Netscape Directory Server Plug-In ProgrammerÆs Guide: Chapter 16Parameter Block Reference

Plug-In ProgrammerÆs Guide
Netscape Directory Server

Chapter 16 Parameter Block Reference

This chapter describes the parameters available in the Slapi_PBlock parameter block, the type of data associated with each parameter, and the plug-in functions in which those parameters are accessible.

To get the values of these parameters, call the slapi_pblock_get() function. To set the values of these parameters, call the slapi_pblock_set() function. Using these parameters, you can get and set the following information:

Parameters for Registering Plug-In Functions

Parameters Accessible to All Plug-Ins

Parameters for the Bind Function

Parameters for the Search Function

Parameters for the Add Function

Parameters for the Compare Function

Parameters for the Delete Function

Parameters for the Modify Function

Parameters for the Modify RDN Function

Parameters for the Abandon Function

Parameters for the Matching Rule Function

Parameters for LDBM Backend Pre- and Post-Operation Functions

Parameters for the Database

Parameters for LDAP Functions

Parameters for Error Logging

Parameters for Filters

Parameters for Password Storage

Parameters for Resource Limits

Parameters for the Virtual Attribute Service

Parameters for Registering Plug-In Functions

The parameters listed in this section identify plug-in functions recognized by the server. To register your plug-in function, set the value of the appropriate parameter to the name of your function.

Note

With the exception of the parameters for matching rule plug-in functions, you do not need to get the value of any of these parameters.

The parameters for registering plug-in functions are organized in the following sections:

Pre-Operation/Data Validation Plug-Ins

Post-Operation/Data Notification Plug-Ins

Matching Rule Plug-Ins

Entry Plug-Ins

Note

Database plug-ins are not supported in Directory Server version 6.x. Please use the pre-operation, post-operation, and/or extended operation API to register plug-in functions.

Pre-Operation/Data Validation Plug-Ins

The parameters listed in this section are used to register pre-operation/data validation plug-in functions.

To register your plug-in function, write an initialization function that sets the values of the following parameters to your functions.

Parameter ID

Description

SLAPI_PLUGIN_PRE_BIND_FN

This function is called before an LDAP bind operation is completed.

SLAPI_PLUGIN_PRE_UNBIND_FN

This function is called before an LDAP unbind operation is completed.

SLAPI_PLUGIN_PRE_SEARCH_FN

This function is called before an LDAP search operation is completed.

SLAPI_PLUGIN_PRE_COMPARE_FN

This function is called before an LDAP compare operation is completed.

SLAPI_PLUGIN_PRE_MODIFY_FN

This function is called before an LDAP modify operation is completed.

SLAPI_PLUGIN_PRE_MODRDN_FN

This function is called before an LDAP modify RDN operation is completed.

SLAPI_PLUGIN_PRE_ADD_FN

This function is called before an LDAP add operation is completed.

SLAPI_PLUGIN_PRE_DELETE_FN

This function is called before an LDAP delete operation is completed.

SLAPI_PLUGIN_PRE_ENTRY_FN

This function is called before an entry is sent back to the client.

SLAPI_PLUGIN_PRE_REFERRAL_FN

This function is called before a set of referrals is sent back to the client.

SLAPI_PLUGIN_PRE_RESULT_FN

This function is called before a set of search results is sent back to the client.

SLAPI_PLUGIN_START_FN

This function is called after the server starts up. You can specify a start function for each pre-operation plug-in.

SLAPI_PLUGIN_CLOSE_FN

This function is called before the server shuts down. You can specify a close function for each pre-operation plug-in.

SLAPI_PLUGIN_DESTROY_FN

Function for freeing a filter function or indexer function.

SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN

This function is called before an internal LDAP add operation is completed.

SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN

This function is called before an internal LDAP delete operation is completed.

SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN

This function is called before an internal LDAP modify operation is completed.

SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN

This function is called before an internal LDAP modify RDN operation is completed.

Post-Operation/Data Notification Plug-Ins

The parameters listed in this section are used to register post-operation/data notification plug-in functions.

Parameter ID

Description

SLAPI_PLUGIN_POST_BIND_FN

This function is called after an LDAP bind operation is completed.

SLAPI_PLUGIN_POST_UNBIND_FN

This function is called after an LDAP unbind operation is completed.

SLAPI_PLUGIN_POST_SEARCH_FN

This function is called after an LDAP search operation is completed.

SLAPI_PLUGIN_POST_COMPARE_FN

This function is called after an LDAP compare operation is completed.

SLAPI_PLUGIN_POST_MODIFY_FN

This function is called after an LDAP modify operation is completed.

SLAPI_PLUGIN_POST_MODRDN_FN

This function is called after an LDAP modify RDN operation is completed.

