xref: /titanic_51/usr/src/lib/libsldap/common/ns_sldap.h (revision a8ae99647dd4d540346030718e08a083b0fbdf42) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 
28 #ifndef	_NS_SLDAP_H
29 #define	_NS_SLDAP_H
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 #include <stdio.h>
38 #include <sys/types.h>
39 #include <lber.h>
40 #include <ldap.h>
41 
42 /*
43  * Version
44  */
45 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
46 #define	NS_LDAP_VERSION_1	"1.0"
47 #define	NS_LDAP_VERSION_2	"2.0"
48 
49 /*
50  * Flags
51  */
52 #define	NS_LDAP_HARD		  0x001
53 #define	NS_LDAP_ALL_RES		  0x002
54 
55 /* Search Referral Option */
56 typedef enum SearchRef {
57 	NS_LDAP_FOLLOWREF	= 0x004,
58 	NS_LDAP_NOREF		= 0x008
59 } SearchRef_t;
60 
61 typedef enum ScopeType {
62 	NS_LDAP_SCOPE_BASE	= 0x010,
63 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
64 	NS_LDAP_SCOPE_SUBTREE	= 0x040
65 } ScopeType_t;
66 
67 /*
68  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
69  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
70  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
71  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
72  */
73 
74 #define	NS_LDAP_KEEP_CONN	  0x080
75 #define	NS_LDAP_NEW_CONN	  0x400
76 #define	NS_LDAP_NOMAP		  0x800
77 
78 #define	NS_LDAP_PAGE_CTRL	  0x1000
79 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
80 
81 /*
82  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
83  * to retrieve the DN in LDAP and DN is not to be converted when
84  * being passed back to the application. See __ns_ldap_uid2dn()
85  * and __ns_ldap_host2dn() for such usage.
86  */
87 #define	NS_LDAP_NOT_CVT_DN	0x2000
88 
89 /*
90  * Authentication Information
91  */
92 typedef enum CredLevel {
93 	NS_LDAP_CRED_ANON	= 0,
94 	NS_LDAP_CRED_PROXY	= 1,
95 	NS_LDAP_CRED_SELF	= 2	/* currently not supported */
96 } CredLevel_t;
97 
98 typedef enum AuthType {
99 	NS_LDAP_AUTH_NONE	= 0,
100 	NS_LDAP_AUTH_SIMPLE	= 1,
101 	NS_LDAP_AUTH_SASL	= 2,
102 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
103 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
104 } AuthType_t;
105 
106 typedef enum TlsType {
107 	NS_LDAP_TLS_NONE	= 0,
108 	NS_LDAP_TLS_SIMPLE	= 1,
109 	NS_LDAP_TLS_SASL	= 2
110 } TlsType_t;
111 
112 typedef enum SaslMech {
113 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
114 	NS_LDAP_SASL_CRAM_MD5	= 1,
115 	NS_LDAP_SASL_DIGEST_MD5	= 2,
116 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
117 	NS_LDAP_SASL_GSSAPI	= 4,	/* currently not supported */
118 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
119 } SaslMech_t;
120 
121 typedef enum SaslOpt {
122 	NS_LDAP_SASLOPT_NONE	= 0,
123 	NS_LDAP_SASLOPT_INT	= 1,	/* currently not supported */
124 	NS_LDAP_SASLOPT_PRIV	= 2	/* currently not supported */
125 } SaslOpt_t;
126 
127 typedef enum PrefOnly {
128 	NS_LDAP_PREF_FALSE	= 0,
129 	NS_LDAP_PREF_TRUE	= 1
130 } PrefOnly_t;
131 
132 typedef struct UnixCred {
133 	char	*userID;	/* Unix ID number */
134 	char	*passwd;	/* password */
135 } UnixCred_t;
136 
137 typedef struct CertCred {
138 	char	*path;		/* certificate path */
139 	char	*passwd;	/* password */
140 	char	*nickname;	/* nickname */
141 } CertCred_t;
142 
143 typedef struct ns_auth {
144 	AuthType_t	type;
145 	TlsType_t	tlstype;
146 	SaslMech_t	saslmech;
147 	SaslOpt_t	saslopt;
148 } ns_auth_t;
149 
150 typedef struct ns_cred {
151 	ns_auth_t	auth;
152 	char		*hostcertpath;
153 	union {
154 		UnixCred_t	unix_cred;
155 		CertCred_t	cert_cred;
156 	} cred;
157 } ns_cred_t;
158 
159 
160 typedef struct LineBuf {
161 	char *str;
162 	int len;
163 	int alloc;
164 } LineBuf;
165 
166 /*
167  * Configuration Information
168  */
169 
170 typedef enum {
171 	NS_LDAP_FILE_VERSION_P		= 0,
172 	NS_LDAP_BINDDN_P		= 1,
173 	NS_LDAP_BINDPASSWD_P		= 2,
174 	NS_LDAP_SERVERS_P		= 3,
175 	NS_LDAP_SEARCH_BASEDN_P		= 4,
176 	NS_LDAP_AUTH_P			= 5,
177 /*
178  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
179  * with version 1 clients and their configuration files.  The only
180  * supported value is NS_LDAP_SEC_NONE.  No application should be
181  * using this parameter type (either through getParam or setParam.
