xref: /illumos-gate/usr/src/lib/libsldap/common/ns_sldap.h (revision 1a220b56b93ff1dc80855691548503117af4cc10)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_SLDAP_H
28 #define	_NS_SLDAP_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <stdio.h>
37 #include <sys/types.h>
38 #include <lber.h>
39 #include <ldap.h>
40 
41 /*
42  * Version
43  */
44 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
45 #define	NS_LDAP_VERSION_1	"1.0"
46 #define	NS_LDAP_VERSION_2	"2.0"
47 
48 /*
49  * Flags
50  */
51 #define	NS_LDAP_HARD		  0x001
52 #define	NS_LDAP_ALL_RES		  0x002
53 
54 /* Search Referral Option */
55 typedef enum SearchRef {
56 	NS_LDAP_FOLLOWREF	= 0x004,
57 	NS_LDAP_NOREF		= 0x008
58 } SearchRef_t;
59 
60 typedef enum ScopeType {
61 	NS_LDAP_SCOPE_BASE	= 0x010,
62 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
63 	NS_LDAP_SCOPE_SUBTREE	= 0x040
64 } ScopeType_t;
65 
66 /*
67  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
68  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
69  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
70  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
71  */
72 
73 #define	NS_LDAP_KEEP_CONN	  0x080
74 #define	NS_LDAP_NEW_CONN	  0x400
75 #define	NS_LDAP_NOMAP		  0x800
76 
77 #define	NS_LDAP_PAGE_CTRL	  0x1000
78 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
79 
80 /*
81  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
82  * to retrieve the DN in LDAP and DN is not to be converted when
83  * being passed back to the application. See __ns_ldap_uid2dn()
84  * and __ns_ldap_host2dn() for such usage.
85  */
86 #define	NS_LDAP_NOT_CVT_DN	0x2000
87 
88 /*
89  * Authentication Information
90  */
91 typedef enum CredLevel {
92 	NS_LDAP_CRED_ANON	= 0,
93 	NS_LDAP_CRED_PROXY	= 1,
94 	NS_LDAP_CRED_SELF	= 2	/* currently not supported */
95 } CredLevel_t;
96 
97 typedef enum AuthType {
98 	NS_LDAP_AUTH_NONE	= 0,
99 	NS_LDAP_AUTH_SIMPLE	= 1,
100 	NS_LDAP_AUTH_SASL	= 2,
101 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
102 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
103 } AuthType_t;
104 
105 typedef enum TlsType {
106 	NS_LDAP_TLS_NONE	= 0,
107 	NS_LDAP_TLS_SIMPLE	= 1,
108 	NS_LDAP_TLS_SASL	= 2
109 } TlsType_t;
110 
111 typedef enum SaslMech {
112 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
113 	NS_LDAP_SASL_CRAM_MD5	= 1,
114 	NS_LDAP_SASL_DIGEST_MD5	= 2,
115 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
116 	NS_LDAP_SASL_GSSAPI	= 4,	/* currently not supported */
117 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
118 } SaslMech_t;
119 
120 typedef enum SaslOpt {
121 	NS_LDAP_SASLOPT_NONE	= 0,
122 	NS_LDAP_SASLOPT_INT	= 1,	/* currently not supported */
123 	NS_LDAP_SASLOPT_PRIV	= 2	/* currently not supported */
124 } SaslOpt_t;
125 
126 typedef enum PrefOnly {
127 	NS_LDAP_PREF_FALSE	= 0,
128 	NS_LDAP_PREF_TRUE	= 1
129 } PrefOnly_t;
130 
131 typedef struct UnixCred {
132 	char	*userID;	/* Unix ID number */
133 	char	*passwd;	/* password */
134 } UnixCred_t;
135 
136 typedef struct CertCred {
137 	char	*path;		/* certificate path */
138 	char	*passwd;	/* password */
139 	char	*nickname;	/* nickname */
140 } CertCred_t;
141 
142 typedef struct ns_auth {
143 	AuthType_t	type;
144 	TlsType_t	tlstype;
145 	SaslMech_t	saslmech;
146 	SaslOpt_t	saslopt;
147 } ns_auth_t;
148 
149 typedef struct ns_cred {
150 	ns_auth_t	auth;
151 	char		*hostcertpath;
152 	union {
153 		UnixCred_t	unix_cred;
154 		CertCred_t	cert_cred;
155 	} cred;
156 } ns_cred_t;
157 
158 
159 typedef struct LineBuf {
160 	char *str;
161 	int len;
162 	int alloc;
163 } LineBuf;
164 
165 /*
166  * Configuration Information
167  */
168 
169 typedef enum {
170 	NS_LDAP_FILE_VERSION_P		= 0,
171 	NS_LDAP_BINDDN_P		= 1,
172 	NS_LDAP_BINDPASSWD_P		= 2,
173 	NS_LDAP_SERVERS_P		= 3,
174 	NS_LDAP_SEARCH_BASEDN_P		= 4,
175 	NS_LDAP_AUTH_P			= 5,
176 /*
177  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
178  * with version 1 clients and their configuration files.  The only
179  * supported value is NS_LDAP_SEC_NONE.  No application should be
180  * using this parameter type (either through getParam or setParam.
