(cid:226) Oracle Internet Directory Application Developer’s Guide Release 3.0.1 June 2001 Part No. A90152-01 Oracle Internet Directory Application Developer’s Guide, Release 3.0.1 Part No. A90152-01 Copyright © 2001, Oracle Corporation. All rights reserved. Primary Author: Richard Smith Contributing Authors: Henry Abrecht, Ginger Tabora Contributors: Ramakrishna Bollu, Saheli Dey, Bruce Ernst, Rajinder Gupta, Ashish Kolli, Stephen Lee, David Lin, Radhika Moolky, David Saslav Graphic Designer: Valarie Moore The Programs (which include both the software and documentation) contain proprietary information of Oracle Corporation; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs is prohibited. Theinformationcontainedinthisdocumentissubjecttochangewithoutnotice.Ifyoufindanyproblems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation. If the Programs are delivered to the U.S. Government or anyone licensing or using the programs on behalf of the U.S. Government, the following notice is applicable: Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication, and disclosure of the Programs, including documentation, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement. Otherwise, Programs delivered subject to the Federal Acquisition Regulations are "restricted computer software" and use, duplication, and disclosure of the Programs shall be subject to the restrictions in FAR 52.227-19, Commercial Computer Software - Restricted Rights (June, 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and Oracle Corporation disclaims liability for any damages caused by such use of the Programs. Portionsofthisdocumentarefrom"TheCLDAPApplicationProgramInterface,"anInternetDraftofthe Internet Engineering Task Force (Copyright (C) The Internet Society (1997-1999). All Rights Reserved), which expires on 8 April 2000. These portions are used in accordance with the following IETF directives: "This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English." RSA and RC4 are trademarks of RSA Data Security. Portions of Oracle Internet Directory have been licensed by Oracle Corporation from RSA Data Security. This product contains SSLPlus Integration Suite(cid:212), version 1.2,from Consensus Development Corporation. Oracle Directory Manager requires the Java(cid:212) Runtime Environment. The Java(cid:212) Runtime Environment, Version JRE 1.1.6. ("The Software") is developed by Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043. Copyright (c) 1997 Sun Microsystems, Inc. Oracle is a registered trademark, and SQL*Net, SQL*Loader, SQL*Plus, Net8, and Oracle Net Services are trademarks or registered trademarks of Oracle Corporation. Other names may be trademarks of their respective owners. Contents Send Us Your Comments................................................................................................................... ix Preface............................................................................................................................................................ xi 1 Introduction About Oracle Internet Directory Software Developer’s Kit release 3.0.1................................ 1-2 Components of the Oracle Internet Directory Software Developer’s Kit............................... 1-2 Other Components of Oracle Internet Directory.......................................................................... 1-2 Operating Systems Supported......................................................................................................... 1-3 2 Concepts History of LDAP................................................................................................................................. 2-2 Overview of LDAP Models.............................................................................................................. 2-2 LDAP Naming Model.................................................................................................................. 2-2 LDAP Information Model........................................................................................................... 2-4 LDAP Functional Model.............................................................................................................. 2-6 LDAP Security Model.................................................................................................................. 2-6 Authentication.............................................................................................................................. 2-7 Access Control and Authorization............................................................................................. 2-8 Data Integrity................................................................................................................................ 2-9 Data Privacy.................................................................................................................................. 2-9 Password Protection................................................................................................................... 2-10 Password Policies....................................................................................................................... 2-10 About the Oracle Internet Directory API..................................................................................... 2-11 v Initializing an LDAP Session......................................................................................................... 2-14 Initializing the Session by Using the C API............................................................................ 2-14 Initializing the Session by Using DBMS_LDAP..................................................................... 2-15 LDAP Session Handle Options in the C API.............................................................................. 2-16 Enabling Authentication to a Directory Server........................................................................... 2-16 Enabling Authentication to a Directory Server by Using the C API................................... 2-16 Enabling Authentication to a Directory Server by Using DBMS_LDAP............................ 2-17 Searching by Using DBMS_LDAP................................................................................................ 2-18 Flow of Search-Related Operations.......................................................................................... 2-19 Search Scope................................................................................................................................ 2-22 Filters............................................................................................................................................ 2-23 Enabling Session Termination by Using DBMS_LDAP........................................................... 2-24 3 The Oracle Internet Directory C API About the Oracle Internet Directory C API................................................................................... 3-2 Oracle Internet Directory SDK C API SSL Extensions............................................................ 