182  */
183 	NS_LDAP_TRANSPORT_SEC_P		= 6,
184 	NS_LDAP_SEARCH_REF_P		= 7,
185 	NS_LDAP_DOMAIN_P		= 8,
186 	NS_LDAP_EXP_P			= 9,
187 	NS_LDAP_CERT_PATH_P		= 10,
188 	NS_LDAP_CERT_PASS_P		= 11,
189 	NS_LDAP_SEARCH_DN_P		= 12,
190 	NS_LDAP_SEARCH_SCOPE_P		= 13,
191 	NS_LDAP_SEARCH_TIME_P		= 14,
192 	NS_LDAP_SERVER_PREF_P		= 15,
193 	NS_LDAP_PREF_ONLY_P		= 16,
194 	NS_LDAP_CACHETTL_P		= 17,
195 	NS_LDAP_PROFILE_P		= 18,
196 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
197 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
198 	NS_LDAP_BIND_TIME_P		= 21,
199 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
200 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
201 	NS_LDAP_CERT_NICKNAME_P		= 24,
202 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
203 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
204 	NS_LDAP_HOST_CERTPATH_P		= 27,
205 /*
206  * The following entry (max ParamIndexType) is an internal
207  * placeholder.  It must be the last (and highest value)
208  * entry in this eNum.  Please update accordingly.
209  */
210 	NS_LDAP_MAX_PIT_P		= 28
211 
212 } ParamIndexType;
213 
214 /*
215  * __ns_ldap_*() return codes
216  */
217 typedef enum {
218 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
219 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
220 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
221 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
222 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
223 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
224 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
225 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
226 	NS_LDAP_SUCCESS_WITH_INFO
227 				= 9  /* success, with info in errorp */
228 } ns_ldap_return_code;
229 
230 /*
231  * Detailed error code for NS_LDAP_CONFIG
232  */
233 typedef enum {
234 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
235 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
236 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
237 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
238 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
239 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
240 } ns_ldap_config_return_code;
241 
242 /*
243  * Detailed error code for NS_LDAP_PARTIAL
244  */
245 typedef enum {
246 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
247 	NS_PARTIAL_OTHER	= 1	/* error encountered */
248 } ns_ldap_partial_return_code;
249 
250 /*
251  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
252  */
253 typedef enum {
254 	NS_HOSTCRED_FALSE = 0,
255 	NS_HOSTCRED_TRUE  = 1
256 } hostcred_t;
257 
258 /*
259  * Detailed password status
260  */
261 typedef enum {
262 	NS_PASSWD_GOOD			= 0,	/* password is good */
263 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
264 						/* about to expire */
265 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
266 						/* changed immediately */
267 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
268 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
269 						/* account is locked */
270 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
271 						/* by the administrator */
272 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
273 						/* new password has */
274 						/* invalid syntax -- */
275 						/* same value as attr */
276 						/* cn, sn, uid, etc. */
277 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
278 						/* new password has */
279 						/* less chars than */
280 						/* required */
281 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
282 						/* reuse old password  */
283 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
284 						/* within minimum age  */
285 } ns_ldap_passwd_status_t;
286 
287 /*
288  * Password management information structure
289  *
290  * This structure is different from AcctUsableResponse_t structure in
291  * that this structure holds result of users account mgmt information when
292  * an ldap bind is done with user name and user password.