SLAPI_PLUGIN_POST_ADD_FN

This function is called after an LDAP add operation is completed.

SLAPI_PLUGIN_POST_DELETE_FN

This function is called after an LDAP delete operation is completed.

SLAPI_PLUGIN_POST_ABANDON_FN

This function is called after an LDAP abandon operation is completed.

SLAPI_PLUGIN_POST_ENTRY_FN

This function is called after an entry is sent back to the client.

SLAPI_PLUGIN_POST_REFERRAL_FN

This function is called after a set of referrals is sent back to the client.

SLAPI_PLUGIN_POST_RESULT_FN

This function is called after a set of search results is sent back to the client.

SLAPI_PLUGIN_START_FN

This function is called after the server starts up. You can specify a start function for each post-operation plug-in.

SLAPI_PLUGIN_INTERNAL_POST_ADD_FN

This function is called after an internal LDAP add operation is completed.

SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN

This function is called after an internal LDAP delete operation is completed.

SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN

This function is called after an internal LDAP modify operation is completed.

SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN

This function is called after an internal LDAP modify RDN operation is completed.

Matching Rule Plug-Ins

The parameters listed below are used with matching rule plug-in functions that can be registered.

Parameter ID

Description

SLAPI_PLUGIN_MR_FILTER_CREATE_FN

This is a factory function for creating filter functions. This function must be thread-safe, since the server may call it concurrently with other functions.

SLAPI_PLUGIN_MR_INDEXER_CREATE_FN

This is a factory function for creating indexer functions. This function must be thread-safe, since the server may call it concurrently with other functions.

SLAPI_PLUGIN_MR_FILTER_MATCH_FN

This functions uses the ID to set and get a filter function.

SLAPI_PLUGIN_MR_FILTER_INDEX_FN

This is a filter function that uses an index to accelerate the processing of a search request.

SLAPI_PLUGIN_MR_FILTER_RESET_FN

This function resets the filter function.

SLAPI_PLUGIN_MR_INDEX_FN

This function used the ID to get and set the index function.

Entry Plug-Ins

The parameters listed below are used for entry store and entry fetch plug-in functions. These plug-in functions are called by the server before writing an entry to disk and after reading an entry from disk. Entry store and entry fetch plug-in functions are passed using the string representation (in LDIF — LDAP Data Interchange Format) of the entry.

Note

The Directory Server caches recently added and retrieved entries in memory. The entry fetch plug-in function is called only when reading the entry from the disk, and not when reading the entry from the cache.

Parameter ID

Description

SLAPI_PLUGIN_ENTRY_FETCH_FUNC

This function fetches information that represents an LDAP entry.

SLAPI_PLUGIN_ENTRY_STORE_FUNC

This function stores information about an entry that was fetched by the SLAPI_PLUGIN_ENTRY_FETCH_FUNC function.

Parameters Accessible to All Plug-Ins

The parameters listed in this section are accessible to all types of plug-ins. The parameters in this section are organized in the following sections:

Information About the Database

Information About the Connection

Information About the Operation

Information About Extended Operations

Information About the Transaction

Information About Access Control Lists

Notes in the Access Log

Information About the Plug-In

Information About Command-Line Arguments

Information About Attributes

Information About Targets

Information About the Database

The parameters listed below specify information about the back-end database. These parameters are available for all types of plug-ins. Note that these specific parameters cannot be set by calling slapi_pblock_set(). You can, however, get these parameters by calling slapi_pblock_get().

Parameter ID

Data Type

Description

SLAPI_BACKEND

Slapi_Backend *

The database back-end servicing this operation. The value may be NULL if there is currently no back-end associated with the operation.

SLAPI_BE_MONITORDN

char *

(Directory Server 3.x releases only) DN used to monitor the back-end database.
Note that this is no longer supported in the Directory Server 6.1 or higher release.

SLAPI_BE_TYPE

char *

Type of back-end database (this is the type specified by the nsslapd-database directive in the server configuration file).

SLAPI_BE_READONLY

int

Specifies whether or not the back-end database is read-only (this is determined by the nsslapd-readonly directive in the server configuration file).

1 means that the database back-end is read-only.

0 means that the database back-end is writable.

SLAPI_DBSIZE

int

Specifies the size of the back-end database.

SLAPI_BE_LASTMOD

int

If 0 (false), the database does not keep track of the last modification time and who modified it. If non-zero (true), the database does keep track. The default is true.

SLAPI_BE_FLAG_REMOTE_DATA

int

Flag that indicates the entries held by the back-end are remote.

SLAPI_BE_ALL_BACKENDS

int

Special value that is returned by a distribution plug-in function to indicate that all back-ends should be searched. Used only for search operations.

