RES_ANY                    (-1)
#define LDAP_RES_UNSOLICITED            0

/* built-in SASL methods */
#define LDAP_SASL_SIMPLE        0       /* special value used for simple bind */
#define LDAP_SASL_EXTERNAL      "EXTERNAL"      /* TLS/SSL extension */

#ifdef  _SOLARIS_SDK
#define LDAP_SASL_CRAM_MD5      "CRAM-MD5"
#define LDAP_SASL_DIGEST_MD5    "DIGEST-MD5"
#define LDAP_SASL_BIND_INPROGRESS       0x0e    /* for backward compatibility */
#endif

/* search scopes */
#define LDAP_SCOPE_BASE         0x00
#define LDAP_SCOPE_ONELEVEL     0x01
#define LDAP_SCOPE_SUBTREE      0x02

/* alias dereferencing */
#define LDAP_DEREF_NEVER        0
#define LDAP_DEREF_SEARCHING    1
#define LDAP_DEREF_FINDING      2
#define LDAP_DEREF_ALWAYS       3

/* predefined size/time limits */
#define LDAP_NO_LIMIT           0

/* allowed values for "all" ldap_result() parameter */
#define LDAP_MSG_ONE            0
#define LDAP_MSG_ALL            1
#define LDAP_MSG_RECEIVED       2

/* possible error codes we can be returned */
#define LDAP_SUCCESS                    0x00    /* 0 */
#define LDAP_OPERATIONS_ERROR           0x01    /* 1 */
#define LDAP_PROTOCOL_ERROR             0x02    /* 2 */
#define LDAP_TIMELIMIT_EXCEEDED         0x03    /* 3 */
#define LDAP_SIZELIMIT_EXCEEDED         0x04    /* 4 */
#define LDAP_COMPARE_FALSE              0x05    /* 5 */
#define LDAP_COMPARE_TRUE               0x06    /* 6 */
#define LDAP_STRONG_AUTH_NOT_SUPPORTED  0x07    /* 7 */
#define LDAP_STRONG_AUTH_REQUIRED       0x08    /* 8 */
#define LDAP_PARTIAL_RESULTS            0x09    /* 9 (UMich LDAPv2 extn) */
#define LDAP_REFERRAL                   0x0a    /* 10 - LDAPv3 */
#define LDAP_ADMINLIMIT_EXCEEDED        0x0b    /* 11 - LDAPv3 */
#define LDAP_UNAVAILABLE_CRITICAL_EXTENSION  0x0c /* 12 - LDAPv3 */
#define LDAP_CONFIDENTIALITY_REQUIRED   0x0d    /* 13 */
#define LDAP_SASL_BIND_IN_PROGRESS      0x0e    /* 14 - LDAPv3 */

#define LDAP_NO_SUCH_ATTRIBUTE          0x10    /* 16 */
#define LDAP_UNDEFINED_TYPE             0x11    /* 17 */
#define LDAP_INAPPROPRIATE_MATCHING     0x12    /* 18 */
#define LDAP_CONSTRAINT_VIOLATION       0x13    /* 19 */
#define LDAP_TYPE_OR_VALUE_EXISTS       0x14    /* 20 */
#define LDAP_INVALID_SYNTAX             0x15    /* 21 */

#define LDAP_NO_SUCH_OBJECT             0x20    /* 32 */
#define LDAP_ALIAS_PROBLEM              0x21    /* 33 */
#define LDAP_INVALID_DN_SYNTAX          0x22    /* 34 */
#define LDAP_IS_LEAF                    0x23    /* 35 (not used in LDAPv3) */
#define LDAP_ALIAS_DEREF_PROBLEM        0x24    /* 36 */

#define NAME_ERROR(n)   ((n & 0xf0) == 0x20)

#define LDAP_INAPPROPRIATE_AUTH         0x30    /* 48 */
#define LDAP_INVALID_CREDENTIALS        0x31    /* 49 */
#define LDAP_INSUFFICIENT_ACCESS        0x32    /* 50 */
#define LDAP_BUSY                       0x33    /* 51 */
#define LDAP_UNAVAILABLE                0x34    /* 52 */
#define LDAP_UNWILLING_TO_PERFORM       0x35    /* 53 */
#define LDAP_LOOP_DETECT                0x36    /* 54 */

#define LDAP_SORT_CONTROL_MISSING       0x3C    /* 60 (server side sort extn) */
#define LDAP_INDEX_RANGE_ERROR          0x3D    /* 61 (VLV extn) */

#define LDAP_NAMING_VIOLATION           0x40    /* 64 */
#define LDAP_OBJECT_CLASS_VIOLATION     0x41    /* 65 */
#define LDAP_NOT_ALLOWED_ON_NONLEAF     0x42    /* 66 */
#define LDAP_NOT_ALLOWED_ON_RDN         0x43    /* 67 */
#define LDAP_ALREADY_EXISTS             0x44    /* 68 */
#define LDAP_NO_OBJECT_CLASS_MODS       0x45    /* 69 */
#define LDAP_RESULTS_TOO_LARGE          0x46    /* 70 - CLDAP */
#define LDAP_AFFECTS_MULTIPLE_DSAS      0x47    /* 71 */

#define LDAP_OTHER                      0x50    /* 80 */
#define LDAP_SERVER_DOWN                0x51    /* 81 */
#define LDAP_LOCAL_ERROR                0x52    /* 82 */
#define LDAP_ENCODING_ERROR             0x53    /* 83 */
#define LDAP_DECODING_ERROR             0x54    /* 84 */
#define LDAP_TIMEOUT                    0x55    /* 85 */
#define LDAP_AUTH_UNKNOWN               0x56    /* 86 */
#define LDAP_FILTER_ERROR               0x57    /* 87 */
#define LDAP_USER_CANCELLED             0x58    /* 88 */
#define LDAP_PARAM_ERROR                0x59    /* 89 */
#define LDAP_NO_MEMORY                  0x5a    /* 90 */
#define LDAP_CONNECT_ERROR              0x5b    /* 91 */
#define LDAP_NOT_SUPPORTED              0x5c    /* 92 - LDAPv3 */
#define LDAP_CONTROL_NOT_FOUND          0x5d    /* 93 - LDAPv3 */
#define LDAP_NO_RESULTS_RETURNED        0x5e    /* 94 - LDAPv3 */
#define LDAP_MORE_RESULTS_TO_RETURN     0x5f    /* 95 - LDAPv3 */
#define LDAP_CLIENT_LOOP                0x60    /* 96 - LDAPv3 */
#define LDAP_REFERRAL_LIMIT_EXCEEDED    0x61    /* 97 - LDAPv3 */

/*
 * LDAPv3 unsolicited notification messages we know about
 */
#define LDAP_NOTICE_OF_DISCONNECTION    "1.3.6.1.4.1.1466.20036"

/*
 * LDAPv3 server controls we know about
 */
#define LDAP_CONTROL_MANAGEDSAIT        "2.16.840.1.113730.3.4.2"
#define LDAP_CONTROL_SORTREQUEST        "1.2.840.113556.1.4.473"
#define LDAP_CONTROL_SORTRESPONSE       "1.2.840.113556.1.4.474"
#define LDAP_CONTROL_PERSISTENTSEARCH   "2.16.840.1.113730.3.4.3"
#define LDAP_CONTROL_ENTRYCHANGE        "2.16.840.1.113730.3.4.7"
#define LDAP_CONTROL_VLVREQUEST         "2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE        "2.16.840.1.113730.3.4.10"
#define LDAP_CONTROL_PROXYAUTH          "2.16.840.1.113730.3.4.12"
        /* version 1 */
#define LDAP_CONTROL_PROXIEDAUTH        "2.16.840.1.113730.3.4.18"
        /* version 2 */

#ifdef  _SOLARIS_SDK
/*
 * Simple Page control OID
 */
#define LDAP_CONTROL_SIMPLE_PAGE        "1.2.840.113556.1.4.319"

/*
 * Begin LDAP Display Template Definitions
 */
#define LDAP_TEMPLATE_VERSION   1