293  */
294 typedef struct ns_ldap_passwd_mgmt {
295 	ns_ldap_passwd_status_t
296 		status;			/* password status */
297 	int	sec_until_expired;	/* seconds until expired, */
298 					/* valid if status is */
299 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
300 } ns_ldap_passwd_mgmt_t;
301 
302 /*
303  * LDAP V3 control flag for account management - Used for account management
304  * when no password is provided
305  */
306 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
307 
308 /*
309  * Structure for holding the response returned by server for
310  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
311  */
312 typedef struct AcctUsableMoreInfo {
313 	int inactive;
314 	int reset;
315 	int expired;
316 	int rem_grace;
317 	int sec_b4_unlock;
318 } AcctUsableMoreInfo_t;
319 
320 /*
321  * Structure used to hold the response from the server for
322  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
323  *
324  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
325  * is_available		[0] INTEGER, seconds before expiration
326  * is_not_available	[1] More_info
327  * }
328  *
329  * More_info::= SEQUENCE {
330  * inactive		[0] BOOLEAN DEFAULT FALSE,
331  * reset		[1] BOOLEAN DEFAULT FALSE,
332  * expired		[2] BOOLEAN DEFAULT FALSE,
333  * remaining_grace	[3] INTEGER OPTIONAL,
334  * seconds_before_unlock[4] INTEGER OPTIONAL
335  * }
336  *
337  * This structure is different from ns_ldap_passwd_mgmt_t structure in
338  * that this structure holds result of users account mgmt information when
339  * pam_ldap doesn't have the users password and proxy agent is used for
340  * obtaining the account management information.
341  */
342 typedef struct AcctUsableResponse {
343 	int choice;
344 	union {
345 		int seconds_before_expiry;
346 		AcctUsableMoreInfo_t more_info;
347 	} AcctUsableResp;
348 } AcctUsableResponse_t;
349 
350 /*
351  * Simplified LDAP Naming API result structure
352  */
353 typedef struct ns_ldap_error {
354 	int	status;				/* LDAP error code */
355 	char	*message;			/* LDAP error message */
356 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
357 						/* management info */
358 } ns_ldap_error_t;
359 
360 typedef struct	 ns_ldap_attr {
361 	char	*attrname;			/* attribute name */
362 	uint_t	value_count;
363 	char	**attrvalue;			/* attribute values */
364 } ns_ldap_attr_t;
365 
366 typedef struct ns_ldap_entry {
367 	uint_t		attr_count;		/* number of attributes */
368 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
369 	struct ns_ldap_entry *next;		/* next entry */
370 } ns_ldap_entry_t;
371 
372 typedef struct ns_ldap_result {
373 	uint_t	entries_count;		/* number of entries */
374 	ns_ldap_entry_t	*entry;		/* data */
375 } ns_ldap_result_t;
376 
377 /*
378  * structures for the conversion routines used by typedAddEntry()
379  */
380 
381 typedef struct _ns_netgroups {
382 	char  *name;
383 	char  **triplet;
384 	char  **netgroup;
385 } _ns_netgroups_t;
386 
387 typedef struct _ns_netmasks {
388 	char *netnumber;
389 	char *netmask;
390 } _ns_netmasks_t;
391 
392 typedef struct _ns_bootp {
393 	char *name;
394 	char **param;
395 } _ns_bootp_t;
396 
397 typedef struct _ns_ethers {
398 	char *name;
399 	char *ether;
400 } _ns_ethers_t;
401 
402 typedef struct _ns_pubkey {
403 	char *name;
404 	hostcred_t hostcred;
405 	char *pubkey;
406 	char *privkey;
407 } _ns_pubkey_t;
408 
409 typedef struct _ns_alias {
410 	char *alias;
411 	char **member;
412 } _ns_alias_t;
413 
414 typedef struct _ns_automount {
415 	char *mapname;
416 	char *key;