181  */
182 	NS_LDAP_TRANSPORT_SEC_P		= 6,
183 	NS_LDAP_SEARCH_REF_P		= 7,
184 	NS_LDAP_DOMAIN_P		= 8,
185 	NS_LDAP_EXP_P			= 9,
186 	NS_LDAP_CERT_PATH_P		= 10,
187 	NS_LDAP_CERT_PASS_P		= 11,
188 	NS_LDAP_SEARCH_DN_P		= 12,
189 	NS_LDAP_SEARCH_SCOPE_P		= 13,
190 	NS_LDAP_SEARCH_TIME_P		= 14,
191 	NS_LDAP_SERVER_PREF_P		= 15,
192 	NS_LDAP_PREF_ONLY_P		= 16,
193 	NS_LDAP_CACHETTL_P		= 17,
194 	NS_LDAP_PROFILE_P		= 18,
195 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
196 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
197 	NS_LDAP_BIND_TIME_P		= 21,
198 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
199 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
200 	NS_LDAP_CERT_NICKNAME_P		= 24,
201 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
202 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
203 	NS_LDAP_HOST_CERTPATH_P		= 27,
204 /*
205  * The following entry (max ParamIndexType) is an internal
206  * placeholder.  It must be the last (and highest value)
207  * entry in this eNum.  Please update accordingly.
208  */
209 	NS_LDAP_MAX_PIT_P		= 28
210 
211 } ParamIndexType;
212 
213 /*
214  * __ns_ldap_*() return codes
215  */
216 typedef enum {
217 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
218 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
219 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
220 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
221 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
222 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
223 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
224 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
225 	NS_LDAP_SUCCESS_WITH_INFO
226 				= 9  /* success, with info in errorp */
227 } ns_ldap_return_code;
228 
229 /*
230  * Detailed error code for NS_LDAP_CONFIG
231  */
232 typedef enum {
233 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
234 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
235 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
236 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
237 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
238 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
239 } ns_ldap_config_return_code;
240 
241 /*
242  * Detailed error code for NS_LDAP_PARTIAL
243  */
244 typedef enum {
245 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
246 	NS_PARTIAL_OTHER	= 1	/* error encountered */
247 } ns_ldap_partial_return_code;
248 
249 /*
250  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
251  */
252 typedef enum {
253 	NS_HOSTCRED_FALSE = 0,
254 	NS_HOSTCRED_TRUE  = 1
255 } hostcred_t;
256 
257 /*
258  * Detailed password status
259  */
260 typedef enum {
261 	NS_PASSWD_GOOD			= 0,	/* password is good */
262 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
263 						/* about to expire */
264 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
265 						/* changed immediately */
266 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
267 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
268 						/* account is locked */
269 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
270 						/* by the administrator */
271 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
272 						/* new password has */
273 						/* invalid syntax -- */
274 						/* same value as attr */
275 						/* cn, sn, uid, etc. */
276 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
277 						/* new password has */
278 						/* less chars than */
279 						/* required */
280 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
281 						/* reuse old password  */
282 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
283 						/* within minimum age  */
284 } ns_ldap_passwd_status_t;
285 
286 /*
287  * Password management information structure
288  *
289  * This structure is different from AcctUsableResponse_t structure in
290  * that this structure holds result of users account mgmt information when
291  * an ldap bind is done with user name and user password.