SLAPI_BE_MAXNESTLEVEL

int *

Indicates the maximum number of nesting levels allowed within groups for access control evaluation.

SLAPI_CLIENT_DNS

struct berval **

Contains a list of client IP addresses that are registered in DNS. Used to determine the authorization type.

SLAPI_FAIL_DISKFULL

int

Return code for a back-end API call that indicates the disk is full and the operation has failed.

SLAPI_FAIL_GENERAL

int

Return code for a backend API call that indicates that the operation has failed due to some cause other than disk full.

Information About the Connection

The parameters listed below specify information about the connection. These parameters are available for all types of plug-ins.

Parameter ID

Data Type

Description

SLAPI_CONN_CERT

CERTCertificate *
Note: This is an NSS database. See http://mozilla.org/projects/security/pki/nss/

The client certificate associated with the connection (may be absent).

SLAPI_CONN_IS_REPLICATION_ SESSION

char *

Indicates the current connection is a replication session.

SLAPI_CONN_IS_SSL_ CONNECTION

char *

Indicates the current connection is through SSL.

SLAPI_CONNECTION

Slapi_Connection *

Information about the current client connection.

SLAPI_CONN_ID

int *

ID identifying the current connection.

SLAPI_CONN_DN

char *

DN of the user authenticated on the current connection. If you call slapi_pblock_get() to get this DN, you should call slapi_ch_free_string() to free the resulting DN when done.

SLAPI_CONN_AUTHMETHOD

char *

Method used to authenticate the current user. If you call slapi_pblock_get() to get this value, you should call slapi_ch_free_string() to free the resulting value when done. This parameter can have one of the following values:

SLAPD_AUTH_NONE specifies that no authentication mechanism was used (for example, in cases of anonymous authentication).

SLAPD_AUTH_SIMPLE specifies that simple authentication (user name and password) was used to authenticate the current user.

SLAPD_AUTH_SSL specifies that SSL (certificate-based authentication) was used to authenticate the current user.

SLAPD_AUTH_SASL specifies that a SASL (simple authentication and security layer) mechanism was used to authenticate the current user.

SLAPI_CONN_AUTHTYPE

char *

This parameter has been deprecated for the 6.1 or higher release. Use SLAPI_CONN_AUTHMETHOD instead.

SLAPI_CONN_CLIENTIP

struct in_addr

IP address of the client requesting the operation. This parameter has been replaced by SLAPI_CONN_CLIENTNETADDR, but is provided here for backward compatibility.

SLAPI_CONN_SERVERIP

struct in_addr

IP address that the client is connecting to. You might want to use this parameter if, for example, your server accepts connections on multiple IP addresses.This parameter has been replaced by SLAPI_CONN_SERVERADDR, but is provided here for backward compatibility

SLAPI_CONN_CLIENTNETADDR*

PRNetAddr

IP address of the client requesting the operation.

SLAPI_CONN_SERVERNETADDR*

PRNetAddr

IP address that the client is connecting to. You might want to use this parameter if, for example, your server accepts connections on multiple IP addresses.

*These parameters use an NSPR structure. See http://www.mozilla.org/projects/nspr for more information.

Information About the Operation

The parameters listed below specify information about the current operation. These parameters are available for all types of plug-ins.

Parameter ID

Data Type

Description

SLAPI_OPERATION

Slapi_Operation *

Information about the operation currently in progress.

SLAPI_OPINITIATED_TIME

time_t

Time when the server began processing the operation.

SLAPI_REQUESTOR_ISROOT

int

Specifies whether or not the user requesting the operation is the "root DN".

1 means that the "root DN" is requesting the operation.

0 means that the user requesting the operation is not the "root DN."

The "root DN" is the "superuser" of the directory. This DN is specified by the nsslapd-rootdn attribute in the cn=config entry in the server configuration file.

SLAPI_REQUESTOR_ISUPDATEDN

int

Deprecated.

SLAPI_REQUESTOR_DN

char *

Specifies the DN of the user requesting the operation.

SLAPI_TARGET_DN

char *

Specifies the DN to which the operation applies (for example, the DN of the entry being added or removed).

SLAPI_REQCONTROLS

LDAPControl **

Array of the controls specified in the request.

SLAPI_CONTROLS_ARG

LDAPControl **

Allows control arguments to be passed before an operation object is created.

Information About Extended Operations

The following table lists the parameters in the parameter block passed to extended operation functions. If you are writing your own plug-in function for performing this work, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_EXT_OP_REQ_OID

char *

Object ID (OID) of the extended operation specified in the request.

SLAPI_EXT_OP_REQ_VALUE

struct berval*

Value specified in the request.

SLAPI_EXT_OP_RET_OID

char *

Object ID (OID) that you want sent back to the client.

