- Writing an Authentication Plug-in for a Sun· ONE Directory Server
- Deciding Whether to Write a Plug-in
- Types of Plug-ins
- Working in the Plug-in Application Program Interface
- Authentication in the Directory Server
- UNIX Authentication Plug-in
- Testing the Plug-in
- About the Author
- Related Resources
- Ordering Sun Documents
- Accessing Sun Documentation Online
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Working in the Plug-in Application Program Interface
The plug-in API is the lowest API level of the directory server in the sense that through it you directly access internal directory server functions. By registering the appropriate hooks, you sit in the middle of every directory operation. Again, this gives you great power, but also great responsibility. When working in the plug-in API, you must exercise caution, because a non-NULL terminated string or an undersized buffer, which are common mistakes to make in C, can easily crash the server, causing all of the current sessions and related data to be lost. From a transitional point of view, the directory server is operation-atomic, that is, you can be sure that the "update" operation (modify) will be a do-it-all-or-nothing operation.
The plug-in API is pretty vast. However, the most commonly used functions are gathered in the slapi-plugin.h header, which you will always include in your source file. In the Sun ONE Directory Server 5.1, these functions are in the standard SERVER ROOT/plugins/slapd/slapi/include. There are over 60 function prototypes.
Here is a rough categorization of the plug-in functions you can access through the API:
Functions to handle entries (for example, slapi_entry_getdn() and, more generally, slapi_entry_* routines)
Functions to deal with relative distinguished names (for example, slapi_rdn_isempty() and, more generally, slapi_rdn_* routines)
Functions to deal with distinguished names (for example, slapi_dn_isroot() and, more generally, slapi_dn_* routines)
Functions to access attributes (for example, slapi_attr_value_cmp() and, more generally, slapi_attr_* routines)
Functions to access attribute values (for example, slapi_value_set_string() and, more generally, slapi_value_* routines)
Functions to handle search filters (for example, slapi_filter_compare() and, more generally, slapi_filter_* routines)
Functions to modify entries (for example, slapi_mod_add_value() and, more generally, slapi_mod_* and slapi_mods_* routines)
Functions to handle search filters (for example, slapi_filter_compare() and, more generally, slapi_filter_* routines)
Internal operations functions (for example, slapi_modify_internal_pb())
The preceding list should give you an idea of the richness of the API.
Which of these functions you use in your plug-in depends greatly on the kind of operation the plug-in must perform. Among these functions, there are routines you must know about, even if you don't use them in the plug-in code. However, you can approach others later, when you really need them.
For more information about any single function, refer to the Plugin Programmer's Guide. At the time of this writing, this publication can be found at http://docs.sun.com/source/816-6683-10/index.html. With the release of the Sun ONE Directory Server 5.2, this guide will be available as two distinct documents: The Plug-In API Programming Guide and the Plug-In API Reference.