/*
 * general types of items (confined to most significant byte)
 */
#define LDAP_SYN_TYPE_TEXT              0x01000000L
#define LDAP_SYN_TYPE_IMAGE             0x02000000L
#define LDAP_SYN_TYPE_BOOLEAN           0x04000000L
#define LDAP_SYN_TYPE_BUTTON            0x08000000L
#define LDAP_SYN_TYPE_ACTION            0x10000000L

/*
 * syntax options (confined to second most significant byte)
 */
#define LDAP_SYN_OPT_DEFER              0x00010000L

/*
 * display template item syntax ids (defined by common agreement)
 * these are the valid values for the ti_syntaxid of the tmplitem
 * struct (defined below).  A general type is encoded in the
 * most-significant 8 bits, and some options are encoded in the next
 * 8 bits.  The lower 16 bits are reserved for the distinct types.
 */
#define LDAP_SYN_CASEIGNORESTR  (1 | LDAP_SYN_TYPE_TEXT)
#define LDAP_SYN_MULTILINESTR   (2 | LDAP_SYN_TYPE_TEXT)
#define LDAP_SYN_DN             (3 | LDAP_SYN_TYPE_TEXT)
#define LDAP_SYN_BOOLEAN        (4 | LDAP_SYN_TYPE_BOOLEAN)
#define LDAP_SYN_JPEGIMAGE      (5 | LDAP_SYN_TYPE_IMAGE)
#define LDAP_SYN_JPEGBUTTON     (6 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
#define LDAP_SYN_FAXIMAGE       (7 | LDAP_SYN_TYPE_IMAGE)
#define LDAP_SYN_FAXBUTTON      (8 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
#define LDAP_SYN_AUDIOBUTTON    (9 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
#define LDAP_SYN_TIME           (10 | LDAP_SYN_TYPE_TEXT)
#define LDAP_SYN_DATE           (11 | LDAP_SYN_TYPE_TEXT)
#define LDAP_SYN_LABELEDURL     (12 | LDAP_SYN_TYPE_TEXT)
#define LDAP_SYN_SEARCHACTION   (13 | LDAP_SYN_TYPE_ACTION)
#define LDAP_SYN_LINKACTION     (14 | LDAP_SYN_TYPE_ACTION)
#define LDAP_SYN_ADDDNACTION    (15 | LDAP_SYN_TYPE_ACTION)
#define LDAP_SYN_VERIFYDNACTION (16 | LDAP_SYN_TYPE_ACTION)
#define LDAP_SYN_RFC822ADDR     (17 | LDAP_SYN_TYPE_TEXT)

/*
 * handy macros
 */
#define LDAP_GET_SYN_TYPE(syid)         ((syid) & 0xFF000000UL)
#define LDAP_GET_SYN_OPTIONS(syid)      ((syid) & 0x00FF0000UL)


/*
 * display options for output routines (used by entry2text and friends)
 */
/*
 * use calculated label width (based on length of longest label in
 * template) instead of contant width
 */
#define LDAP_DISP_OPT_AUTOLABELWIDTH    0x00000001L
#define LDAP_DISP_OPT_HTMLBODYONLY      0x00000002L

/*
 * perform search actions (applies to ldap_entry2text_search only)
 */
#define LDAP_DISP_OPT_DOSEARCHACTIONS   0x00000002L

/*
 * include additional info. relevant to "non leaf" entries only
 * used by ldap_entry2html and ldap_entry2html_search to include "Browse"
 * and "Move Up" HREFs
 */
#define LDAP_DISP_OPT_NONLEAF           0x00000004L

/*
 * display template item options (may not apply to all types)
 * if this bit is set in ti_options, it applies.
 */
#define LDAP_DITEM_OPT_READONLY         0x00000001L
#define LDAP_DITEM_OPT_SORTVALUES       0x00000002L
#define LDAP_DITEM_OPT_SINGLEVALUED     0x00000004L
#define LDAP_DITEM_OPT_HIDEIFEMPTY      0x00000008L
#define LDAP_DITEM_OPT_VALUEREQUIRED    0x00000010L
#define LDAP_DITEM_OPT_HIDEIFFALSE      0x00000020L     /* booleans only */

#endif  /* _SOLARIS_SDK */

/* Authentication request and response controls */
#define LDAP_CONTROL_AUTH_REQUEST       "2.16.840.1.113730.3.4.16"
#define LDAP_CONTROL_AUTH_RESPONSE      "2.16.840.1.113730.3.4.15"

/* Password information sent back to client */
#define LDAP_CONTROL_PWEXPIRED          "2.16.840.1.113730.3.4.4"
#define LDAP_CONTROL_PWEXPIRING         "2.16.840.1.113730.3.4.5"


/*
 * Client controls we know about
 */
#define LDAP_CONTROL_REFERRALS          "1.2.840.113556.1.4.616"


/*
 * LDAP_API macro definition:
 */
#ifndef LDAP_API
#define LDAP_API(rt) rt
#endif  /* LDAP_API */

#ifdef  _SOLARIS_SDK
/* Simple Page Control functions for Solaris SDK */
int ldap_create_page_control(LDAP *ld, unsigned int pagesize,
        struct berval *cookie, char isCritical, LDAPControl **output);
int ldap_parse_page_control(LDAP *ld, LDAPControl **controls,
        unsigned int *totalcount, struct berval **cookie);

/* CRAM-MD5 functions */
int ldap_sasl_cram_md5_bind_s(LDAP *ld, char *dn,
        struct berval *cred, LDAPControl **serverctrls,
        LDAPControl **clientctrls);
/* DIGEST-MD5 Function */
int ldap_x_sasl_digest_md5_bind_s(LDAP *ld, char *dn,
        struct berval *cred, LDAPControl **serverctrls,
        LDAPControl **clientctrls);
int ldap_x_sasl_digest_md5_bind(LDAP *ld, char *dn,
        struct berval *cred, LDAPControl **serverctrls,
        LDAPControl **clientctrls, struct timeval *timeout,
        LDAPMessage **result);

#endif  /* _SOLARIS_SDK */

LDAP_API(LDAP *) LDAP_CALL ldap_open(const char *host, int port);
LDAP_API(LDAP *) LDAP_CALL ldap_init(const char *defhost, int defport);
int LDAP_CALL ldap_set_option(LDAP *ld, int option,
        const void *optdata);
int LDAP_CALL ldap_get_option(LDAP *ld, int option, void *optdata);
int LDAP_CALL ldap_unbind(LDAP *ld);
int LDAP_CALL ldap_unbind_s(LDAP *ld);

/*
 * perform ldap operations and obtain results
 */
int LDAP_CALL ldap_abandon(LDAP *ld, int msgid);
int LDAP_CALL ldap_add(LDAP *ld, const char *dn, LDAPMod **attrs);
int LDAP_CALL ldap_add_s(LDAP *ld, const char *dn, LDAPMod **attrs);
int LDAP_CALL ldap_simple_bind(LDAP *ld, const char *who,
        const char *passwd);
int LDAP_CALL ldap_simple_bind_s(LDAP *ld, const char *who,
        const char *passwd);
int LDAP_CALL ldap_modify(LDAP *ld, const char *dn, LDAPMod **mods);
int LDAP_CALL ldap_modify_s(LDAP *ld, const char *dn,
        LDAPMod **mods);
int LDAP_CALL ldap_modrdn(LDAP *ld, const char *dn,
        const char *newrdn);
int LDAP_CALL ldap_modrdn_s(LDAP *ld, const char *dn,
        const char *newrdn);