SLAPI_EXT_OP_RET_VALUE

struct berval*

Return value that you want sent back to the client.

Information About the Transaction

The parameters listed below specify information about the current transaction. These parameters are available for all types of plug-ins.

Parameter ID

Data Type

Description

SLAPI_PARENT_TXN

void *

Parent transaction.

SLAPI_TXN

void *

ID for current transaction.

Information About Access Control Lists

The parameters listed below are used with the access control list (ACL) plug-in functions to determine access control levels.

Parameter ID

Data Type

Description

SLAPI_PLUGIN_ACL_ALLOW_ACCESS

int

Flag sent to the ACL plug-in when it is called that indicates that ACL access is allowed.

SLAPI_PLUGIN_ACL_INIT

int

Flag that is set when ACL plug-ins are initialized that allows the use of ACL plugin access functions.

SLAPI_PLUGIN_ACL_MODS_ALLOWED

int

Flag that indicates if the modifications that were made are allowed.

SLAPI_PLUGIN_ACL_MODS_UPDATE

int

Flag that indicates you can modify (remove, ad, or change) the access control items (ACIs).

SLAPI_PLUGIN_ACL_SYNTAX_CHECK

int

Flag that verifies the ACI being added for the entry has a valid syntax.

Notes in the Access Log

The parameters listed below specify notes that can be appended to access log entries. These parameters are available for all types of plug-ins.

Parameter ID

Data Type

Description

SLAPI_OPERATION_NOTES

unsigned int

Flags specifying the notes that you want appended to access log entries.
You can set this parameter to the following value:

SLAPI_OP_NOTE_UNINDEXED specifies that you want the string Notes=U appended to access log entries. You can use this to indicate that a search operation could not use indexes to generate a smaller list of candidates.

If no flags are set, no notes are appended to access log entries.

Information About the Plug-In

The parameters listed below specify information about the plug-in that is available to all plug-in functions defined in the current library. These parameters are available for all types of plug-ins.

Parameter ID

Data Type

Description

SLAPI_PLUGIN

void *

Pointer to the internal server representation of this plug-in.

SLAPI_PLUGIN_PRIVATE

void *

Private data that you want passed to your plug-in functions.

SLAPI_PLUGIN_TYPE

int

Specifies the type of plug-in function (see Types of Plug-Ins)

SLAPI_PLUGIN_ARGV

char **

NULL-terminated array of command-line arguments specified for the plugin directive in the server configuration file.

SLAPI_PLUGIN_ARGC

int

Number of command-line arguments specified for the plugin directive in the server configuration file.

SLAPI_PLUGIN_VERSION

char *

Specifies the version of the plug-in function (see Version Information).

SLAPI_PLUGIN_OPRETURN

int

Specifies the return value of the LDAP operation that has just been processed.

SLAPI_PLUGIN_OBJECT

void *

Reserved for internal use only — used with filter processing.

SLAPI_PLUGIN_DESTROY_FN

void *

Reserved for internal use only — used with filter processing.

SLAPI_PLUGIN_DESCRIPTION

char *

Provides a description of this plug-in function.

SLAPI_PLUGIN_IDENTITY

char *

Identifies this plug-in function.

Types of Plug-Ins

The SLAPI_PLUGIN_TYPE parameter can have one of the following values, which identifies the type of the current plug-in:

Defined Constant

Description

SLAPI_PLUGIN_DATABASE

Deprecated.

SLAPI_PLUGIN_EXTENDEDOP

Extended operation plug-in.

SLAPI_PLUGIN_PREOPERATION

Pre-operation/data validation plug-in.

SLAPI_PLUGIN_POSTOPERATION

Post-operation/data notification plug-in.

SLAPI_PLUGIN_MATCHINGRULE

Matching rule plug-in.

SLAPI_PLUGIN_SYNTAX

Syntax plug-in.

SLAPI_PLUGIN_ACL

Access control plug-in.

SLAPI_PLUG_BEPREOPERATION

Database pre-operation plug-in.

SLAPI_PLUGIN_BEPOSTOPERATION

Database post-operation plug-in.

SLAPI_PLUGIN_PWD_STORAGE_SCHEME

Password storage scheme plug-in.

SLAPI_PLUGIN_REVER_PWD_STORAGE_ SCHEME

Reverse password storage scheme plug-in.

SLAPI_PLUGIN_VATTR_SP

Virtual attribute service provider plug-in.

SLAPI_PLUGIN_INDEX

Indexing plug-in.

SLAPI_PLUGIN_TYPE_OBJECT

Object type plug-in.

SLAPI_PLUGIN_LDBM_ENTRY_FETCH_ STORE

Plug-in that fetches and stores an entry from the default back-end database (ldbm).