292  */
293 typedef struct ns_ldap_passwd_mgmt {
294 	ns_ldap_passwd_status_t
295 		status;			/* password status */
296 	int	sec_until_expired;	/* seconds until expired, */
297 					/* valid if status is */
298 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
299 } ns_ldap_passwd_mgmt_t;
300 
301 /*
302  * LDAP V3 control flag for account management - Used for account management
303  * when no password is provided
304  */
305 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
306 
307 /*
308  * Structure for holding the response returned by server for
309  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
310  */
311 typedef struct AcctUsableMoreInfo {
312 	int inactive;
313 	int reset;
314 	int expired;
315 	int rem_grace;
316 	int sec_b4_unlock;
317 } AcctUsableMoreInfo_t;
318 
319 /*
320  * Structure used to hold the response from the server for
321  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
322  *
323  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
324  * is_available		[0] INTEGER, seconds before expiration
325  * is_not_available	[1] More_info
326  * }
327  *
328  * More_info::= SEQUENCE {
329  * inactive		[0] BOOLEAN DEFAULT FALSE,
330  * reset		[1] BOOLEAN DEFAULT FALSE,
331  * expired		[2] BOOLEAN DEFAULT FALSE,
332  * remaining_grace	[3] INTEGER OPTIONAL,
333  * seconds_before_unlock[4] INTEGER OPTIONAL
334  * }
335  *
336  * This structure is different from ns_ldap_passwd_mgmt_t structure in
337  * that this structure holds result of users account mgmt information when
338  * pam_ldap doesn't have the users password and proxy agent is used for
339  * obtaining the account management information.
340  */
341 typedef struct AcctUsableResponse {
342 	int choice;
343 	union {
344 		int seconds_before_expiry;
345 		AcctUsableMoreInfo_t more_info;
346 	} AcctUsableResp;
347 } AcctUsableResponse_t;
348 
349 /*
350  * Simplified LDAP Naming API result structure
351  */
352 typedef struct ns_ldap_error {
353 	int	status;				/* LDAP error code */
354 	char	*message;			/* LDAP error message */
355 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
356 						/* management info */
357 } ns_ldap_error_t;
358 
359 typedef struct	 ns_ldap_attr {
360 	char	*attrname;			/* attribute name */
361 	uint_t	value_count;
362 	char	**attrvalue;			/* attribute values */
363 } ns_ldap_attr_t;
364 
365 typedef struct ns_ldap_entry {
366 	uint_t		attr_count;		/* number of attributes */
367 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
368 	struct ns_ldap_entry *next;		/* next entry */
369 } ns_ldap_entry_t;
370 
371 typedef struct ns_ldap_result {
372 	uint_t	entries_count;		/* number of entries */
373 	ns_ldap_entry_t	*entry;		/* data */
374 } ns_ldap_result_t;
375 
376 /*
377  * structures for the conversion routines used by typedAddEntry()
378  */
379 
380 typedef struct _ns_netgroups {
381 	char  *name;
382 	char  **triplet;
383 	char  **netgroup;
384 } _ns_netgroups_t;
385 
386 typedef struct _ns_netmasks {
387 	char *netnumber;
388 	char *netmask;
389 } _ns_netmasks_t;
390 
391 typedef struct _ns_bootp {
392 	char *name;
393 	char **param;
394 } _ns_bootp_t;
395 
396 typedef struct _ns_ethers {
397 	char *name;
398 	char *ether;
399 } _ns_ethers_t;
400 
401 typedef struct _ns_pubkey {
402 	char *name;
403 	hostcred_t hostcred;
404 	char *pubkey;
405 	char *privkey;
406 } _ns_pubkey_t;
407 
408 typedef struct _ns_alias {
409 	char *alias;
410 	char **member;
411 } _ns_alias_t;
412 
413 typedef struct _ns_automount {
414 	char *mapname;
415 	char *key;
416 	char *value;
417 } _ns_automount_t;
418 