417 	char *value;
418 } _ns_automount_t;
419 
420 /*
421  * return values for the callback function in __ns_ldap_list()
422  */
423 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
424 #define	NS_LDAP_CB_DONE	1	/* done */
425 
426 /*
427  * Input values for the type specified in __ns_ldap_addTypedEntry()
428  * and __ns_ldap_delTypedEntry()
429  */
430 
431 #define	NS_LDAP_TYPE_PASSWD	"passwd"
432 #define	NS_LDAP_TYPE_GROUP	"group"
433 #define	NS_LDAP_TYPE_HOSTS	"hosts"
434 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
435 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
436 #define	NS_LDAP_TYPE_RPC	"rpc"
437 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
438 #define	NS_LDAP_TYPE_NETWORKS	"networks"
439 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
440 #define	NS_LDAP_TYPE_ALIASES	"aliases"
441 #define	NS_LDAP_TYPE_SERVICES	"services"
442 #define	NS_LDAP_TYPE_ETHERS	"ethers"
443 #define	NS_LDAP_TYPE_SHADOW	"shadow"
444 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
445 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
446 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
447 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
448 #define	NS_LDAP_TYPE_PROJECT	"project"
449 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
450 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
451 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
452 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
453 
454 /*
455  * service descriptor/attribute mapping structure
456  */
457 
458 typedef struct ns_ldap_search_desc {
459 	char		*basedn;	/* search base dn */
460 	ScopeType_t	scope;		/* search scope */
461 	char		*filter;	/* search filter */
462 } ns_ldap_search_desc_t;
463 
464 typedef struct ns_ldap_attribute_map {
465 	char		*origAttr;	/* original attribute */
466 	char		**mappedAttr;	/* mapped attribute(s) */
467 } ns_ldap_attribute_map_t;
468 
469 typedef struct ns_ldap_objectclass_map {
470 	char		*origOC;	/* original objectclass */
471 	char		*mappedOC;	/* mapped objectclass */
472 } ns_ldap_objectclass_map_t;
473 
474 /*
475  * Simplified LDAP Naming APIs
476  */
477 int __ns_ldap_list(
478 	const char *service,
479 	const char *filter,
480 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
481 			char **realfilter, const void *userdata),
482 	const char * const *attribute,
483 	const ns_cred_t *cred,
484 	const int flags,
485 	ns_ldap_result_t ** result,
486 	ns_ldap_error_t ** errorp,
487 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
488 	const void *userdata);
489 
490 int  __ns_ldap_addAttr(
491 	const char *service,
492 	const char *dn,
493 	const ns_ldap_attr_t * const *attr,
494 	const ns_cred_t *cred,
495 	const int flags,
496 	ns_ldap_error_t **errorp);
497 
498 int __ns_ldap_delAttr(
499 	const char *service,
500 	const char *dn,
501 	const ns_ldap_attr_t * const *attr,
502 	const ns_cred_t *cred,
503 	const int flags,
504 	ns_ldap_error_t **errorp);
505 
506 int  __ns_ldap_repAttr(
507 	const char *service,
508 	const char *dn,
509 	const ns_ldap_attr_t * const *attr,
510 	const ns_cred_t *cred,
511 	const int flags,
512 	ns_ldap_error_t **errorp);
513 
514 int  __ns_ldap_addEntry(
515 	const char *service,
516 	const char *dn,
517 	const ns_ldap_entry_t *entry,
518 	const ns_cred_t *cred,
519 	const int flags,
520 	ns_ldap_error_t **errorp);
521 
522 int  __ns_ldap_addTypedEntry(
523 	const char *servicetype,
524 	const char *basedn,
525 	const void *data,
526 	const int  create,
527 	const ns_cred_t *cred,
