[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: API Programming questions




Jody Hagins wrote:

I have read the documentation available for the C++ classes, and the man
pages for the C API.  However, I have several questions, some which are
probably obvious to a non LDAP neophite like myself.

You probably meant "non-obvious".



1. I have spent two days reading tons of googled links about LDAP. However, I have yet to find a good resource for learning how to write
OpenLDAP client software. Where can I find such information? The man
pages talk about each function in isolation (with minimal reference to
others), and the C++ doxygen comments provide some more information. However, I can not find anything that describes the interaction between
all the API functions, and their common use. I am not necessarily
looking for a free document, though I have yet to find a book that looks
like it is a C/C++ programmer's guide to writing OpenLDAP clients.


Book:  ISBN 1578700000 (Ldap: Programming Directory-Enabled Applications,
by Howes and Smith).
Link: http://docs.sun.com/source/816-5616-10/index.html <--netscape API
but largely true for OpenLDAP.

2. Most of my applications are reactive, so I want to use the
asynchronous interfaces.  However, I can not see how to tie that into
something like a select() based application.  Specifically, I do not see
a way to know when a reply is available.  For example, if the API
exposed a file descriptor, then I could add that file descriptor to my
select() loop, and when something is "ready" I could then call
ldap_result().  What am I missing, that would allow me to integrate
asynchronous OpenLDAP calls with my reactive application?

Asynchronous LDAP calls do not necessarily coincide with socket IO. In fact
single LDAP handle may try to open multiple sockets and do lots of "magic" stuff
inside (when following referrals for instance). Your select/callback API
would have to be integrated pretty well to do that. It is not impossible though
and I've done it by hacking LDAP API but i would suggest avoiding it.


Your best bet is not to do a select loop based application or dedicate
a separate thread to LDAP and notify a select loop by using a pipe or
some such.

3. What is the difference between the various authentication
methodologies?  Is it possible to integrate with ssh type authentication
so that passwords do not have to be sent if the proper authentication
setup has been established (e.g., ssh into a remote machine without need
of password after proper setup)?

Too long to answer but in short there is no "ssh type" auth. There are other types
but most do not work correctly (aside from simple). Last time i checked SASL was
broken (though claimed to work).




4. I have spent two days reading tons of googled links about LDAP. However, I have yet to find a good resource for learning how to write
OpenLDAP client software. Where can I find such information?


See above.



Thanks!!!