/* The following 2 functions are deprecated */
int LDAP_CALL ldap_modrdn2(LDAP *ld, const char *dn,
        const char *newrdn, int deleteoldrdn);
int LDAP_CALL ldap_modrdn2_s(LDAP *ld, const char *dn,
        const char *newrdn, int deleteoldrdn);

int LDAP_CALL ldap_compare(LDAP *ld, const char *dn,
        const char *attr, const char *value);
int LDAP_CALL ldap_compare_s(LDAP *ld, const char *dn,
        const char *attr, const char *value);
int LDAP_CALL ldap_delete(LDAP *ld, const char *dn);
int LDAP_CALL ldap_delete_s(LDAP *ld, const char *dn);
int LDAP_CALL ldap_search(LDAP *ld, const char *base, int scope,
        const char *filter, char **attrs, int attrsonly);
int LDAP_CALL ldap_search_s(LDAP *ld, const char *base, int scope,
        const char *filter, char **attrs, int attrsonly, LDAPMessage **res);
int LDAP_CALL ldap_search_st(LDAP *ld, const char *base, int scope,
        const char *filter, char **attrs, int attrsonly,
        struct timeval *timeout, LDAPMessage **res);
int LDAP_CALL ldap_result(LDAP *ld, int msgid, int all,
        struct timeval *timeout, LDAPMessage **result);
int LDAP_CALL ldap_msgfree(LDAPMessage *lm);
int LDAP_CALL ldap_msgid(LDAPMessage *lm);
int LDAP_CALL ldap_msgtype(LDAPMessage *lm);


/*
 * Routines to parse/deal with results and errors returned
 */
int LDAP_CALL ldap_result2error(LDAP *ld, LDAPMessage *r,
        int freeit);
char *LDAP_CALL ldap_err2string(int err);
LDAP_API(void) LDAP_CALL ldap_perror(LDAP *ld, const char *s);
LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_entry(LDAP *ld,
        LDAPMessage *chain);
LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_entry(LDAP *ld,
        LDAPMessage *entry);
int LDAP_CALL ldap_count_entries(LDAP *ld, LDAPMessage *chain);
char *LDAP_CALL ldap_get_dn(LDAP *ld, LDAPMessage *entry);
char *LDAP_CALL ldap_dn2ufn(const char *dn);
char **LDAP_CALL ldap_explode_dn(const char *dn,
        const int notypes);
char **LDAP_CALL ldap_explode_rdn(const char *rdn,
        const int notypes);
char *LDAP_CALL ldap_first_attribute(LDAP *ld, LDAPMessage *entry,
        BerElement **ber);
char *LDAP_CALL ldap_next_attribute(LDAP *ld, LDAPMessage *entry,
        BerElement *ber);

/* The following function is deprecated */
LDAP_API(void) LDAP_CALL ldap_ber_free(BerElement *ber, int freebuf);

char **LDAP_CALL ldap_get_values(LDAP *ld, LDAPMessage *entry,
        const char *target);
struct berval **LDAP_CALL ldap_get_values_len(LDAP *ld,
        LDAPMessage *entry, const char *target);
int LDAP_CALL ldap_count_values(char **vals);
int LDAP_CALL ldap_count_values_len(struct berval **vals);
LDAP_API(void) LDAP_CALL ldap_value_free(char **vals);
LDAP_API(void) LDAP_CALL ldap_value_free_len(struct berval **vals);
LDAP_API(void) LDAP_CALL ldap_memfree(void *p);


/*
 * LDAPv3 extended operation calls
 */
/*
 * Note: all of the new asynchronous calls return an LDAP error code,
 * not a message id.  A message id is returned via the int *msgidp
 * parameter (usually the last parameter) if appropriate.
 */
int LDAP_CALL ldap_abandon_ext(LDAP *ld, int msgid,
        LDAPControl **serverctrls, LDAPControl **clientctrls);
int LDAP_CALL ldap_add_ext(LDAP *ld, const char *dn, LDAPMod **attrs,
        LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
int LDAP_CALL ldap_add_ext_s(LDAP *ld, const char *dn,
        LDAPMod **attrs, LDAPControl **serverctrls, LDAPControl **clientctrls);
int LDAP_CALL ldap_sasl_bind(LDAP *ld, const char *dn,
        const char *mechanism, const struct berval *cred,
        LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
int LDAP_CALL ldap_sasl_bind_s(LDAP *ld, const char *dn,
        const char *mechanism, const struct berval *cred,
        LDAPControl **serverctrls, LDAPControl **clientctrls,
        struct berval **servercredp);
int LDAP_CALL ldap_modify_ext(LDAP *ld, const char *dn,
        LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls,
        int *msgidp);
int LDAP_CALL ldap_modify_ext_s(LDAP *ld, const char *dn,
        LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls);
int LDAP_CALL ldap_rename(LDAP *ld, const char *dn,
        const char *newrdn, const char *newparent, int deleteoldrdn,
        LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
int LDAP_CALL ldap_rename_s(LDAP *ld, const char *dn,
        const char *newrdn, const char *newparent, int deleteoldrdn,
        LDAPControl **serverctrls, LDAPControl **clientctrls);
int LDAP_CALL ldap_compare_ext(LDAP *ld, const char *dn,
        const char *attr, const struct berval *bvalue,
        LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
int LDAP_CALL ldap_compare_ext_s(LDAP *ld, const char *dn,
        const char *attr, const struct berval *bvalue,
        LDAPControl **serverctrls, LDAPControl **clientctrls);
int LDAP_CALL ldap_delete_ext(LDAP *ld, const char *dn,
        LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
int LDAP_CALL ldap_delete_ext_s(LDAP *ld, const char *dn,
        LDAPControl **serverctrls, LDAPControl **clientctrls);
int LDAP_CALL ldap_search_ext(LDAP *ld, const char *base,
        int scope, const char *filter, char **attrs, int attrsonly,
        LDAPControl **serverctrls, LDAPControl **clientctrls,
        struct timeval *timeoutp, int sizelimit, int *msgidp);
int LDAP_CALL ldap_search_ext_s(LDAP *ld, const char *base,
        int scope, const char *filter, char **attrs, int attrsonly,
        LDAPControl **serverctrls, LDAPControl **clientctrls,
        struct timeval *timeoutp, int sizelimit, LDAPMessage **res);
int LDAP_CALL ldap_extended_operation(LDAP *ld,
        const char *requestoid, const struct berval *requestdata,
        LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
int LDAP_CALL ldap_extended_operation_s(LDAP *ld,
        const char *requestoid, const struct berval *requestdata,
        LDAPControl **serverctrls, LDAPControl **clientctrls,
        char **retoidp, struct berval **retdatap);
int LDAP_CALL ldap_unbind_ext(LDAP *ld, LDAPControl **serverctrls,
        LDAPControl **clientctrls);


/*
 * LDAPv3 extended parsing / result handling calls
 */
int LDAP_CALL ldap_parse_sasl_bind_result(LDAP *ld,
        LDAPMessage *res, struct berval **servercredp, int freeit);
int LDAP_CALL ldap_parse_result(LDAP *ld, LDAPMessage *res,
        int *errcodep, char **matcheddnp, char **errmsgp, char ***referralsp,
        LDAPControl ***serverctrlsp, int freeit);
int LDAP_CALL ldap_parse_extended_result(LDAP *ld, LDAPMessage *res,
        char **retoidp, struct berval **retdatap, int freeit);
LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_message(LDAP *ld,
        LDAPMessage *res);
LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_message(LDAP *ld,
        LDAPMessage *msg);
int LDAP_CALL ldap_count_messages(LDAP *ld, LDAPMessage *res);
LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_reference(LDAP *ld,
        LDAPMessage *res);
LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_reference(LDAP *ld,
        LDAPMessage *ref);
int LDAP_CALL ldap_count_references(LDAP *ld, LDAPMessage *res);
int LDAP_CALL ldap_parse_reference(LDAP *ld, LDAPMessage *ref,
        char ***referralsp, LDAPControl ***serverctrlsp, int freeit);
int LDAP_CALL ldap_get_entry_controls(LDAP *ld, LDAPMessage *entry,
        LDAPControl ***serverctrlsp);
LDAP_API(void) LDAP_CALL ldap_control_free(LDAPControl *ctrl);
LDAP_API(void) LDAP_CALL ldap_controls_free(LDAPControl **ctrls);

#ifdef  _SOLARIS_SDK
char ** ldap_get_reference_urls(LDAP *ld, LDAPMessage *res);
#endif


