search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
(outline-discard-overlays): Missing paren.
[emacs.git] / lisp / net / ldap.el
blob3838b2ec61687a8727a999b8b0902aa183da8ea0
1 ;;; ldap.el --- Client interface to LDAP for Emacs
2
3 ;; Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
4
5 ;; Author: Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch>
6 ;; Maintainer: Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch>
7 ;; Created: April 1998
8 ;; Keywords: comm
9
10 ;; This file is part of GNU Emacs.
11
12 ;; GNU Emacs is free software; you can redistribute it and/or modify
13 ;; it under the terms of the GNU General Public License as published by
14 ;; the Free Software Foundation; either version 2, or (at your option)
15 ;; any later version.
16
17 ;; GNU Emacs is distributed in the hope that it will be useful,
18 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
19 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ;; GNU General Public License for more details.
21
22 ;; You should have received a copy of the GNU General Public License
23 ;; along with GNU Emacs; see the file COPYING. If not, write to the
24 ;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
25 ;; Boston, MA 02111-1307, USA.
26
27 ;;; Commentary:
28
29 ;; This package provides basic functionality to perform searches on LDAP
30 ;; servers. It requires a command line utility generally named
31 ;; `ldapsearch' to actually perform the searches. That program can be
32 ;; found in all LDAP developer kits such as:
33 ;; - UM-LDAP 3.3 (http://www.umich.edu/~dirsvcs/ldap/)
34 ;; - OpenLDAP (http://www.openldap.org/)
35
36 ;;; Code:
37
38 (require 'custom)
39
40 (defgroup ldap nil
41 "Lightweight Directory Access Protocol."
42 :group 'comm)
43
44 (defcustom ldap-default-host nil
45 "*Default LDAP server.
46 A TCP port number can be appended to that name using a colon as
47 a separator."
48 :type '(choice (string :tag "Host name")
49 (const :tag "Use library default" nil))
50 :group 'ldap)
51
52 (defcustom ldap-default-port nil
53 "*Default TCP port for LDAP connections.
54 Initialized from the LDAP library at build time. Default value is 389."
55 :type '(choice (const :tag "Use library default" nil)
56 (integer :tag "Port number"))
57 :group 'ldap)
58
59 (defcustom ldap-default-base nil
60 "*Default base for LDAP searches.
61 This is a string using the syntax of RFC 1779.
62 For instance, \"o=ACME, c=US\" limits the search to the
63 Acme organization in the United States."
64 :type '(choice (const :tag "Use library default" nil)
65 (string :tag "Search base"))
66 :group 'ldap)
67
68
69 (defcustom ldap-host-parameters-alist nil
70 "*Alist of host-specific options for LDAP transactions.
71 The format of each list element is (HOST PROP1 VAL1 PROP2 VAL2 ...).
72 HOST is the hostname of an LDAP server(with an optional TCP port number
73 appended to it using a colon as a separator).
74 PROPn and VALn are property/value pairs describing parameters for the server.
75 Valid properties include:
76 `binddn' is the distinguished name of the user to bind as
77 (in RFC 1779 syntax).
78 `passwd' is the password to use for simple authentication.
79 `auth' is the authentication method to use.
80 Possible values are: `simple', `krbv41' and `krbv42'.
81 `base' is the base for the search as described in RFC 1779.
82 `scope' is one of the three symbols `subtree', `base' or `onelevel'.
83 `deref' is one of the symbols `never', `always', `search' or `find'.
84 `timelimit' is the timeout limit for the connection in seconds.
85 `sizelimit' is the maximum number of matches to return."
