kxsystems / ldap Goto Github PK

We just have sync operations at the minute. Distinguish between sync/async operations (e.g. C functions end in _s for sync versions.

search/etc can report error codes (e.g. 5i for timeout).
Document/reference error codes.

API has abilities to add/modify/delete/rename, which is more to do with using the client for administration of the server

https://www.openldap.org/software/man.cgi?query=ldap&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

LDAP_X_CONNECTING was missing from ldap docs when doc created - see if explaination can be found/added

Ref:
https://www.openldap.org/software/man.cgi?query=ldap_search_ext_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

links at top of page for bind/etc aren't working (prob broken when ported from code.kx.com)
https://github.com/KxSystems/ldap/blob/master/docs/reference.md

skip_cleanup was previously giving a config warning - recommended to change to cleanup

For release on another repo it printed
"Cleaning up git repository with git stash --all. If you need build artifacts for deployment, set deploy.skip_cleanup: true. See https://docs.travis-ci.com/user/deployment#Uploading-Files-and-skip_cleanup."
and caused release to fail.

Changing back now gives no warning

Create build on windows

Ref: https://www.openldap.org/software/man.cgi?query=ldap_get_option&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

ref: https://www.openldap.org/software/man.cgi?query=ldap_set_option&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

Ref: https://www.openldap.org/software/man.cgi?query=ldap_compare_ext_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

Building package is failing to build on my build box
CMake Error at cmake_install.cmake:62 (FILE):
file INSTALL given no DESTINATION

I dont have q installed on my build box & dont need it to build

e.g. https://github.com/illumos/illumos-gate/blob/4e0c5eff9af325c80994e9527b7cb8b3a1ffd1d4/usr/src/lib/libldap5/sources/ldap/common/cram_md5.c

credentials key is a string but should prob also support byte array for these types of examples

https://www.openldap.org/software/man.cgi?query=ldap_initialize&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

int ldap_initialize(ldp, uri)
LDAP **ldp;
char *uri;

ldap_initialize() acts like ldap_init(), but it returns an integer
indicating either success or the failure reason, and it allows to
specify details for the connection in the schema portion of the URI.
The uri parameter may be a comma- or whitespace-separated list of URIs
containing only the schema, the host, and the port fields. Apart from
ldap, other (non-standard) recognized values of the schema field are
ldaps (LDAP over TLS), ldapi (LDAP over IPC), and cldap (connectionless
LDAP). If other fields are present, the behavior is undefined.

Does ldap_get_option reallocate featInfo.ldapaif_name - would it need to be freed? Need to check

https://www.openldap.org/software/release/license.html

User may do a search with a sizelimit which is more than the servers size limit.
Therefore the user may get the result without knowing that it was actually truncated.
Proving result code along with the results should aid this.

Ref: "Converting msys2 provided libldap.dll to libldap.lib for use with Visual Studio" section on README.md

@@@ It's worth mentioning that you need to run dll2lib.bat from a VS command prompt (it uses a couple of tools on the MSVS path). Or you could check ERRORLEVEL in the .bat file after the calls to dumpbin and lib:

windows : https://packages.msys2.org/package/mingw-w64-x86_64-openldap (2.6.3)
osx : https://formulae.brew.sh/formula/openldap#default (2.6.3)
linux : travis_setup.sh (2.4.50)

Current feature release and lts versions - https://www.openldap.org/software/download/

Not just for user permission/group validation, but can be used to consume & analyse data stored (e.g. whats the employee retention, which user machines are due for refresh, etc).

Caused a problem on a ubuntu 18 box - works ok on centos7 with default libldap

\l ldap.q
\c 25 2000

globalSession:1i
.ldap.init[globalSession;enlist $"ldap://localhost:389"] .ldap.setOption[globalSession;LDAP_OPT_PROTOCOL_VERSION;3]
.ldap.getOption[globalSession;`LDAP_OPT_API_INFO]

e.g.
globalSession:1i
.ldap.bind_s[globalSession;$"";$"";`$""]

Says API codes are positive numbers, but then lists various negative numbers.
Same type of issue with the protocol numbers.

Add .travis.yml file for travis builds/releases.