419 /*
420  * return values for the callback function in __ns_ldap_list()
421  */
422 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
423 #define	NS_LDAP_CB_DONE	1	/* done */
424 
425 /*
426  * Input values for the type specified in __ns_ldap_addTypedEntry()
427  * and __ns_ldap_delTypedEntry()
428  */
429 
430 #define	NS_LDAP_TYPE_PASSWD	"passwd"
431 #define	NS_LDAP_TYPE_GROUP	"group"
432 #define	NS_LDAP_TYPE_HOSTS	"hosts"
433 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
434 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
435 #define	NS_LDAP_TYPE_RPC	"rpc"
436 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
437 #define	NS_LDAP_TYPE_NETWORKS	"networks"
438 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
439 #define	NS_LDAP_TYPE_ALIASES	"aliases"
440 #define	NS_LDAP_TYPE_SERVICES	"services"
441 #define	NS_LDAP_TYPE_ETHERS	"ethers"
442 #define	NS_LDAP_TYPE_SHADOW	"shadow"
443 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
444 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
445 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
446 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
447 #define	NS_LDAP_TYPE_PROJECT	"project"
448 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
449 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
450 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
451 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
452 #define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
453 #define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
454 
455 /*
456  * service descriptor/attribute mapping structure
457  */
458 
459 typedef struct ns_ldap_search_desc {
460 	char		*basedn;	/* search base dn */
461 	ScopeType_t	scope;		/* search scope */
462 	char		*filter;	/* search filter */
463 } ns_ldap_search_desc_t;
464 
465 typedef struct ns_ldap_attribute_map {
466 	char		*origAttr;	/* original attribute */
467 	char		**mappedAttr;	/* mapped attribute(s) */
468 } ns_ldap_attribute_map_t;
469 
470 typedef struct ns_ldap_objectclass_map {
471 	char		*origOC;	/* original objectclass */
472 	char		*mappedOC;	/* mapped objectclass */
473 } ns_ldap_objectclass_map_t;
474 
475 /*
476  * Simplified LDAP Naming APIs
477  */
478 int __ns_ldap_list(
479 	const char *service,
480 	const char *filter,
481 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
482 			char **realfilter, const void *userdata),
483 	const char * const *attribute,
484 	const ns_cred_t *cred,
485 	const int flags,
486 	ns_ldap_result_t ** result,
487 	ns_ldap_error_t ** errorp,
488 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
489 	const void *userdata);
490 
491 int  __ns_ldap_addAttr(
492 	const char *service,
493 	const char *dn,
494 	const ns_ldap_attr_t * const *attr,
495 	const ns_cred_t *cred,
496 	const int flags,
497 	ns_ldap_error_t **errorp);
498 
499 int __ns_ldap_delAttr(
500 	const char *service,
501 	const char *dn,
502 	const ns_ldap_attr_t * const *attr,
503 	const ns_cred_t *cred,
504 	const int flags,
505 	ns_ldap_error_t **errorp);
506 
507 int  __ns_ldap_repAttr(
508 	const char *service,
509 	const char *dn,
510 	const ns_ldap_attr_t * const *attr,
511 	const ns_cred_t *cred,
512 	const int flags,
513 	ns_ldap_error_t **errorp);
514 
515 int  __ns_ldap_addEntry(
516 	const char *service,
517 	const char *dn,
518 	const ns_ldap_entry_t *entry,
519 	const ns_cred_t *cred,
520 	const int flags,
521 	ns_ldap_error_t **errorp);
522 
523 int  __ns_ldap_addTypedEntry(
524 	const char *servicetype,
525 	const char *basedn,
526 	const void *data,
527 	const int  create,