/* End of core standard C LDAP API definitions */

/*
 * Server side sorting of search results (an LDAPv3 extension --
 * LDAP_API_FEATURE_SERVER_SIDE_SORT)
 */
typedef struct LDAPsortkey {    /* structure for a sort-key */
        char *sk_attrtype;
        char *sk_matchruleoid;
        int     sk_reverseorder;
} LDAPsortkey;

int LDAP_CALL ldap_create_sort_control(LDAP *ld,
        LDAPsortkey **sortKeyList, const char ctl_iscritical,
        LDAPControl **ctrlp);
int LDAP_CALL ldap_parse_sort_control(LDAP *ld,
        LDAPControl **ctrls, unsigned long *result, char **attribute);

LDAP_API(void) LDAP_CALL ldap_free_sort_keylist(LDAPsortkey **sortKeyList);
int LDAP_CALL ldap_create_sort_keylist(LDAPsortkey ***sortKeyList,
        const char *string_rep);


/*
 * Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW)
 */
/*
 * structure that describes a VirtualListViewRequest control.
 * note that ldvlist_index and ldvlist_size are only relevant to
 * ldap_create_virtuallist_control() if ldvlist_attrvalue is NULL.
 */
typedef struct ldapvirtuallist {
    unsigned long       ldvlist_before_count;   /* # entries before target */
    unsigned long   ldvlist_after_count;        /* # entries after target */
    char            *ldvlist_attrvalue;         /* jump to this value */
    unsigned long   ldvlist_index;              /* list offset */
    unsigned long   ldvlist_size;               /* number of items in vlist */
    void        *ldvlist_extradata;             /* for use by application */
} LDAPVirtualList;

/*
 * VLV functions:
 */
int LDAP_CALL ldap_create_virtuallist_control(LDAP *ld,
        LDAPVirtualList *ldvlistp, LDAPControl **ctrlp);

int LDAP_CALL ldap_parse_virtuallist_control(LDAP *ld,
        LDAPControl **ctrls, unsigned long *target_posp,
        unsigned long *list_sizep, int *errcodep);


/*
 * Routines for creating persistent search controls and for handling
 * "entry changed notification" controls (an LDAPv3 extension --
 * LDAP_API_FEATURE_PERSISTENT_SEARCH)
 */
#define LDAP_CHANGETYPE_ADD             1
#define LDAP_CHANGETYPE_DELETE          2
#define LDAP_CHANGETYPE_MODIFY          4
#define LDAP_CHANGETYPE_MODDN           8
#define LDAP_CHANGETYPE_ANY             (1|2|4|8)
int LDAP_CALL ldap_create_persistentsearch_control(LDAP *ld,
        int changetypes, int changesonly, int return_echg_ctls,
        char ctl_iscritical, LDAPControl **ctrlp);
int LDAP_CALL ldap_parse_entrychange_control(LDAP *ld,
        LDAPControl **ctrls, int *chgtypep, char **prevdnp,
        int *chgnumpresentp, ber_int_t *chgnump);


/*
 * Routines for creating Proxied Authorization controls (an LDAPv3
 * extension -- LDAP_API_FEATURE_PROXY_AUTHORIZATION)
 * ldap_create_proxyauth_control() is for the old (version 1) control.
 * ldap_create_proxiedauth_control() is for the newer (version 2) control.
 * Version 1 is supported by iPlanet Directory Server 4.1 and later.
 * Version 2 is supported by iPlanet Directory Server 5.0 and later.
 */
int LDAP_CALL ldap_create_proxyauth_control(LDAP *ld,
        const char *dn, const char ctl_iscritical, LDAPControl **ctrlp);
int LDAP_CALL ldap_create_proxiedauth_control(LDAP *ld,
        const char *authzid, LDAPControl **ctrlp);


/*
 * Functions to get and set LDAP error information (API extension --
 * LDAP_API_FEATURE_X_LDERRNO )
 */
int LDAP_CALL ldap_get_lderrno(LDAP *ld, char **m, char **s);
int LDAP_CALL ldap_set_lderrno(LDAP *ld, int e, char *m, char *s);


/*
 * LDAP URL functions and definitions (an API extension --
 * LDAP_API_FEATURE_X_URL_FUNCTIONS)
 */
/*
 * types for ldap URL handling
 */
typedef struct ldap_url_desc {
    char                *lud_host;
    int                 lud_port;
    char                *lud_dn;
    char                **lud_attrs;
    int                 lud_scope;
    char                *lud_filter;
    unsigned long       lud_options;
#define LDAP_URL_OPT_SECURE     0x01
    char        *lud_string;    /* for internal use only */
} LDAPURLDesc;

#define NULLLDAPURLDESC ((LDAPURLDesc *)NULL)

/*
 * possible errors returned by ldap_url_parse()
 */
#define LDAP_URL_ERR_NOTLDAP    1       /* URL doesn't begin with "ldap://" */
#define LDAP_URL_ERR_NODN       2       /* URL has no DN (required) */
#define LDAP_URL_ERR_BADSCOPE   3       /* URL scope string is invalid */
#define LDAP_URL_ERR_MEM        4       /* can't allocate memory space */
#define LDAP_URL_ERR_PARAM      5       /* bad parameter to an URL function */
#define LDAP_URL_ERR_HOSTPORT   6       /* URL hostcode is invalid */

/*
 * URL functions:
 */
int LDAP_CALL ldap_is_ldap_url(const char *url);
int LDAP_CALL ldap_url_parse(const char *url, LDAPURLDesc **ludpp);
int LDAP_CALL ldap_url_parse_nodn(const char *url, LDAPURLDesc **ludpp);
LDAP_API(void) LDAP_CALL ldap_free_urldesc(LDAPURLDesc *ludp);
int LDAP_CALL ldap_url_search(LDAP *ld, const char *url,
        int attrsonly);
int LDAP_CALL ldap_url_search_s(LDAP *ld, const char *url,
        int attrsonly, LDAPMessage **res);
int LDAP_CALL ldap_url_search_st(LDAP *ld, const char *url,
        int attrsonly, struct timeval *timeout, LDAPMessage **res);

#ifdef  _SOLARIS_SDK
/*
 * Additional URL functions plus Character set, Search Preference
 * and Display Template functions moved from internal header files
 */

/*
 * URL functions
 */
char *ldap_dns_to_url(LDAP *ld, char *dns_name, char *attrs,
        char *scope, char *filter);
char *ldap_dn_to_url(LDAP *ld, char *dn, int nameparts);

/*
 * Character set functions
 */
#ifdef  STR_TRANSLATION
void ldap_set_string_translators(LDAP *ld,
        BERTranslateProc encode_proc, BERTranslateProc decode_proc);
int ldap_translate_from_t61(LDAP *ld, char **bufp,
        unsigned long *lenp, int free_input);
int ldap_translate_to_t61(LDAP *ld, char **bufp,
        unsigned long *lenp, int free_input);
void ldap_enable_translation(LDAP *ld, LDAPMessage *entry,
        int enable);
#ifdef  LDAP_CHARSET_8859
int ldap_t61_to_8859(char **bufp, unsigned long *buflenp,
        int free_input);
int ldap_8859_to_t61(char **bufp, unsigned long *buflenp,
        int free_input);
#endif  /* LDAP_CHARSET_8859 */
#endif  /* STR_TRANSLATION */

/*
 * Display Temple functions/structures
 */
/*
 * display template item structure
 */
struct ldap_tmplitem {
    unsigned long               ti_syntaxid;
    unsigned long               ti_options;
    char                        *ti_attrname;
    char                        *ti_label;
    char                        **ti_args;
    struct ldap_tmplitem        *ti_next_in_row;
    struct ldap_tmplitem        *ti_next_in_col;
    void                        *ti_appdata;
};

#define NULLTMPLITEM    ((struct ldap_tmplitem *)0)

#define LDAP_SET_TMPLITEM_APPDATA(ti, datap)  \
        (ti)->ti_appdata = (void *)(datap)

#define LDAP_GET_TMPLITEM_APPDATA(ti, type)   \
        (type)((ti)->ti_appdata)