Ref : https://www.openldap.org/software/man.cgi?query=ld_errno&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

Ref: https://www.openldap.org/software/man.cgi?query=ldap_unbind&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

Ability to bind/etc to >1 session

It might be work checking that the sess idx isn't already in use by
calling getSession(idx) and returning a error is it doesn't return NULL.
Alternatively, rather than having the user specifying the sess idx to
kdbldap_init(), you could generate a unique value, e.g. use a session counter
that gets incremented every time a session is added (but is not decremented
on session remove)

Option to provide a simple bind
https://www.openldap.org/software/man.cgi?query=ldap_sasl_bind_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

Discover what the possible values are for 'mechanism' can be in the following call - ldap_sasl_bind(LDAP *ld, const char *dn, const char *mechanism,

Ref: https://www.openldap.org/software/man.cgi?query=ldap_sasl_bind_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release

Simple bind uses 'LDAP_SASL_SIMPLE'

"...he mechs parameter should contain
a space-separated list of candidate mechanisms to use. If this
parameter is NULL or empty the library will query the
supportedSASLMechanisms attribute from the server's rootDSE for the
list of SASL mechanisms the server supports."

How to take an install package + openldap lib, and get it working

New docs folder wont currently be added to a release build - should be included in the future while docs are there.
.travis.yml example area
e.g.
elif [[ $TRAVIS_OS_NAME == "windows" ]]; then
7z a -tzip $FILE_NAME README.md install.bat LICENSE q examples;
elif [[ $TRAVIS_OS_NAME == "linux" || $TRAVIS_OS_NAME == "osx" ]]; then
tar -zcvf $FILE_NAME README.md install.sh LICENSE q examples;

Example request
.ldap.search_s[mainSession;globalDn;.ldap.LDAP_SCOPE_SUBTREE;$"sAMAccountName=sshanks";enlist $"dn";0;timeout;10000]

Ref:
https://www.openldap.org/software/man.cgi?query=ldap_search_ext_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release (also used in other calls)
https://docs.oracle.com/cd/E19957-01/817-6707/controls.html#wp27635

"According to the LDAPv3, servers should list any controls that they support in the supportedControl attribute in the root DSE. "

Ref: https://docs.oracle.com/cd/E19957-01/817-6707/srvrinfo.html

Create 2 connections, with the first being a host/port that doesn't exist. Check how it resorts to 2nd connection.

TODO comments in ldap.h which are a reminder for docs, which already exist in README.md

running ldapsearch can often print 'additional info' on error e.g.

[root@7f7b9d2027ca qinstall]# LD_LIBRARY_PATH=/usr/lib/:$LD_LIBRARY_PATH ldapsearch -H ldap://simon.edt.org  -D 'dc=edt,dc=org' -Y GSSAPI -N 1 
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Local error (-2)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database)

currently, for -2 error, running
.ldap.err2string[-2i]
gives
"Local error"
as per first line of the ldapsearch error, but would be helpful to be able to get what ldapsearch shows for its 'additional info'.

TODOs for serverctrls in cod - remove the 'TODO' part of these comments (since LDAPControl isn't generic at the mo)

2 different api guides - https://github.com/KxSystems/ldap/blob/master/docs/reference.md (bind ref looks right) - https://github.com/KxSystems/ldap/blob/master/documentation.md (bind ref looks out of date). Also a docs/examples.md & examples/README.md . Relates to docs being mode from code.kx.com. Fix to create single source of truth.

Perform build on OSX

ref:
https://wiki.mozilla.org/Mozilla_LDAP_SDK_Programmer%27s_Guide/Searching_the_Directory_With_LDAP_C_SDK
https://docs.oracle.com/cd/E19957-01/817-6707/functions.html
https://docs.oracle.com/cd/E19957-01/817-6707/functions.html#wp57265
https://docs.oracle.com/cd/E19957-01/817-6707/functions.html#wp56337

ldap_msgtype() can return a result, entry or reference

Example

\l ldap.q
\c 25 2000
timeout:3000000
-1"### Set option";
.ldap.setGlobalOption[`LDAP_OPT_TIMEOUT;timeout]
-1"### Value now set to ";string .ldap.getGlobalOption[`LDAP_OPT_TIMEOUT]
-1"### Done";
exit 0