528 	const int flags,
529 	ns_ldap_error_t **errorp);
530 
531 int __ns_ldap_delEntry(
532 	const char *service,
533 	const char *dn,
534 	const ns_cred_t *cred,
535 	const int flags,
536 	ns_ldap_error_t **errorp);
537 
538 int __ns_ldap_firstEntry(
539 	const char *service,
540 	const char *filter,
541 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
542 			char **realfilter, const void *userdata),
543 	const char * const *attribute,
544 	const ns_cred_t *cred,
545 	const int flags,
546 	void **cookie,
547 	ns_ldap_result_t ** result,
548 	ns_ldap_error_t **errorp,
549 	const void *userdata);
550 
551 int  __ns_ldap_nextEntry(
552 	void *cookie,
553 	ns_ldap_result_t ** result,
554 	ns_ldap_error_t **errorp);
555 
556 int  __ns_ldap_endEntry(
557 	void **cookie,
558 	ns_ldap_error_t **errorp);
559 
560 int __ns_ldap_freeResult(
561 	ns_ldap_result_t **result);
562 
563 int __ns_ldap_freeError(
564 	ns_ldap_error_t **errorp);
565 
566 int  __ns_ldap_uid2dn(
567 	const char *uid,
568 	char **userDN,
569 	const ns_cred_t *cred,
570 	ns_ldap_error_t ** errorp);
571 
572 int  __ns_ldap_host2dn(
573 	const char *host,
574 	const char *domain,
575 	char **hostDN,
576 	const ns_cred_t *cred,
577 	ns_ldap_error_t ** errorp);
578 
579 int  __ns_ldap_dn2domain(
580 	const char *dn,
581 	char **domain,
582 	const ns_cred_t *cred,
583 	ns_ldap_error_t ** errorp);
584 
585 int __ns_ldap_auth(
586 	const ns_cred_t *cred,
587 	const int flag,
588 	ns_ldap_error_t **errorp,
589 	LDAPControl **serverctrls,
590 	LDAPControl **clientctrls);
591 
592 int __ns_ldap_freeCred(
593 	ns_cred_t **credp);
594 
595 int __ns_ldap_err2str(
596 	int err,
597 	char **strmsg);
598 
599 int __ns_ldap_setParam(
600 	const ParamIndexType type,
601 	const void *data,
602 	ns_ldap_error_t **errorp);
603 
604 int __ns_ldap_getParam(
605 	const ParamIndexType type,
606 	void ***data,
607 	ns_ldap_error_t **errorp);
608 
609 int __ns_ldap_freeParam(
610 	void ***data);
611 
612 char **__ns_ldap_getAttr(
613 	const ns_ldap_entry_t *entry,
614 	const char *attrname);
615 
616 int __ns_ldap_getServiceAuthMethods(
617 	const char *service,
618 	ns_auth_t ***auth,
619 	ns_ldap_error_t **errorp);
620 
621 int __ns_ldap_getSearchDescriptors(
622 	const char *service,
623 	ns_ldap_search_desc_t ***desc,
624 	ns_ldap_error_t **errorp);
625 
626 int __ns_ldap_freeSearchDescriptors(
627 	ns_ldap_search_desc_t ***desc);
628 
629 int __ns_ldap_getAttributeMaps(
630 	const char *service,
631 	ns_ldap_attribute_map_t ***maps,
632 	ns_ldap_error_t **errorp);
633 
634 int __ns_ldap_freeAttributeMaps(
635 	ns_ldap_attribute_map_t ***maps);
636 
637 char **__ns_ldap_getMappedAttributes(
638 	const char *service,
639 	const char *origAttribute);
640 
641 char **__ns_ldap_getOrigAttribute(
642 	const char *service,
643 	const char *mappedAttribute);
644 
645 int __ns_ldap_getObjectClassMaps(
646 	const char *service,
647 	ns_ldap_objectclass_map_t ***maps,
648 	ns_ldap_error_t **errorp);
649 
650 int __ns_ldap_freeObjectClassMaps(
651 	ns_ldap_objectclass_map_t ***maps);
652 
653 char **__ns_ldap_getMappedObjectClass(
654 	const char *service,
655 	const char *origObjectClass);
656 
657 char **__ns_ldap_getOrigObjectClass(
658 	const char *service,
659 	const char *mappedObjectClass);
660 
661 int __ns_ldap_getParamType(
662 	const char *value,
663 	ParamIndexType *type);
664 
665 int __ns_ldap_getAcctMgmt(
666 	const char *user,
667 	AcctUsableResponse_t *acctResp);
668 #ifdef __cplusplus
669 }
670 #endif
671 
672 #endif /* _NS_SLDAP_H */
673