Table of Contents | Previous | Next | Index

Netscape Directory SDK 3.0 for C Programmer’s Guide

Chapter 11
Getting Server Information

This chapter explains how to access and modify information about your LDAP server over the LDAP protocol.

The chapter includes the following sections:

Understanding DSEs

A DSE is a DSA-specific entry in the directory. (A DSA is a directory system agent, which is an X.500 term for a directory server.) A DSE contains information specific to the server.

In a directory tree, the root of the tree is the root DSE. It is not part of any naming context (for example, it is above "o=Airius.com" in the directory tree).

(Note that the root DSE is specified as part of the LDAP v3 protocol. LDAP v2 servers do not necessarily have a root DSE.)

The root DSE can contain the following information:

Getting the Root DSE

The root DSE for an LDAP server specifies information about the server. The following table lists the types of information available in different attributes of the root DSE.

Table 11.1 Information available in the root DSE
Attribute Name Description of Values

namingContexts

The values of this attribute are the naming contexts supported by this server (for example, "o=Airius.com").

altServer

The values of this attribute are LDAP URLs that identify other servers that can be contacted if this server is unavailable.

supportedExtension

The values of this attribute are the object identifiers (OIDs) of the LDAP v3 extended operations supported by this server.

If this attribute is not in the root DSE, the server does not support any extended operations.

supportedControl

The values of this attribute are the object identifiers (OIDs) of the LDAP v3 controls supported by this server.

If this attribute is not in the root DSE, the server does not support any LDAP v3 controls.

supportedSASLMechanisms

The values of this attribute are the names of the SASL mechanisms supported by the server.

If this attribute is not in the root DSE, the server does not support any SASL mechanisms.

supportedLDAPVersion

The values of this attribute are the versions of the LDAP protocol supported by this server (for example, 2 and 3).

To get the root DSE for an LDAP server, do the following:

  1. Initialize an LDAP session by calling the ldap_init() function.

  2. Turn off automatic referral handling by calling the ldap_set_option() function and setting the LDAP_OPT_REFERRALS option to LDAP_OPT_OFF.

  3. Search the directory using the following criteria:

    4. For details on how to use API functions to search the directory, see Chapter 6, "Searching the Directory".

  4. Check the results of the search.

    5. If the server returns a result code such as LDAP_OPERATIONS_ERROR, LDAP_PROTOCOL_ERROR, LDAP_REFERRAL, or LDAP_NO_SUCH_OBJECT result code, the LDAP server probably does not support LDAP v3.

The following function gets the root DSE for a server and prints out its attributes. The function assumes that you are passing in a valid connection handle (LDAP structure) that you have created by calling ldap_init(). The function returns 0 if successful or 1 if an error occurred. 

int
printdse( LDAP *ld ) 
{
   int rc, i;
   char *matched_msg = NULL, *error_msg = NULL;
   LDAPMessage   *result, *e;
   BerElement   *ber;
   char      *a;
   char      **vals;
   /* Verify that the connection handle is valid. */
   if ( ld == NULL ) {
      fprintf( stderr, "Invalid connection handle.\n" );
      return( 1 );
   }
   /* Set automatic referral processing off. */
   if ( ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF ) != 0 ) {
      rc = ldap_get_lderrno( ld, NULL, NULL );
      fprintf( stderr, "ldap_set_option: %s\n", ldap_err2string( rc ) );
      return( 1 );
   }
   /* Search for the root DSE. */
   rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, "(objectclass=*)", NULL, 0, 
      NULL, NULL, NULL, 0, &result );
   /* Check the search results. */
   switch( rc ) {
   /* If successful, the root DSE was found. */
   case LDAP_SUCCESS:
      break;
   /* If the root DSE was not found, the server does not comply
      with the LDAP v3 protocol. */
   case LDAP_PARTIAL_RESULTS:
   case LDAP_NO_SUCH_OBJECT:
   case LDAP_OPERATIONS_ERROR:
   case LDAP_PROTOCOL_ERROR:
      printf( "LDAP server returned result code %d (%s).\n"
         "This server does not support the LDAP v3 protocol.\n",
         rc, ldap_err2string( rc ) );
      return( 1 );
   /* If any other value is returned, an error must have occurred. */
   default:
      fprintf( stderr, "ldap_search_ext_s: %s\n", ldap_err2string( rc ) );
      return( 1 );
   }
   /* Since only one entry should have matched, get that entry. */
   e = ldap_first_entry( ld, result );
   if ( e == NULL ) {
      fprintf( stderr, "ldap_search_ext_s: Unable to get root DSE.\n");
      ldap_memfree( result );
      return( 1 );
   }
   
   /* Iterate through each attribute in the entry. */
   for ( a = ldap_first_attribute( ld, e, &ber ); 
      a != NULL; a = ldap_next_attribute( ld, e, ber ) ) {
         