Version Information

To set the value of the SLAPI_PLUGIN_VERSION parameter, you can specify one of the following values:

Defined Constant

Description

SLAPI_PLUGIN_CURRENT_VERSION

The current version of the Directory Server plug-in.

SLAPI_PLUGIN_VERSION_01

Version 1 of the plug-in interface, which is supported by the Directory Server 3.x and subsequent releases (including 4.0).

SLAPI_PLUGIN_VERSION_02

Version 2 of the plug-in interface, which is supported by the Directory Server 4.x release but not by previous releases.

SLAPI_PLUGIN_VERSION_03

Version 3 of the plug-in interface, which is supported by the Directory Server 6.1 release, but not by previous releases.

Information About Command-Line Arguments

The parameters listed below are used to determine the command-line arguments that a plug-in was invoked with.

Parameter ID

Data Type

Description

SLAPI_ARGC

int

Determines the number of command-line arguments the the Directory Server was invoked with.

SLAPI_ARGV

char **

Pointer to an array of character strings that contain the command-line arguments, one per string, that the Directory Server was invoked with.

Information About Attributes

The parameters listed below provide the following information about attributes:

Attribute Names

Attribute Flags

Attribute Comparisons

Attribute Names

The parameters listed below are used to check for commonly used attribute names. These are not pblock parameters but macros that define strings, for example, SLAPI_ATTR_OBJECTCLASS is "objectclass".

Parameter ID

Data Type

Description

SLAPI_ATTR_NSCP_ENTRYDN

int

The nscpEntryDN attribute value.

SLAPI_ATTR_OBJECTCLASS

int

The objectclass attribute value.

SLAPI_ATTR_UNIQUEID

int

The nsuniqueid (unique ID) attribute value.

SLAPI_ATTR_VALUE_PARENT_UNIQUEID

int

The nsParentUniqueID attribute value.

SLAPI_ATTR_VALUE_TOMBSTONE

int

The nsTombstone attribute value.

Attribute Flags

The parameters listed below are used by the slapi_attr_get_flags()function to get the flags associated with the specified attribute. These flags can identify an attribute as a single-valued attribute, an operational attribute, or as a read-only attribute.

Parameter ID

Description

SLAPI_ATTR_FLAG_COLLECTIVE

Flag that indicates the optional collective marker has been set (not supported).

SLAPI_ATTR_FLAG_NOUSERMOD

Flag that indicates this attribute cannot be modified by a user over LDAP.

SLAPI_ATTR_FLAG_OBSOLETE

Flag that indicates this attribute is obsolete.

SLAPI_ATTR_FLAG_OPATTR

Flag that determines if the attribute is an operational attribute.

SLAPI_ATTR_FLAG_READONLY

Flag that determines if the attribute is read-only.

SLAPI_ATTR_FLAG_SINGLE

Flag that determines if the attribute is single-valued.

SLAPI_ATTR_FLAG_STD_ATTR

Flag that indicates that this is a standard, non-user-defined attribute that is not listed in the user defined schema file, which is typically the schema file named 99user.ldif. Standard attribute types can't be deleted by modifying the subschema subentry (cn=schema) over LDAP.

Attribute Comparisons

The parameters listed below are used with the slapi_attr_type_cmp() plug-in function to compare two components of an attribute.

Parameter ID

Description

SLAPI_TYPE_CMP_BASE

Ignores the options on both names and compares the base names only.

SLAPI_TYPE_CMP_EXACT

Compares the base name plus options as specified.

SLAPI_TYPE_CMP_SUBTYPE

Ignores the options on the second name that are not in the first name.

Information About Targets

The parameters listed below provide information about targets. These parameters are available for all types of plug-ins.

Parameter ID

Data Type

Description

SLAPI_TARGET_ADDRESS

void *

Indicates the target address (DN + uniqueid) should be normalized.

SLAPI_TARGET_DN

char *

Indicates the target DN of the operation, which is normalized.

SLAPI_TARGET_UNIQUEID

char *

Indicates the target uniqueid should be normalized.

Parameters for the Bind Function

The following table lists the parameters in the parameter block passed to the database bind function. If you are writing a pre-operation, database, or post-operation bind function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_BIND_TARGET

char *

DN of the entry to bind to.

SLAPI_BIND_METHOD

int

Authentication method used (for example, LDAP_AUTH_SIMPLE or LDAP_AUTH_SASL).

SLAPI_BIND_CREDENTIALS

struct berval *

Credentials from the bind request.

SLAPI_BIND_RET_SASLCREDS

struct berval *

Simple Authentication and Security Layer (SASL) credentials that you want to send back to the client. (Set this before calling slapi_send_ldap_result().)