#define LDAP_IS_TMPLITEM_OPTION_SET(ti, option)       \
        (((ti)->ti_options & option) != 0)

/*
 * object class array structure
 */
struct ldap_oclist {
    char                **oc_objclasses;
    struct ldap_oclist  *oc_next;
};

#define NULLOCLIST      ((struct ldap_oclist *)0)


/*
 * add defaults list
 */
struct ldap_adddeflist {
    int                 ad_source;
#define LDAP_ADSRC_CONSTANTVALUE        1
#define LDAP_ADSRC_ADDERSDN             2
    char                *ad_attrname;
    char                *ad_value;
    struct ldap_adddeflist      *ad_next;
};

#define NULLADLIST      ((struct ldap_adddeflist *)0)


/*
 * display template global options
 * if this bit is set in dt_options, it applies.
 */
/*
 * users should be allowed to try to add objects of these entries
 */
#define LDAP_DTMPL_OPT_ADDABLE          0x00000001L

/*
 * users should be allowed to do "modify RDN" operation of these entries
 */
#define LDAP_DTMPL_OPT_ALLOWMODRDN      0x00000002L

/*
 * this template is an alternate view, not a primary view
 */
#define LDAP_DTMPL_OPT_ALTVIEW  0x00000004L


/*
 * display template structure
 */
struct ldap_disptmpl {
    char                        *dt_name;
    char                        *dt_pluralname;
    char                        *dt_iconname;
    unsigned long               dt_options;
    char                        *dt_authattrname;
    char                        *dt_defrdnattrname;
    char                        *dt_defaddlocation;
    struct ldap_oclist          *dt_oclist;
    struct ldap_adddeflist      *dt_adddeflist;
    struct ldap_tmplitem        *dt_items;
    void                        *dt_appdata;
    struct ldap_disptmpl        *dt_next;
};

#define NULLDISPTMPL    ((struct ldap_disptmpl *)0)

#define LDAP_SET_DISPTMPL_APPDATA(dt, datap)  \
        (dt)->dt_appdata = (void *)(datap)

#define LDAP_GET_DISPTMPL_APPDATA(dt, type)   \
        (type)((dt)->dt_appdata)

#define LDAP_IS_DISPTMPL_OPTION_SET(dt, option)       \
        (((dt)->dt_options & option) != 0)

#define LDAP_TMPL_ERR_VERSION   1
#define LDAP_TMPL_ERR_MEM       2
#define LDAP_TMPL_ERR_SYNTAX    3
#define LDAP_TMPL_ERR_FILE      4

/*
 * buffer size needed for entry2text and vals2text
 */
#define LDAP_DTMPL_BUFSIZ       8192

typedef int (*writeptype)(void *writeparm, char *p, int len);

LDAP_API(int)
LDAP_CALL
ldap_init_templates(char *file, struct ldap_disptmpl **tmpllistp);

LDAP_API(int)
LDAP_CALL
ldap_init_templates_buf(char *buf, long buflen,
        struct ldap_disptmpl **tmpllistp);

LDAP_API(void)
LDAP_CALL
ldap_free_templates(struct ldap_disptmpl *tmpllist);

LDAP_API(struct ldap_disptmpl *)
LDAP_CALL
ldap_first_disptmpl(struct ldap_disptmpl *tmpllist);

LDAP_API(struct ldap_disptmpl *)
LDAP_CALL
ldap_next_disptmpl(struct ldap_disptmpl *tmpllist,
        struct ldap_disptmpl *tmpl);

LDAP_API(struct ldap_disptmpl *)
LDAP_CALL
ldap_name2template(char *name, struct ldap_disptmpl *tmpllist);

LDAP_API(struct ldap_disptmpl *)
LDAP_CALL
ldap_oc2template(char **oclist, struct ldap_disptmpl *tmpllist);

LDAP_API(char **)
LDAP_CALL
ldap_tmplattrs(struct ldap_disptmpl *tmpl, char **includeattrs, int exclude,
        unsigned long syntaxmask);

LDAP_API(struct ldap_tmplitem *)
LDAP_CALL
ldap_first_tmplrow(struct ldap_disptmpl *tmpl);

LDAP_API(struct ldap_tmplitem *)
LDAP_CALL
ldap_next_tmplrow(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row);

LDAP_API(struct ldap_tmplitem *)
LDAP_CALL
ldap_first_tmplcol(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row);

LDAP_API(struct ldap_tmplitem *)
LDAP_CALL
ldap_next_tmplcol(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row,
        struct ldap_tmplitem *col);

LDAP_API(int)
LDAP_CALL
ldap_entry2text(LDAP *ld, char *buf, LDAPMessage *entry,
        struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
        writeptype writeproc, void *writeparm, char *eol, int rdncount,
        unsigned long opts);

LDAP_API(int)
LDAP_CALL
ldap_vals2text(LDAP *ld, char *buf, char **vals, char *label, int labelwidth,
        unsigned long syntaxid, writeptype writeproc, void *writeparm,
        char *eol, int rdncount);

LDAP_API(int)
LDAP_CALL
ldap_entry2text_search(LDAP *ld, char *dn, char *base, LDAPMessage *entry,
        struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
        writeptype writeproc, void *writeparm, char *eol, int rdncount,
        unsigned long opts);

LDAP_API(int)
LDAP_CALL
ldap_entry2html(LDAP *ld, char *buf, LDAPMessage *entry,
        struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
        writeptype writeproc, void *writeparm, char *eol, int rdncount,
        unsigned long opts, char *urlprefix, char *base);

LDAP_API(int)
LDAP_CALL
ldap_vals2html(LDAP *ld, char *buf, char **vals, char *label, int labelwidth,
        unsigned long syntaxid, writeptype writeproc, void *writeparm,
        char *eol, int rdncount, char *urlprefix);

LDAP_API(int)
LDAP_CALL
ldap_entry2html_search(LDAP *ld, char *dn, char *base, LDAPMessage *entry,
        struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
        writeptype writeproc, void *writeparm, char *eol, int rdncount,
        unsigned long opts, char *urlprefix);

/*
 * Search Preference Definitions
 */

struct ldap_searchattr {
        char                            *sa_attrlabel;
        char                            *sa_attr;
                                        /* max 32 matchtypes for now */
        unsigned long                   sa_matchtypebitmap;
        char                            *sa_selectattr;
        char                            *sa_selecttext;
        struct ldap_searchattr          *sa_next;
};

struct ldap_searchmatch {
        char                            *sm_matchprompt;
        char                            *sm_filter;
        struct ldap_searchmatch         *sm_next;
};

struct ldap_searchobj {
        char                            *so_objtypeprompt;
        unsigned long                   so_options;
        char                            *so_prompt;
        short                           so_defaultscope;
        char                            *so_filterprefix;
        char                            *so_filtertag;
        char                            *so_defaultselectattr;
        char                            *so_defaultselecttext;
        struct ldap_searchattr          *so_salist;
        struct ldap_searchmatch         *so_smlist;
        struct ldap_searchobj           *so_next;
};

#define NULLSEARCHOBJ                   ((struct ldap_searchobj *)0)

/*
 * global search object options
 */
#define LDAP_SEARCHOBJ_OPT_INTERNAL     0x00000001

#define LDAP_IS_SEARCHOBJ_OPTION_SET(so, option)      \
        (((so)->so_options & option) != 0)

#define LDAP_SEARCHPREF_VERSION_ZERO    0
#define LDAP_SEARCHPREF_VERSION         1

#define LDAP_SEARCHPREF_ERR_VERSION     1
#define LDAP_SEARCHPREF_ERR_MEM         2
#define LDAP_SEARCHPREF_ERR_SYNTAX      3
#define LDAP_SEARCHPREF_ERR_FILE        4

LDAP_API(int)
LDAP_CALL
ldap_init_searchprefs(char *file, struct ldap_searchobj **solistp);

LDAP_API(int)
LDAP_CALL
ldap_init_searchprefs_buf(char *buf, long buflen,
        struct ldap_searchobj **solistp);