86 :type '(repeat :menu-tag "Host parameters"
87 :tag "Host parameters"
88 (list :menu-tag "Host parameters"
89 :tag "Host parameters"
90 :value nil
91 (string :tag "Host name")
92 (checklist :inline t
93 :greedy t
94 (list
95 :tag "Search Base"
96 :inline t
97 (const :tag "Search Base" base)
98 string)
99 (list
100 :tag "Binding DN"
101 :inline t
102 (const :tag "Binding DN" binddn)
103 string)
104 (list
105 :tag "Password"
106 :inline t
107 (const :tag "Password" passwd)
108 string)
109 (list
110 :tag "Authentication Method"
111 :inline t
112 (const :tag "Authentication Method" auth)
113 (choice
114 (const :menu-tag "None" :tag "None" nil)
115 (const :menu-tag "Simple" :tag "Simple" simple)
116 (const :menu-tag "Kerberos 4.1" :tag "Kerberos 4.1" krbv41)
117 (const :menu-tag "Kerberos 4.2" :tag "Kerberos 4.2" krbv42)))
118 (list
119 :tag "Search Base"
120 :inline t
121 (const :tag "Search Base" base)
122 string)
123 (list
124 :tag "Search Scope"
125 :inline t
126 (const :tag "Search Scope" scope)
127 (choice
128 (const :menu-tag "Default" :tag "Default" nil)
129 (const :menu-tag "Subtree" :tag "Subtree" subtree)
130 (const :menu-tag "Base" :tag "Base" base)
131 (const :menu-tag "One Level" :tag "One Level" onelevel)))
132 (list
133 :tag "Dereferencing"
134 :inline t
135 (const :tag "Dereferencing" deref)
136 (choice
137 (const :menu-tag "Default" :tag "Default" nil)
138 (const :menu-tag "Never" :tag "Never" never)
139 (const :menu-tag "Always" :tag "Always" always)
140 (const :menu-tag "When searching" :tag "When searching" search)
141 (const :menu-tag "When locating base" :tag "When locating base" find)))
142 (list
143 :tag "Time Limit"
144 :inline t
145 (const :tag "Time Limit" timelimit)
146 (integer :tag "(in seconds)"))
147 (list
148 :tag "Size Limit"
149 :inline t
150 (const :tag "Size Limit" sizelimit)
151 (integer :tag "(number of records)")))))
152 :group 'ldap)
153
154 (defcustom ldap-ldapsearch-prog "ldapsearch"
155 "*The name of the ldapsearch command line program."
156 :type '(string :tag "`ldapsearch' Program")
157 :group 'ldap)
158
159 (defcustom ldap-ldapsearch-args '("-B")
160 "*A list of additional arguments to pass to `ldapsearch'.
161 It is recommended to use the `-T' switch with Netscape's
162 implementation to avoid line wrapping.
163 The `-B' switch should be used to enable the retrieval of
164 binary values."
165 :type '(repeat :tag "`ldapsearch' Arguments"
166 (string :tag "Argument"))
167 :group 'ldap)
168
169 (defcustom ldap-ignore-attribute-codings t
170 "*If non-nil, do not encode/decode LDAP attribute values."
171 :type 'boolean
172 :group 'ldap)
173
174 (defcustom ldap-default-attribute-decoder nil
175 "*Decoder function to use for attributes whose syntax is unknown."
176 :type 'symbol
177 :group 'ldap)
178
179 (defcustom ldap-coding-system nil
180 "*Coding system of LDAP string values.