SLAPI_BIND_SASLMECHANISM

char *

Simple Authentication and Security Layer (SASL) mechanism that is used (for example, LDAP_SASL_EXTERNAL).

See Processing an LDAP Bind Operation for more information on these parameters.

Parameters for the Search Function

The following parameters are used with the search function:

Parameters Passed to the Search Function

Parameters for Executing the Search

Parameters for the Search Results

Parameters Passed to the Search Function

The following table lists the parameters in the parameter block passed to the database search function. If you are writing a pre-operation, database, or post-operation search function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_SEARCH_TARGET

char *

DN of the base entry in the search operation (the starting point of the search).

SLAPI_SEARCH_SCOPE

int

The scope of the search. The scope can be one of the following values:

LDAP_SCOPE_BASE

LDAP_SCOPE_ONELEVEL

LDAP_SCOPE_SUBTREE

SLAPI_SEARCH_DEREF

int

Method for handling aliases in a search. This method can be one of the following values:

LDAP_DEREF_NEVER

LDAP_DEREF_SEARCHING

LDAP_DEREF_FINDING

LDAP_DEREF_ALWAYS

SLAPI_SEARCH_SIZELIMIT

int

Maximum number of entries to return in the search results.

SLAPI_SEARCH_TIMELIMIT

int

Maximum amount of time (in seconds) allowed for the search operation.

SLAPI_SEARCH_FILTER

Slapi_Filter *

Slapi_Filter struct (an opaque data structure) representing the filter to be used in the search.

SLAPI_SEARCH_STRFILTER

char *

String representation of the filter to be used in the search.

SLAPI_SEARCH_ATTRS

char **

Array of attribute types to be returned in the search results.

SLAPI_SEARCH_ATTRSONLY

int

Specifies whether the search results return attribute types only or attribute types and values. (0 means return both attributes and values; 1 means return attribute types only).

Parameters for Executing the Search

The following parameters are set by the front-end and back-end database as part of the process of executing the search.

Parameter ID

Data Type

Description

SLAPI_SEARCH_RESULT_SET

void *

Set of search results.

SLAPI_SEARCH_RESULT_ENTRY

void *

Entry returned from iterating through the results set.

SLAPI_SEARCH_RESULT_ENTRY_EXT

void *

Reserved for future use.

SLAPI_NENTRIES

int

Number of search results found.

SLAPI_SEARCH_REFERRALS

struct berval **

Array of the URLs to other LDAP servers that the current server is referring the client to.

See Processing an LDAP Search Operation and Iterating Through Candidates for more information on these parameters.

Parameters for the Search Results

The entry and referrals options listed below are set/read by both the front-end and back-end database while stepping through the search results.

Parameters that Return Data Types

The parameters listed below return data types.

Parameter ID

Data Type

Description

SLAPI_RESULT_CODE

int *

Result code that was encountered during the search; this corresponds to the resultCode field within an LDAPResult message.

SLAPI_RESULT_MATCHED

char *

The portion of the target DN that was matched; this corresponds to the matchedDN field within an LDAPResult message.

SLAPI_RESULT_TEXT

char *

The textual error message; this corresponds to the errorMessage field within an LDAPResult message.

SLAPI_PB_RESULT_TEXT

char *

A textual error message passed from internal subsystems to a plug-in. Currently used by the slapi_entry_schema_check() function to provide extra explantory information when it returns a non-zero value (that is, when the schema check fails).

Parameters that Convert Strings to Entries

The parameters listed below are pblock parameters; they are flags that can be passed to the slapi_str2entry() function.

Parameter ID

Description

SLAPI_STR2ENTRY_ADDRDNVALS

In the conversion from strings to entries, adds the RDN value as an attribute if it is not present.

SLAPI_STR2ENTRY_BIGENTRY

Provides a hint that the entry is large; this enables some optimizations related to large entries.

SLAPI_STR2ENTRY_EXPAND_OBJECT CLASSES

Adds any missing ancestor values based on the object class hierarchy.

SLAPI_STR2ENTRY_IGNORE_STATE

Ignores entry state information if present.

SLAPI_STR2ENTRY_INCLUDE_VERSI ON_STR

Returns entries that have a "version: 1" line as part of the LDIF representation.

SLAPI_STR2ENTRY_NOT_WELL_FORM ED_LDIF

Informs slapi_str2entry() that the LDIF input is not well formed. Well formed LDIF input has no duplicate attribute values, already has the RDN as an attribute of the entry, and has all values for a given attribute type listed contiguously.

SLAPI_STR2ENTRY_REMOVEDUPVALS

Removes duplicate values.

SLAPI_STR2ENTRY_TOMBSTONE_CHE CK

Checks to see if the entry is a tombstone; if so, sets the tombstone flag.