LDAP_API(void)
LDAP_CALL
ldap_free_searchprefs(struct ldap_searchobj *solist);

LDAP_API(struct ldap_searchobj *)
LDAP_CALL
ldap_first_searchobj(struct ldap_searchobj *solist);

LDAP_API(struct ldap_searchobj *)
LDAP_CALL
ldap_next_searchobj(struct ldap_searchobj *sollist,
struct ldap_searchobj *so);

/*
 * specific LDAP instantiations of BER types we know about
 */

/* general stuff */
#define LDAP_TAG_MESSAGE        0x30   /* tag is 16 + constructed bit */
#define LDAP_TAG_MSGID          0x02   /* INTEGER */
#define LDAP_TAG_CONTROLS       0xa0   /* context specific + constructed + 0 */
#define LDAP_TAG_REFERRAL       0xa3   /* context specific + constructed + 3 */
#define LDAP_TAG_NEWSUPERIOR    0x80   /* context specific + primitive + 0 */
#define LDAP_TAG_SASL_RES_CREDS 0x87   /* context specific + primitive + 7 */
#define LDAP_TAG_VLV_BY_INDEX   0xa0   /* context specific + constructed + 0 */
#define LDAP_TAG_VLV_BY_VALUE   0x81   /* context specific + primitive + 1 */
/* tag for sort control */
#define LDAP_TAG_SK_MATCHRULE   0x80L   /* context specific + primitive + 0 */
#define LDAP_TAG_SK_REVERSE     0x81L   /* context specific + primitive + 1 */
#define LDAP_TAG_SR_ATTRTYPE    0x80L   /* context specific + primitive + 0 */

/* possible operations a client can invoke */
#define LDAP_REQ_BIND   0x60   /* application + constructed + 0 */
#define LDAP_REQ_UNBIND         0x42   /* application + primitive   + 2 */
#define LDAP_REQ_SEARCH         0x63   /* application + constructed + 3 */
#define LDAP_REQ_MODIFY         0x66   /* application + constructed + 6 */
#define LDAP_REQ_ADD            0x68   /* application + constructed + 8 */
#define LDAP_REQ_DELETE         0x4a   /* application + primitive   + 10 */
#define LDAP_REQ_MODRDN         0x6c   /* application + constructed + 12 */
#define LDAP_REQ_MODDN          0x6c   /* application + constructed + 12 */
#define LDAP_REQ_RENAME         0x6c   /* application + constructed + 12 */
#define LDAP_REQ_COMPARE        0x6e   /* application + constructed + 14 */
#define LDAP_REQ_ABANDON        0x50   /* application + primitive   + 16 */
#define LDAP_REQ_EXTENDED       0x77   /* application + constructed + 23 */

/* U-M LDAP release 3.0 compatibility stuff */
#define LDAP_REQ_UNBIND_30      0x62
#define LDAP_REQ_DELETE_30      0x6a
#define LDAP_REQ_ABANDON_30     0x70

/* U-M LDAP 3.0 compatibility auth methods */
#define LDAP_AUTH_SIMPLE_30     0xa0   /* context specific + constructed */
#define LDAP_AUTH_KRBV41_30     0xa1   /* context specific + constructed */
#define LDAP_AUTH_KRBV42_30     0xa2   /* context specific + constructed */

/* filter types */
#define LDAP_FILTER_AND         0xa0   /* context specific + constructed + 0 */
#define LDAP_FILTER_OR          0xa1   /* context specific + constructed + 1 */
#define LDAP_FILTER_NOT         0xa2   /* context specific + constructed + 2 */
#define LDAP_FILTER_EQUALITY    0xa3   /* context specific + constructed + 3 */
#define LDAP_FILTER_SUBSTRINGS  0xa4   /* context specific + constructed + 4 */
#define LDAP_FILTER_GE          0xa5   /* context specific + constructed + 5 */
#define LDAP_FILTER_LE          0xa6   /* context specific + constructed + 6 */
#define LDAP_FILTER_PRESENT     0x87   /* context specific + primitive   + 7 */
#define LDAP_FILTER_APPROX      0xa8   /* context specific + constructed + 8 */
#define LDAP_FILTER_EXTENDED    0xa9   /* context specific + constructed + 0 */

/* U-M LDAP 3.0 compatibility filter types */
#define LDAP_FILTER_PRESENT_30  0xa7   /* context specific + constructed */

/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL  0x80   /* context specific + primitive + 0 */
#define LDAP_SUBSTRING_ANY      0x81   /* context specific + primitive + 1 */
#define LDAP_SUBSTRING_FINAL    0x82   /* context specific + primitive + 2 */

/* U-M LDAP 3.0 compatibility substring filter component types */
#define LDAP_SUBSTRING_INITIAL_30       0xa0   /* context specific */
#define LDAP_SUBSTRING_ANY_30           0xa1   /* context specific */
#define LDAP_SUBSTRING_FINAL_30         0xa2   /* context specific */

#endif  /* _SOLARIS_SDK */

/*
 * Function to dispose of an array of LDAPMod structures (an API extension).
 * Warning: don't use this unless the mods array was allocated using the
 * same memory allocator as is being used by libldap.
 */
LDAP_API(void) LDAP_CALL ldap_mods_free(LDAPMod **mods, int freemods);

/*
 * Preferred language and get_lang_values (an API extension --
 * LDAP_API_FEATURE_X_GETLANGVALUES)
 *
 * The following two APIs are deprecated
 */

char **LDAP_CALL ldap_get_lang_values(LDAP *ld, LDAPMessage *entry,
        const char *target, char **type);
struct berval **LDAP_CALL ldap_get_lang_values_len(LDAP *ld,
        LDAPMessage *entry, const char *target, char **type);


/*
 * Rebind callback function (an API extension)
 */
#define LDAP_OPT_REBIND_FN              0x06    /* 6 - API extension */
#define LDAP_OPT_REBIND_ARG             0x07    /* 7 - API extension */
typedef int (LDAP_CALL LDAP_CALLBACK LDAP_REBINDPROC_CALLBACK)(LDAP *ld,
        char **dnp, char **passwdp, int *authmethodp, int freeit, void *arg);
LDAP_API(void) LDAP_CALL ldap_set_rebind_proc(LDAP *ld,
        LDAP_REBINDPROC_CALLBACK *rebindproc, void *arg);

/*
 * Thread function callbacks (an API extension --
 * LDAP_API_FEATURE_X_THREAD_FUNCTIONS).
 */
#define LDAP_OPT_THREAD_FN_PTRS         0x05    /* 5 - API extension */

/*
 * Thread callback functions:
 */
typedef void *(LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_ALLOC_CALLBACK)(void);
typedef void (LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_FREE_CALLBACK)(void *m);
typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_LOCK_CALLBACK)(void *m);
typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_UNLOCK_CALLBACK)(void *m);
typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_GET_ERRNO_CALLBACK)(void);
typedef void (LDAP_C LDAP_CALLBACK LDAP_TF_SET_ERRNO_CALLBACK)(int e);
typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_GET_LDERRNO_CALLBACK)(
        char **matchedp, char **errmsgp, void *arg);
typedef void    (LDAP_C LDAP_CALLBACK LDAP_TF_SET_LDERRNO_CALLBACK)(int err,
        char *matched, char *errmsg, void *arg);

/*
 * Structure to hold thread function pointers:
 */
struct ldap_thread_fns {
        LDAP_TF_MUTEX_ALLOC_CALLBACK *ltf_mutex_alloc;
        LDAP_TF_MUTEX_FREE_CALLBACK *ltf_mutex_free;
        LDAP_TF_MUTEX_LOCK_CALLBACK *ltf_mutex_lock;
        LDAP_TF_MUTEX_UNLOCK_CALLBACK *ltf_mutex_unlock;
        LDAP_TF_GET_ERRNO_CALLBACK *ltf_get_errno;
        LDAP_TF_SET_ERRNO_CALLBACK *ltf_set_errno;
        LDAP_TF_GET_LDERRNO_CALLBACK *ltf_get_lderrno;
        LDAP_TF_SET_LDERRNO_CALLBACK *ltf_set_lderrno;
        void    *ltf_lderrno_arg;
};