      /* Print each value of the attribute. */
      if ((vals = ldap_get_values( ld, e, a)) != NULL ) {
         for ( i = 0; vals[i] != NULL; i++ ) {
            printf( "%s: %s\n", a, vals[i] );
         }
         
         /* Free memory allocated by ldap_get_values(). */
         ldap_value_free( vals );
      }
      
      /* Free memory allocated by ldap_first_attribute(). */
      ldap_memfree( a );
   }
   
   /* Free memory allocated by ldap_first_attribute(). */
   if ( ber != NULL ) {
      ber_free( ber, 0 );
   }
   
   printf( "\n" );
   /* Free memory allocated by ldap_search_ext_s(). */
   ldap_msgfree( result );
   ldap_unbind( ld );
   return( 0 );
}

Determining If the Server Supports LDAP v3

You can determine what version an LDAP server supports by getting the supportedLDAPVersion attribute from the root DSE. This attribute should contain the value 3. (It may also contain other values, such as 2, so you may want to check through the values of this attribute.)

Note that you do not need to authenticate or bind (see "Binding and Authenticating to an LDAP Server" for details) before searching the directory. Unlike the LDAP v2 protocol, the LDAP v3 protocol states that clients do not need to bind to the server before performing LDAP operations.

The following function connects to an LDAP server and determines whether or not that server supports the LDAP v3 protocol. 

...
/* Function for determining if the LDAP server supports LDAP v3. 
   This function returns 1 if the server supports LDAP v3 or 
   0 if the server does not support LDAP v3.
 */
int
check_version( char *hostname, int portnum )
{
   LDAP      *ld;
   int      i, rc, v3supported = 0;
   LDAPMessage   *result, *e;
   BerElement   *ber;
   LDAPControl   **serverctrls = NULL, **clntctrls = NULL;
   char      *a, *dn;
   char      **vals;
   char      *attrs[2];
   char      *filter = "(objectClass=*)";
   /* Check arguments */
   if ( !hostname || !hostname[0] || !portnum ) {
      printf( "Error: hostname or port number not specified\n" );
      return( -1 );
   }
   /* Get a handle to an LDAP connection. */
   if ( (ld = ldap_init( hostname, portnum )) == NULL ) {
      perror( "ldap_init" );
      return( -1 );
   }
   /* Set automatic referral processing off. */
   if ( ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF ) != LDAP_SUCCESS ) {
      ldap_perror( ld, "ldap_set_option" );
      return( -1 );
   }
   /* Search for the root DSE and get the supportedLDAPVersion attribute. */
   attrs[0] = "supportedLDAPVersion";
   attrs[1] = NULL;
   rc = ldap_search_ext_s( ld, "", LDAP_SCOPE_BASE, filter, attrs, 0, 
      serverctrls, clntctrls, NULL, 0, &result );
   /* Check the search results. */
   switch( rc ) {
   /* If successful, the root DSE was found. */
   case LDAP_SUCCESS:
      break;
   /* If the root DSE was not found, the server does not comply
      with the LDAP v3 protocol. */
   case LDAP_PARTIAL_RESULTS:
   case LDAP_NO_SUCH_OBJECT:
   case LDAP_OPERATIONS_ERROR:
   case LDAP_PROTOCOL_ERROR:
      ldap_perror( ld, "ldap_search_ext_s" );
      return( 0 );
      break;
   /* If an different result code is returned, an error may have 
      occurred (for example, the server may be down. */
   default:
      ldap_perror( ld, "ldap_search_ext_s" );
      return( -1 );
      break;
   }
   /* Get the values of the supportedLDAPVersion attribute in the entry. */
   if (( e = ldap_first_entry( ld, result )) != NULL  &&  
       ( a = ldap_first_attribute( ld, e, &ber )) != NULL  && 
       (vals = ldap_get_values( ld, e, a)) != NULL ) {
      for ( i = 0; vals[i] != NULL; i++ ) {
         if ( !strcmp( "3", vals[i] ) ) {
            v3supported = 1;
            break;
         }
      }
      /* Free any memory allocated. */
      ldap_value_free( vals );
      ldap_memfree( a );
      if ( ber != NULL ) {
         ber_free( ber, 0 );
      }
   }
   /* Free memory allocated by ldap_search_ext_s(). */
   ldap_msgfree( result );
   /* Free the ld structure. */
   ldap_unbind_s( ld );
   /* Return a value indicating whether or not LDAP v3 is supported. */
   return( v3supported );
}
...

Getting Schema Information

In the LDAP v3 protocol, an entry can specify the schema that defines the object classes, attributes, and matching rules used by the directory. This entry is called the subschema entry.

To find the DN of the subschema entry, get the subschemaSubentry operational attribute from the root DSE or from any entry. (See "Specifying the Attributes to Retrieve" for details.) For example, in the root DSE for the Netscape Directory Server 3.0, the subschemaSubentry attribute specifies the location of the subschema entry.

The subschema entry itself can have the following attributes:

Table of Contents | Previous | Next | Index

Last Updated: 10/01/98 17:04:51