181 LDAP v3 specifies the coding system of strings to be UTF-8 but
182 Emacs still does not have reasonable support for that."
183 :type 'symbol
184 :group 'ldap)
185
186 (defvar ldap-attribute-syntax-encoders
187 [nil ; 1 ACI Item N
188 nil ; 2 Access Point Y
189 nil ; 3 Attribute Type Description Y
190 nil ; 4 Audio N
191 nil ; 5 Binary N
192 nil ; 6 Bit String Y
193 ldap-encode-boolean ; 7 Boolean Y
194 nil ; 8 Certificate N
195 nil ; 9 Certificate List N
196 nil ; 10 Certificate Pair N
197 ldap-encode-country-string ; 11 Country String Y
198 ldap-encode-string ; 12 DN Y
199 nil ; 13 Data Quality Syntax Y
200 nil ; 14 Delivery Method Y
201 ldap-encode-string ; 15 Directory String Y
202 nil ; 16 DIT Content Rule Description Y
203 nil ; 17 DIT Structure Rule Description Y
204 nil ; 18 DL Submit Permission Y
205 nil ; 19 DSA Quality Syntax Y
206 nil ; 20 DSE Type Y
207 nil ; 21 Enhanced Guide Y
208 nil ; 22 Facsimile Telephone Number Y
209 nil ; 23 Fax N
210 nil ; 24 Generalized Time Y
211 nil ; 25 Guide Y
212 nil ; 26 IA5 String Y
213 number-to-string ; 27 INTEGER Y
214 nil ; 28 JPEG N
215 nil ; 29 Master And Shadow Access Points Y
216 nil ; 30 Matching Rule Description Y
217 nil ; 31 Matching Rule Use Description Y
218 nil ; 32 Mail Preference Y
219 nil ; 33 MHS OR Address Y
220 nil ; 34 Name And Optional UID Y
221 nil ; 35 Name Form Description Y
222 nil ; 36 Numeric String Y
223 nil ; 37 Object Class Description Y
224 nil ; 38 OID Y
225 nil ; 39 Other Mailbox Y
226 nil ; 40 Octet String Y
227 ldap-encode-address ; 41 Postal Address Y
228 nil ; 42 Protocol Information Y
229 nil ; 43 Presentation Address Y
230 ldap-encode-string ; 44 Printable String Y
231 nil ; 45 Subtree Specification Y
232 nil ; 46 Supplier Information Y
233 nil ; 47 Supplier Or Consumer Y
234 nil ; 48 Supplier And Consumer Y
235 nil ; 49 Supported Algorithm N
236 nil ; 50 Telephone Number Y
237 nil ; 51 Teletex Terminal Identifier Y
238 nil ; 52 Telex Number Y
239 nil ; 53 UTC Time Y
240 nil ; 54 LDAP Syntax Description Y
241 nil ; 55 Modify Rights Y
242 nil ; 56 LDAP Schema Definition Y
243 nil ; 57 LDAP Schema Description Y
244 nil ; 58 Substring Assertion Y
245 ]
246 "A vector of functions used to encode LDAP attribute values.
247 The sequence of functions corresponds to the sequence of LDAP attribute syntax
248 object identifiers of the form 1.3.6.1.4.1.1466.1115.121.1.* as defined in
249 RFC2252 section 4.3.2")
250
251 (defvar ldap-attribute-syntax-decoders
252 [nil ; 1 ACI Item N
253 nil ; 2 Access Point Y
254 nil ; 3 Attribute Type Description Y
255 nil ; 4 Audio N
256 nil ; 5 Binary N
257 nil ; 6 Bit String Y
258 ldap-decode-boolean ; 7 Boolean Y
259 nil ; 8 Certificate N
260 nil ; 9 Certificate List N
261 nil ; 10 Certificate Pair N
262 ldap-decode-string ; 11 Country String Y
263 ldap-decode-string ; 12 DN Y
264 nil ; 13 Data Quality Syntax Y
265 nil ; 14 Delivery Method Y
266 ldap-decode-string ; 15 Directory String Y
267 nil ; 16 DIT Content Rule Description Y
268 nil ; 17 DIT Structure Rule Description Y
269 nil ; 18 DL Submit Permission Y
270 nil ; 19 DSA Quality Syntax Y
271 nil ; 20 DSE Type Y
272 nil ; 21 Enhanced Guide Y
273 nil ; 22 Facsimile Telephone Number Y
274 nil ; 23 Fax N
275 nil ; 24 Generalized Time Y
276 nil ; 25 Guide Y
277 nil ; 26 IA5 String Y
278 string-to-number ; 27 INTEGER Y
279 nil ; 28 JPEG N
280 nil ; 29 Master And Shadow Access Points Y
281 nil ; 30 Matching Rule Description Y
282 nil ; 31 Matching Rule Use Description Y
283 nil ; 32 Mail Preference Y
284 nil ; 33 MHS OR Address Y
285 nil ; 34 Name And Optional UID Y
286 nil ; 35 Name Form Description Y
287 nil ; 36 Numeric String Y
288 nil ; 37 Object Class Description Y
289 nil ; 38 OID Y
290 nil ; 39 Other Mailbox Y
291 nil ; 40 Octet String Y
292 ldap-decode-address ; 41 Postal Address Y
293 nil ; 42 Protocol Information Y
294 nil ; 43 Presentation Address Y
295 ldap-decode-string ; 44 Printable String Y
296 nil ; 45 Subtree Specification Y
297 nil ; 46 Supplier Information Y
298 nil ; 47 Supplier Or Consumer Y
299 nil ; 48 Supplier And Consumer Y
300 nil ; 49 Supported Algorithm N
301 nil ; 50 Telephone Number Y
302 nil ; 51 Teletex Terminal Identifier Y
303 nil ; 52 Telex Number Y
304 nil ; 53 UTC Time Y
305 nil ; 54 LDAP Syntax Description Y
306 nil ; 55 Modify Rights Y
307 nil ; 56 LDAP Schema Definition Y
308 nil ; 57 LDAP Schema Description Y
309 nil ; 58 Substring Assertion Y
310 ]
311 "A vector of functions used to decode LDAP attribute values.