/*
 * Client side sorting of entries (an API extension --
 * LDAP_API_FEATURE_X_CLIENT_SIDE_SORT)
 */
/*
 * Client side sorting callback functions:
 */
typedef const struct berval *(LDAP_C LDAP_CALLBACK
        LDAP_KEYGEN_CALLBACK)(void *arg, LDAP *ld, LDAPMessage *entry);
typedef int (LDAP_C LDAP_CALLBACK
        LDAP_KEYCMP_CALLBACK)(void *arg, const struct berval *,
        const struct berval *);
typedef void (LDAP_C LDAP_CALLBACK
        LDAP_KEYFREE_CALLBACK)(void *arg, const struct berval *);
typedef int (LDAP_C LDAP_CALLBACK
        LDAP_CMP_CALLBACK)(const char *val1, const char *val2);
typedef int (LDAP_C LDAP_CALLBACK
        LDAP_VALCMP_CALLBACK)(const char **val1p, const char **val2p);

/*
 * Client side sorting functions:
 */
int LDAP_CALL ldap_multisort_entries(LDAP *ld, LDAPMessage **chain,
        char **attr, LDAP_CMP_CALLBACK *cmp);
int LDAP_CALL ldap_sort_entries(LDAP *ld, LDAPMessage **chain,
        char *attr, LDAP_CMP_CALLBACK *cmp);
int LDAP_CALL ldap_sort_values(LDAP *ld, char **vals,
        LDAP_VALCMP_CALLBACK *cmp);
int LDAP_C LDAP_CALLBACK ldap_sort_strcasecmp(const char **a,
        const char **b);


/*
 * Filter functions and definitions (an API extension --
 * LDAP_API_FEATURE_X_FILTER_FUNCTIONS)
 */
/*
 * Structures, constants, and types for filter utility routines:
 */
typedef struct ldap_filt_info {
        char                    *lfi_filter;
        char                    *lfi_desc;
        int                     lfi_scope;      /* LDAP_SCOPE_BASE, etc */
        int                     lfi_isexact;    /* exact match filter? */
        struct ldap_filt_info   *lfi_next;
} LDAPFiltInfo;

#define LDAP_FILT_MAXSIZ        1024

typedef struct ldap_filt_list LDAPFiltList; /* opaque filter list handle */
typedef struct ldap_filt_desc LDAPFiltDesc; /* opaque filter desc handle */

/*
 * Filter utility functions:
 */
LDAP_API(LDAPFiltDesc *) LDAP_CALL ldap_init_getfilter(char *fname);
LDAP_API(LDAPFiltDesc *) LDAP_CALL ldap_init_getfilter_buf(char *buf,
        ssize_t buflen);
LDAP_API(LDAPFiltInfo *) LDAP_CALL ldap_getfirstfilter(LDAPFiltDesc *lfdp,
        char *tagpat, char *value);
LDAP_API(LDAPFiltInfo *) LDAP_CALL ldap_getnextfilter(LDAPFiltDesc *lfdp);
int LDAP_CALL ldap_set_filter_additions(LDAPFiltDesc *lfdp,
        char *prefix, char *suffix);
int LDAP_CALL ldap_create_filter(char *buf, unsigned long buflen,
        char *pattern, char *prefix, char *suffix, char *attr,
        char *value, char **valwords);
LDAP_API(void) LDAP_CALL ldap_getfilter_free(LDAPFiltDesc *lfdp);


/*
 * Friendly mapping structure and routines (an API extension)
 */
typedef struct friendly {
        char    *f_unfriendly;
        char    *f_friendly;
} *FriendlyMap;
char *LDAP_CALL ldap_friendly_name(char *filename, char *name,
        FriendlyMap *map);
LDAP_API(void) LDAP_CALL ldap_free_friendlymap(FriendlyMap *map);


/*
 * In Memory Cache (an API extension -- LDAP_API_FEATURE_X_MEMCACHE)
 */
typedef struct ldapmemcache  LDAPMemCache;  /* opaque in-memory cache handle */

int LDAP_CALL ldap_memcache_init(unsigned long ttl,
        unsigned long size, char **baseDNs, struct ldap_thread_fns *thread_fns,
        LDAPMemCache **cachep);
int LDAP_CALL ldap_memcache_set(LDAP *ld, LDAPMemCache *cache);
int LDAP_CALL ldap_memcache_get(LDAP *ld, LDAPMemCache **cachep);
LDAP_API(void) LDAP_CALL ldap_memcache_flush(LDAPMemCache *cache, char *dn,
        int scope);
LDAP_API(void) LDAP_CALL ldap_memcache_destroy(LDAPMemCache *cache);
LDAP_API(void) LDAP_CALL ldap_memcache_update(LDAPMemCache *cache);

/*
 * Server reconnect (an API extension).
 */
#define LDAP_OPT_RECONNECT              0x62    /* 98 - API extension */

/*
 * Asynchronous I/O (an API extension).
 */
/*
 * This option enables completely asynchronous IO.  It works by using ioctl()
 * on the fd, (or tlook())
 */
#define LDAP_OPT_ASYNC_CONNECT          0x63    /* 99 - API extension */

/*
 * I/O function callbacks option (an API extension --
 * LDAP_API_FEATURE_X_IO_FUNCTIONS).
 * Use of the extended I/O functions instead is recommended; see above.
 */
#define LDAP_OPT_IO_FN_PTRS             0x0B    /* 11 - API extension */

/*
 * Extended I/O function callbacks option (an API extension --
 * LDAP_API_FEATURE_X_EXTIO_FUNCTIONS).
 */
#define LDAP_X_OPT_EXTIO_FN_PTRS   (LDAP_OPT_PRIVATE_EXTENSION_BASE + 0x0F00)
        /* 0x4000 + 0x0F00 = 0x4F00 = 20224 - API extension */



/*
 * generalized bind
 */
/*
 * Authentication methods:
 */
#define LDAP_AUTH_NONE          0x00
#define LDAP_AUTH_SIMPLE        0x80
#define LDAP_AUTH_SASL          0xa3
int LDAP_CALL ldap_bind(LDAP *ld, const char *who,
        const char *passwd, int authmethod);
int LDAP_CALL ldap_bind_s(LDAP *ld, const char *who,
        const char *cred, int method);

/*
 * experimental DN format support
 */
char **LDAP_CALL ldap_explode_dns(const char *dn);
int LDAP_CALL ldap_is_dns_dn(const char *dn);

#ifdef  _SOLARIS_SDK
char *ldap_dns_to_dn(char *dns_name, int *nameparts);
#endif


/*
 * user friendly naming/searching routines
 */
typedef int (LDAP_C LDAP_CALLBACK LDAP_CANCELPROC_CALLBACK)(void *cl);
int LDAP_CALL ldap_ufn_search_c(LDAP *ld, char *ufn,
        char **attrs, int attrsonly, LDAPMessage **res,
        LDAP_CANCELPROC_CALLBACK *cancelproc, void *cancelparm);
int LDAP_CALL ldap_ufn_search_ct(LDAP *ld, char *ufn,
        char **attrs, int attrsonly, LDAPMessage **res,
        LDAP_CANCELPROC_CALLBACK *cancelproc, void *cancelparm,
        char *tag1, char *tag2, char *tag3);
int LDAP_CALL ldap_ufn_search_s(LDAP *ld, char *ufn,
        char **attrs, int attrsonly, LDAPMessage **res);
LDAP_API(LDAPFiltDesc *) LDAP_CALL ldap_ufn_setfilter(LDAP *ld, char *fname);
LDAP_API(void) LDAP_CALL ldap_ufn_setprefix(LDAP *ld, char *prefix);
int LDAP_C ldap_ufn_timeout(void *tvparam);