Parameters for the Add Function

The following table lists the parameters in the parameter block passed to the database add function. If you are writing a pre-operation, database, or post-operation add function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_ADD_TARGET

char *

DN of the entry to be added.

SLAPI_ADD_ENTRY

Slapi_Entry *

The entry to be added (specified as the opaque Slapi_Entry datatype).

SLAPI_ADD_EXISTING_DN_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication update resolution procedure code. If adding an entry that already exists, this is the entry which has the same DN.

SLAPI_ADD_PARENT_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication update resolution procedure code. This is the parent entry of the entry to add.

SLAPI_ADD_PARENT_UNIQUEID

char *

Internal only — used by the multimaster replication update resolution procedure code. This is the unique ID of the parent entry of the entry to add.

SLAPI_ADD_EXISTING_UNIQUEID_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication resolution procedure code. If adding an entry that already exists, this is the entry which has the same unique ID.

See Processing an LDAP Add Operation for more information on these parameters.

Parameters for the Compare Function

The following table lists the parameters in the parameter block passed to the database compare function. If you are writing a pre-operation, database, or post-operation compare function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_COMPARE_TARGET

char *

DN of the entry to be compared.

SLAPI_COMPARE_TYPE

char *

Attribute type to use in the comparison.

SLAPI_COMPARE_VALUE

struct berval *

Attribute value to use in the comparison

See Processing an LDAP Compare Operation for more information on these parameters.

Parameters for the Delete Function

The following table lists the parameters in the parameter block passed to the database delete function. If you are writing a pre-operation, database, or post-operation delete function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_DELETE_TARGET

char *

DN of the entry to delete.

SLAPI_DELETE_EXISTING_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication resolution procedure code.

See Processing an LDAP Delete Operation for more information on these parameters.

Parameters for the Modify Function

The following table lists the parameters in the parameter block passed to the database modify function. If you are writing a pre-operation, database, or post-operation modify function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_MODIFY_TARGET

char *

DN of the entry to be modified.

SLAPI_MODIFY_MODS

LDAPMod **

A NULL-terminated array of LDAPMod structures, which represent the modifications to be performed on the entry.

SLAPI_MODIFY_EXISTING_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication update resolution procedure code.

See Processing an LDAP Modify Operation for more information on these parameters.

Parameters for the Modify RDN Function

The following table lists the parameters in the parameter block passed to the database modify RDN function. If you are writing a pre-operation, database, or post-operation modify RDN function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_MODRDN_TARGET

char *

DN of the entry that you want to rename.

SLAPI_MODRDN_NEWRDN

char *

New RDN to assign to the entry.

SLAPI_MODRDN_DELOLDRDN

int

Specifies whether or not you want to deleted the old RDN. (0 means do not delete the old RDN; 1 means delete the old RDN)

SLAPI_MODRDN_NEWSUPERIOR

char *

DN of the new parent of the entry, if the entry is being moved to a new location in the directory tree.

SLAPI_MODRDN_EXISING_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication update resolution code. If the destination RDN of the modrdn already exists, this is that entry.

SLAPI_MODRDN_PARENT_ENTRY

Slapi_Entry *

Internal use only — used by the multimaster replication update resolution procedure code. This is the parent entry.

SLAPI_MODRDN_NEWPARENT_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication update resolution procedure code. This is the new parent entry.

SLAPI_MODRDN_TARGET_ENTRY

Slapi_Entry *

Internal only — used by the multimaster replication update resolution procedure code.

SLAPI_MODRDN_NEWSUPERIOR_ADDRESS

void *

Internal only — used by the multimaster replication update resolution procedure code.

See Processing an LDAP Modify RDN Operation for more information on these parameters.

Parameters for the Abandon Function

The following table lists the parameters in the parameter block passed to the database abandon function. If you are writing a pre-operation, database, or post-operation abandon function, you can get these values by calling the slapi_pblock_get() function.

Parameter ID

Data Type

Description

SLAPI_ABANDON_MSGID

unsigned long

Message ID of the operation to abandon.

See Processing an LDAP Abandon Operation for more information on these parameters.

Parameters for the Matching Rule Function

The following table lists the parameters in the parameter block passed to the database matching rule function.

Parameter ID

Data Type

Description

SLAPI_PLUGIN_MR_OID

char *

Matching rule OID (if any) specified in the extensible match filter.

SLAPI_PLUGIN_MR_TYPE

char *

Attribute type (if any) specified in the extensible match filter.

SLAPI_PLUGIN_MR_VALUE

struct berval *

Value specified in the extensible match filter.