312 The sequence of functions corresponds to the sequence of LDAP attribute syntax
313 object identifiers of the form 1.3.6.1.4.1.1466.1115.121.1.* as defined in
314 RFC2252 section 4.3.2")
315
316
317 (defvar ldap-attribute-syntaxes-alist
318 '((createtimestamp . 24)
319 (modifytimestamp . 24)
320 (creatorsname . 12)
321 (modifiersname . 12)
322 (subschemasubentry . 12)
323 (attributetypes . 3)
324 (objectclasses . 37)
325 (matchingrules . 30)
326 (matchingruleuse . 31)
327 (namingcontexts . 12)
328 (altserver . 26)
329 (supportedextension . 38)
330 (supportedcontrol . 38)
331 (supportedsaslmechanisms . 15)
332 (supportedldapversion . 27)
333 (ldapsyntaxes . 16)
334 (ditstructurerules . 17)
335 (nameforms . 35)
336 (ditcontentrules . 16)
337 (objectclass . 38)
338 (aliasedobjectname . 12)
339 (cn . 15)
340 (sn . 15)
341 (serialnumber . 44)
342 (c . 15)
343 (l . 15)
344 (st . 15)
345 (street . 15)
346 (o . 15)
347 (ou . 15)
348 (title . 15)
349 (description . 15)
350 (searchguide . 25)
351 (businesscategory . 15)
352 (postaladdress . 41)
353 (postalcode . 15)
354 (postofficebox . 15)
355 (physicaldeliveryofficename . 15)
356 (telephonenumber . 50)
357 (telexnumber . 52)
358 (telexterminalidentifier . 51)
359 (facsimiletelephonenumber . 22)
360 (x121address . 36)
361 (internationalisdnnumber . 36)
362 (registeredaddress . 41)
363 (destinationindicator . 44)
364 (preferreddeliverymethod . 14)
365 (presentationaddress . 43)
366 (supportedapplicationcontext . 38)
367 (member . 12)
368 (owner . 12)
369 (roleoccupant . 12)
370 (seealso . 12)
371 (userpassword . 40)
372 (usercertificate . 8)
373 (cacertificate . 8)
374 (authorityrevocationlist . 9)
375 (certificaterevocationlist . 9)
376 (crosscertificatepair . 10)
377 (name . 15)
378 (givenname . 15)
379 (initials . 15)
380 (generationqualifier . 15)
381 (x500uniqueidentifier . 6)
382 (dnqualifier . 44)
383 (enhancedsearchguide . 21)
384 (protocolinformation . 42)
385 (distinguishedname . 12)
386 (uniquemember . 34)
387 (houseidentifier . 15)
388 (supportedalgorithms . 49)
389 (deltarevocationlist . 9)
390 (dmdname . 15))
391 "A map of LDAP attribute names to their type object id minor number.
392 This table is built from RFC2252 Section 5 and RFC2256 Section 5")
393
394
395 ;; Coding/decoding functions
396
397 (defun ldap-encode-boolean (bool)
398 (if bool
399 "TRUE"
400 "FALSE"))
401
402 (defun ldap-decode-boolean (str)
403 (cond
404 ((string-equal str "TRUE")
405 t)
406 ((string-equal str "FALSE")
407 nil)
408 (t
409 (error "Wrong LDAP boolean string: %s" str))))
410
411 (defun ldap-encode-country-string (str)
412 ;; We should do something useful here...