/*
 * functions and definitions that have been replaced by new improved ones
 */
/*
 * Use ldap_get_option() with LDAP_OPT_API_INFO and an LDAPAPIInfo structure
 * instead of ldap_version(). The use of this API is deprecated.
 */
typedef struct _LDAPVersion {
        int sdk_version;        /* Version of the SDK, * 100 */
        int protocol_version;   /* Highest protocol version supported, * 100 */
        int SSL_version;        /* SSL version if this SDK supports it, * 100 */
        int security_level;     /* highest level available */
        int reserved[4];
} LDAPVersion;
#define LDAP_SECURITY_NONE      0
int LDAP_CALL ldap_version(LDAPVersion *ver);

/* use ldap_create_filter() instead of ldap_build_filter() */
LDAP_API(void) LDAP_CALL ldap_build_filter(char *buf, size_t buflen,
        char *pattern, char *prefix, char *suffix, char *attr,
        char *value, char **valwords);
/* use ldap_set_filter_additions() instead of ldap_setfilteraffixes() */
LDAP_API(void) LDAP_CALL ldap_setfilteraffixes(LDAPFiltDesc *lfdp,
        char *prefix, char *suffix);

/* older result types a server can return -- use LDAP_RES_MODDN instead */
#define LDAP_RES_MODRDN                 LDAP_RES_MODDN
#define LDAP_RES_RENAME                 LDAP_RES_MODDN

/* older error messages */
#define LDAP_AUTH_METHOD_NOT_SUPPORTED  LDAP_STRONG_AUTH_NOT_SUPPORTED

/* end of unsupported functions */

#ifdef  _SOLARIS_SDK

/* SSL Functions */

/*
 * these three defines resolve the SSL strength
 * setting auth weak, diables all cert checking
 * the CNCHECK tests for the man in the middle hack
 */
#define LDAPSSL_AUTH_WEAK       0
#define LDAPSSL_AUTH_CERT       1
#define LDAPSSL_AUTH_CNCHECK    2

/*
 * Initialize LDAP library for SSL
 */
LDAP * LDAP_CALL ldapssl_init(const char *defhost, int defport,
        int defsecure);

/*
 * Install I/O routines to make SSL over LDAP possible.
 * Use this after ldap_init() or just use ldapssl_init() instead.
 */
int LDAP_CALL ldapssl_install_routines(LDAP *ld);


/*
 * The next three functions initialize the security code for SSL
 * The first one ldapssl_client_init() does initialization for SSL only
 * The next one supports ldapssl_clientauth_init() intializes security
 * for SSL for client authentication. The third function initializes
 * security for doing SSL with client authentication, and PKCS, that is,
 * the third function initializes the security module database(secmod.db).
 * The parameters are as follows:
 * const char *certdbpath - path to the cert file.  This can be a shortcut
 * to the directory name, if so cert7.db will be postfixed to the string.
 * void *certdbhandle - Normally this is NULL.  This memory will need
 * to be freed.
 * int needkeydb - boolean.  Must be ! = 0 if client Authentification
 * is required
 * char *keydbpath - path to the key database.  This can be a shortcut
 * to the directory name, if so key3.db will be postfixed to the string.
 * void *keydbhandle - Normally this is NULL, This memory will need
 * to be freed
 * int needsecmoddb - boolean.  Must be ! = 0 to assure that the correct
 * security module is loaded into memory
 * char *secmodpath - path to the secmod.  This can be a shortcut to the
 * directory name, if so secmod.db will be postfixed to the string.
 *
 * These three functions are mutually exclusive.  You can only call
 * one.  This means that, for a given process, you must call the
 * appropriate initialization function for the life of the process.
 */


/*
 * Initialize the secure parts (Security and SSL) of the runtime for use
 * by a client application.  This is only called once.
 */
int LDAP_CALL ldapssl_client_init(
    const char *certdbpath, void *certdbhandle);

/*
 * Initialize the secure parts (Security and SSL) of the runtime for use
 * by a client application that may want to do SSL client authentication.
 */
int LDAP_CALL ldapssl_clientauth_init(
    const char *certdbpath, void *certdbhandle,
    const int needkeydb, const char *keydbpath, void *keydbhandle);

/*
 * Initialize the secure parts (Security and SSL) of the runtime for use
 * by a client application that may want to do SSL client authentication.
 */
int LDAP_CALL ldapssl_advclientauth_init(
    const char *certdbpath, void *certdbhandle,
    const int needkeydb, const char *keydbpath, void *keydbhandle,
    const int needsecmoddb, const char *secmoddbpath,
    const int sslstrength);

/*
 * get a meaningful error string back from the security library
 * this function should be called, if ldap_err2string doesn't
 * identify the error code.
 */
const char *LDAP_CALL ldapssl_err2string(const int prerrno);

/*
 * Enable SSL client authentication on the given ld.
 */
int LDAP_CALL ldapssl_enable_clientauth(LDAP *ld, char *keynickname,
        char *keypasswd, char *certnickname);

typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_TOKEN_CALLBACK)
        (void *context, char **tokenname);
typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_PIN_CALLBACK)
        (void *context, const char *tokenname, char **tokenpin);
typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_CERTPATH_CALLBACK)
        (void *context, char **certpath);
typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_KEYPATH_CALLBACK)
        (void *context, char **keypath);
typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_MODPATH_CALLBACK)
        (void *context, char **modulepath);
typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_CERTNAME_CALLBACK)
        (void *context, char **certname);
typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_DONGLEFILENAME_CALLBACK)
        (void *context, char **filename);

#define PKCS_STRUCTURE_ID 1
struct ldapssl_pkcs_fns {
    int local_structure_id;
    void *local_data;
    LDAP_PKCS_GET_CERTPATH_CALLBACK *pkcs_getcertpath;
    LDAP_PKCS_GET_CERTNAME_CALLBACK *pkcs_getcertname;
    LDAP_PKCS_GET_KEYPATH_CALLBACK *pkcs_getkeypath;
    LDAP_PKCS_GET_MODPATH_CALLBACK *pkcs_getmodpath;
    LDAP_PKCS_GET_PIN_CALLBACK *pkcs_getpin;
    LDAP_PKCS_GET_TOKEN_CALLBACK *pkcs_gettokenname;
    LDAP_PKCS_GET_DONGLEFILENAME_CALLBACK *pkcs_getdonglefilename;

};


int LDAP_CALL ldapssl_pkcs_init(const struct ldapssl_pkcs_fns *pfns);

/* end of SSL functions */
#endif  /* _SOLARIS_SDK */

/* SASL options */
#define LDAP_OPT_X_SASL_MECH            0x6100
#define LDAP_OPT_X_SASL_REALM           0x6101
#define LDAP_OPT_X_SASL_AUTHCID         0x6102
#define LDAP_OPT_X_SASL_AUTHZID         0x6103
#define LDAP_OPT_X_SASL_SSF             0x6104 /* read-only */
#define LDAP_OPT_X_SASL_SSF_EXTERNAL    0x6105 /* write-only */
#define LDAP_OPT_X_SASL_SECPROPS        0x6106 /* write-only */
#define LDAP_OPT_X_SASL_SSF_MIN         0x6107
#define LDAP_OPT_X_SASL_SSF_MAX         0x6108
#define LDAP_OPT_X_SASL_MAXBUFSIZE      0x6109

/*
 * ldap_interactive_bind_s Interaction flags
 *  Interactive: prompt always - REQUIRED
 */
#define LDAP_SASL_INTERACTIVE           1U

/*
 * V3 SASL Interaction Function Callback Prototype
 *      when using SASL, interact is pointer to sasl_interact_t
 *  should likely passed in a control (and provided controls)
 */
typedef int (LDAP_SASL_INTERACT_PROC)
        (LDAP *ld, unsigned flags, void* defaults, void *interact);

int LDAP_CALL ldap_sasl_interactive_bind_s(LDAP *ld, const char *dn,
        const char *saslMechanism, LDAPControl **serverControls,
        LDAPControl **clientControls, unsigned flags,
        LDAP_SASL_INTERACT_PROC *proc, void *defaults);

#ifdef  __cplusplus
}
#endif

#endif  /* _LDAP_H */