528 	const ns_cred_t *cred,
529 	const int flags,
530 	ns_ldap_error_t **errorp);
531 
532 int __ns_ldap_delEntry(
533 	const char *service,
534 	const char *dn,
535 	const ns_cred_t *cred,
536 	const int flags,
537 	ns_ldap_error_t **errorp);
538 
539 int __ns_ldap_firstEntry(
540 	const char *service,
541 	const char *filter,
542 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
543 			char **realfilter, const void *userdata),
544 	const char * const *attribute,
545 	const ns_cred_t *cred,
546 	const int flags,
547 	void **cookie,
548 	ns_ldap_result_t ** result,
549 	ns_ldap_error_t **errorp,
550 	const void *userdata);
551 
552 int  __ns_ldap_nextEntry(
553 	void *cookie,
554 	ns_ldap_result_t ** result,
555 	ns_ldap_error_t **errorp);
556 
557 int  __ns_ldap_endEntry(
558 	void **cookie,
559 	ns_ldap_error_t **errorp);
560 
561 int __ns_ldap_freeResult(
562 	ns_ldap_result_t **result);
563 
564 int __ns_ldap_freeError(
565 	ns_ldap_error_t **errorp);
566 
567 int  __ns_ldap_uid2dn(
568 	const char *uid,
569 	char **userDN,
570 	const ns_cred_t *cred,
571 	ns_ldap_error_t ** errorp);
572 
573 int  __ns_ldap_host2dn(
574 	const char *host,
575 	const char *domain,
576 	char **hostDN,
577 	const ns_cred_t *cred,
578 	ns_ldap_error_t ** errorp);
579 
580 int  __ns_ldap_dn2domain(
581 	const char *dn,
582 	char **domain,
583 	const ns_cred_t *cred,
584 	ns_ldap_error_t ** errorp);
585 
586 int __ns_ldap_auth(
587 	const ns_cred_t *cred,
588 	const int flag,
589 	ns_ldap_error_t **errorp,
590 	LDAPControl **serverctrls,
591 	LDAPControl **clientctrls);
592 
593 int __ns_ldap_freeCred(
594 	ns_cred_t **credp);
595 
596 int __ns_ldap_err2str(
597 	int err,
598 	char **strmsg);
599 
600 int __ns_ldap_setParam(
601 	const ParamIndexType type,
602 	const void *data,
603 	ns_ldap_error_t **errorp);
604 
605 int __ns_ldap_getParam(
606 	const ParamIndexType type,
607 	void ***data,
608 	ns_ldap_error_t **errorp);
609 
610 int __ns_ldap_freeParam(
611 	void ***data);
612 
613 char **__ns_ldap_getAttr(
614 	const ns_ldap_entry_t *entry,
615 	const char *attrname);
616 
617 int __ns_ldap_getServiceAuthMethods(
618 	const char *service,
619 	ns_auth_t ***auth,
620 	ns_ldap_error_t **errorp);
621 
622 int __ns_ldap_getSearchDescriptors(
623 	const char *service,
624 	ns_ldap_search_desc_t ***desc,
625 	ns_ldap_error_t **errorp);
626 
627 int __ns_ldap_freeSearchDescriptors(
628 	ns_ldap_search_desc_t ***desc);
629 
630 int __ns_ldap_getAttributeMaps(
631 	const char *service,
632 	ns_ldap_attribute_map_t ***maps,
633 	ns_ldap_error_t **errorp);
634 
635 int __ns_ldap_freeAttributeMaps(
636 	ns_ldap_attribute_map_t ***maps);
637 
638 char **__ns_ldap_getMappedAttributes(
639 	const char *service,
640 	const char *origAttribute);
641 
642 char **__ns_ldap_getOrigAttribute(
643 	const char *service,
644 	const char *mappedAttribute);
645 
646 int __ns_ldap_getObjectClassMaps(
647 	const char *service,
648 	ns_ldap_objectclass_map_t ***maps,
649 	ns_ldap_error_t **errorp);
650 
651 int __ns_ldap_freeObjectClassMaps(
652 	ns_ldap_objectclass_map_t ***maps);
653 
654 char **__ns_ldap_getMappedObjectClass(
655 	const char *service,
656 	const char *origObjectClass);
657 
658 char **__ns_ldap_getOrigObjectClass(
659 	const char *service,
660 	const char *mappedObjectClass);
661 
662 int __ns_ldap_getParamType(
663 	const char *value,
664 	ParamIndexType *type);
665 
666 int __ns_ldap_getAcctMgmt(
667 	const char *user,
668 	AcctUsableResponse_t *acctResp);
669 #ifdef __cplusplus
670 }
671 #endif
672 
673 #endif /* _NS_SLDAP_H */
674