413 (if (not (= 2 (length str)))
414 (error "Invalid country string: %s" str)))
415
416 (defun ldap-decode-string (str)
417 (decode-coding-string str ldap-coding-system))
418
419 (defun ldap-encode-string (str)
420 (encode-coding-string str ldap-coding-system))
421
422 (defun ldap-decode-address (str)
423 (mapconcat 'ldap-decode-string
424 (split-string str "\\$")
425 "\n"))
426
427 (defun ldap-encode-address (str)
428 (mapconcat 'ldap-encode-string
429 (split-string str "\n")
430 "$"))
431
432
433 ;; LDAP protocol functions
434
435 (defun ldap-get-host-parameter (host parameter)
436 "Get the value of PARAMETER for HOST in `ldap-host-parameters-alist'."
437 (plist-get (cdr (assoc host ldap-host-parameters-alist))
438 parameter))
439
440 (defun ldap-decode-attribute (attr)
441 "Decode the attribute/value pair ATTR according to LDAP rules.
442 The attribute name is looked up in `ldap-attribute-syntaxes-alist'
443 and the corresponding decoder is then retrieved from
444 `ldap-attribute-syntax-decoders' and applied on the value(s)."
445 (let* ((name (car attr))
446 (values (cdr attr))
447 (syntax-id (cdr (assq (intern (downcase name))
448 ldap-attribute-syntaxes-alist)))
449 decoder)
450 (if syntax-id
451 (setq decoder (aref ldap-attribute-syntax-decoders
452 (1- syntax-id)))
453 (setq decoder ldap-default-attribute-decoder))
454 (if decoder
455 (cons name (mapcar decoder values))
456 attr)))
457
458
459 (defun ldap-search (filter &optional host attributes attrsonly withdn)
460 "Perform an LDAP search.
461 FILTER is the search filter in RFC1558 syntax.
462 HOST is the LDAP host on which to perform the search.
463 ATTRIBUTES are the specific attributes to retrieve, nil means
464 retrieve all.
465 ATTRSONLY, if non-nil, retrieves the attributes only, without
466 the associated values.
467 If WITHDN is non-nil, each entry in the result will be prepended with
468 its distinguished name WITHDN.
469 Additional search parameters can be specified through
470 `ldap-host-parameters-alist', which see."
471 (interactive "sFilter:")
472 (or host
473 (setq host ldap-default-host)
474 (error "No LDAP host specified"))
475 (let ((host-plist (cdr (assoc host ldap-host-parameters-alist)))
476 result)
477 (setq result (ldap-search-internal (append host-plist
478 (list 'host host
479 'filter filter
480 'attributes attributes
481 'attrsonly attrsonly
482 'withdn withdn))))
483 (if ldap-ignore-attribute-codings
484 result
485 (mapcar (function
486 (lambda (record)
487 (mapcar 'ldap-decode-attribute record)))
488 result))))
489
490
491 (defun ldap-search-internal (search-plist)
492 "Perform a search on a LDAP server.
493 SEARCH-PLIST is a property list describing the search request.
494 Valid keys in that list are:
495 `host' is a string naming one or more (blank-separated) LDAP servers to
496 to try to connect to. Each host name may optionally be of the form HOST:PORT.
497 `filter' is a filter string for the search as described in RFC 1558.
498 `attributes' is a list of strings indicating which attributes to retrieve
499 for each matching entry. If nil, return all available attributes.
500 `attrsonly', if non-nil, indicates that only attributes are retrieved,
501 not their associated values.
502 `base' is the base for the search as described in RFC 1779.
503 `scope' is one of the three symbols `sub', `base' or `one'.
504 `binddn' is the distinguished name of the user to bind as (in RFC 1779 syntax).
505 `passwd' is the password to use for simple authentication.
506 `deref' is one of the symbols `never', `always', `search' or `find'.
507 `timelimit' is the timeout limit for the connection in seconds.