3-2 C API Reference.................................................................................................................................. 3-4 Summary of LDAP C API............................................................................................................ 3-4 Functions........................................................................................................................................ 3-8 Initializing an LDAP Session...................................................................................................... 3-9 LDAP Session Handle Options................................................................................................. 3-10 Working With Controls.............................................................................................................. 3-15 Authenticating to the Directory................................................................................................ 3-17 Closing the Session..................................................................................................................... 3-20 Performing LDAP Operations.................................................................................................. 3-21 Abandoning an Operation......................................................................................................... 3-43 Obtaining Results and Peeking Inside LDAP Messages....................................................... 3-44 Handling Errors and Parsing Results...................................................................................... 3-47 Stepping Through a List of Results.......................................................................................... 3-50 Parsing Search Results............................................................................................................... 3-51 Sample C API Usage......................................................................................................................... 3-62 C API Usage with SSL................................................................................................................ 3-62 C API Usage Without SSL......................................................................................................... 3-63 Building Applications with the C API.......................................................................................... 3-64 Required Header Files and Libraries....................................................................................... 3-64 vi Building a Sample Search Tool................................................................................................. 3-64 Dependencies and Limitations...................................................................................................... 3-77 4 The Oracle Internet Directory PL/SQL API About the PL/SQL API....................................................................................................................... 4-2 Sample PL/SQL Usage....................................................................................................................... 4-2 Using the PL/SQL API from a Database Trigger.................................................................... 4-2 Using the PL/SQL API for a Search........................................................................................ 4-10 Building Applications with PL/SQL LDAP API........................................................................ 4-13 Dependencies and Limitations...................................................................................................... 4-14 PL/SQL Reference............................................................................................................................. 4-14 Summary of Subprograms........................................................................................................ 4-14 Exception Summary................................................................................................................... 4-17 Data-Type Summary.................................................................................................................. 4-19 Subprograms............................................................................................................................... 4-20 5 Command-Line Tools Syntax LDAP Data Interchange Format (LDIF) Syntax............................................................................ 5-2 Command-Line Tools Syntax........................................................................................................... 5-4 ldapadd Syntax............................................................................................................................. 5-5 ldapaddmt Syntax........................................................................................................................ 5-7 ldapbind Syntax............................................................................................................................ 5-9 ldapcompare Syntax................................................................................................................... 5-10 ldapdelete Syntax....................................................................................................................... 5-11 ldapmoddn Syntax..................................................................................................................... 5-13 ldapmodify Syntax..................................................................................................................... 5-15 ldapmodifymt Syntax................................................................................................................ 5-20 ldapsearch Syntax....................................................................................................................... 5-22 Catalog Management Tool Syntax................................................................................................. 5-27 Glossary Index vii viii Send Us Your Comments Oracle Internet Directory Application Developer’s Guide, Release 3.0.1 Part No. A90152-01 Oracle Corporation welcomes your comments and suggestions on the quality and usefulness of this document. Your input is an important part of the information used for revision. n Did you find any errors? n Is the information clearly presented? n Do you need more information? If so, where? n Are the examples correct? Do you need more examples? n What features did you like most? If you find any errors or have any other suggestions for improvement, please indicate the document title and part number, and the chapter, section, and page number (if available). You can send com- ments to us in the following ways: n Electronic mail: [email protected] n FAX: (650) 506-7227 Attn: Server Technologies Documentation Manager n Postal service: Oracle Corporation Server Technologies Documentation 500 Oracle Parkway, Mailstop 4op11 Redwood Shores, CA 94065 USA If you would like a reply, please give your name, address, telephone number, and (optionally) elec- tronic mail address. If you have problems with the software, please contact your local Oracle Support Services. ix x