508 `sizelimit' is the maximum number of matches to return.
509 `withdn' if non-nil each entry in the result will be prepended with
510 its distinguished name DN.
511 The function returns a list of matching entries. Each entry is itself
512 an alist of attribute/value pairs."
513 (let ((buf (get-buffer-create " *ldap-search*"))
514 (bufval (get-buffer-create " *ldap-value*"))
515 (host (or (plist-get search-plist 'host)
516 ldap-default-host))
517 (filter (plist-get search-plist 'filter))
518 (attributes (plist-get search-plist 'attributes))
519 (attrsonly (plist-get search-plist 'attrsonly))
520 (base (or (plist-get search-plist 'base)
521 ldap-default-base))
522 (scope (plist-get search-plist 'scope))
523 (binddn (plist-get search-plist 'binddn))
524 (passwd (plist-get search-plist 'passwd))
525 (deref (plist-get search-plist 'deref))
526 (timelimit (plist-get search-plist 'timelimit))
527 (sizelimit (plist-get search-plist 'sizelimit))
528 (withdn (plist-get search-plist 'withdn))
529 (numres 0)
530 arglist dn name value record result)
531 (if (or (null filter)
532 (equal "" filter))
533 (error "No search filter"))
534 (setq filter (cons filter attributes))
535 (save-excursion
536 (set-buffer buf)
537 (erase-buffer)
538 (if (and host
539 (not (equal "" host)))
540 (setq arglist (nconc arglist (list (format "-h%s" host)))))
541 (if (and attrsonly
542 (not (equal "" attrsonly)))
543 (setq arglist (nconc arglist (list "-A"))))
544 (if (and base
545 (not (equal "" base)))
546 (setq arglist (nconc arglist (list (format "-b%s" base)))))
547 (if (and scope
548 (not (equal "" scope)))
549 (setq arglist (nconc arglist (list (format "-s%s" scope)))))
550 (if (and binddn
551 (not (equal "" binddn)))
552 (setq arglist (nconc arglist (list (format "-D%s" binddn)))))
553 (if (and passwd
554 (not (equal "" passwd)))
555 (setq arglist (nconc arglist (list (format "-w%s" passwd)))))
556 (if (and deref
557 (not (equal "" deref)))
558 (setq arglist (nconc arglist (list (format "-a%s" deref)))))
559 (if (and timelimit
560 (not (equal "" timelimit)))
561 (setq arglist (nconc arglist (list (format "-l%s" timelimit)))))
562 (if (and sizelimit
563 (not (equal "" sizelimit)))
564 (setq arglist (nconc arglist (list (format "-z%s" sizelimit)))))
565 (eval `(call-process ldap-ldapsearch-prog
566 nil
567 buf
568 nil
569 ,@arglist
570 "-t" ; Write values to temp files
571 ,@ldap-ldapsearch-args
572 ,@filter))
573 (insert "\n")
574 (goto-char (point-min))
575
576 (if (looking-at "usage")
577 (error "Incorrect ldapsearch invocation")
578 (message "Parsing results... ")
579 (while (progn
580 (skip-chars-forward " \t\n")
581 (not (eobp)))
582 (setq dn (buffer-substring (point) (save-excursion
583 (end-of-line)
584 (point))))
585 (forward-line 1)
586 (while (looking-at "^\\(\\w*\\)[=:\t ]+\\(.*\\)$")
587 (setq name (match-string 1)
588 value (match-string 2))
589 (save-excursion
590 (set-buffer bufval)
591 (erase-buffer)
592 (insert-file-contents-literally value)
593 (delete-file value)
594 (setq value (buffer-substring (point-min) (point-max))))
595 (setq record (cons (list name value)
596 record))
597 (forward-line 1))
598 (setq result (cons (if withdn
599 (cons dn (nreverse record))
600 (nreverse record)) result))
601 (setq record nil)
602 (skip-chars-forward " \t\n")
603 (message "Parsing results... %d" numres)
604 (1+ numres))
605 (message "Parsing results... done")
606 (nreverse result)))))
607
608
609 (provide 'ldap)
610
611 ;;; ldap.el ends here
Emacs repository mirror