SLAPI_PLUGIN_MR_VALUES

struct berval ** values

Pointer to an array of berval structures containing the values of the entry's attributes that need to be indexed.

SLAPI_PLUGIN_MR_KEYS

struct berval **

Keys generated for the values specified in the SLAPI_PLUGIN_MR_VALUES parameter. The server creates indexes using these keys.

SLAPI_PLUGIN_MR_FILTER_REUSABLE

unsigned int *

Matching rule filter that is reusable.

SLAPI_PLUGIN_MR_QUERY_OPERATOR

int *

Query operator used by the server to determine how to compare the keys generated from SLAPI_PLUGIN_MR_VALUES and SLAPI_PLUGIN_MR_INDEX_FN against keys in the index.

SLAPI_PLUGIN_MR_USAGE

unsigned int *

Specifies the intended use of the indexer object. This parameter can have one of the following values:

SLAPI_PLUGIN_MR_USAGE_INDEX specifies that the indexer object should be used to index entries.

SLAPI_PLUGIN_MR_USAGE_SORTspecifies that the indexer object should be used to sort entries.

You can use this to specify different information in the indexer object or different indexer functions, based on whether the plug-in is used for indexing or sorting.

The following extended filter argument parameters are used with LDAPv3 only:

SLAPI_MR_FILTER_ENTRY

SLAPI_MR_FILTER_TYPE

SLAPI_MR_FILTER_VALUE

SLAPI_MR_FILTER_OID

SLAPI_MR_FILTER_DNATTRS

The following function sets all three parameters:

slapi_search_internal_pb()

Query Operators in Extensible Match Filters

The server checks the value of the SLAPI_PLUGIN_MR_QUERY_OPERATOR parameter to determine which operator is specified. The following parameters are defined values for the SLAPI_PLUGIN_MR_QUERY_OPERATOR:

Parameter ID

Description

SLAPI_OP_LESS

Less than (<) operator.

SLAPI_OP_LESS_OR_EQUAL

Less than or equal to (<=) operator.

SLAPI_OP_EQUAL

Equal to (=) operator.

SLAPI_OP_GREATER_OR_EQUAL

Greater than or equal to (>=) operator.

SLAPI_OP_GREATER

Greater than (>) operator.

SLAPI_OP_SUBSTRING

Allows an operation to use a wildcard (*) in a search filter. When used in a table it can be stated as cn=a* or cn=*a or cn = *a*.

Parameters for LDBM Backend Pre- and Post-Operation Functions

The section describes the parameters that are used with the LDBM Backend plug-in functions:

Pre-Operation Plug-Ins

Post-Operation Plug-Ins

These functions are called by the LDBM Backend, for example, the SLAPI_PLUGIN_BE_PRE_DELETE_FN is called by the LDBM Backend before a delete operation is carried out but after the all of the more general SLAPI_PLUGIN_PRE_DELETE_FN functions have been called.

Pre-Operation Plug-Ins

The parameters listed in this section are used with pre-operation database plug-in functions.

Parameter ID

Description

SLAPI_PLUGIN_BE_PRE_ADD_FN

This function is called before a database add operation is completed.

SLAPI_PLUGIN_BE_PRE_DELETE_FN

This function is called before a database delete operation is completed.

SLAPI_PLUGIN_BE_PRE_MODIFY_FN

This function is called before a database modify operation is completed.

SLAPI_PLUGIN_BE_PRE_MODRDN_FN

This function is called before a database modify RDN operation is completed.

Post-Operation Plug-Ins

The parameters listed in this section are used with post-operation database plug-in functions.

Parameter ID

Description

SLAPI_PLUGIN_BE_POST_ADD_FN

This function is called after a database add operation is completed.

SLAPI_PLUGIN_BE_POST_DELETE_FN

This function is called after a database delete operation is completed.

SLAPI_PLUGIN_BE_POST_MODIFY_FN

This function is called after a database modify operation is completed.

SLAPI_PLUGIN_BE_POST_MODRDN_FN

This function is called after a database modify RDN operation is completed.

Parameters for the Database

The parameters listed in this section can be used to get and set information about the database itself, database connections, and database operations.

Information About the Database

Information About Operations

Information About Backend State Change

Information About the Database

The following parameters can be used as the second argument to the slapi_pblock_get() and slapi_pblock_set() functions to get and set information about the database.

Parameter ID

Data Type

Description

SLAPI_BACKEND

Slapi_Backend *

A pointer to the backend database that is handling the operation.

SLAPI_BE_LASTMOD

int *

A value that indicates whether the backend database is tracking modifiersName and modifyTimeStamp (true if the value is not zero).

SLAPI_BE_READONLY

int *

A value that indicates whether the backend database is accepting updates (not accepting updates if the value is not zero).

SLAPI_BE_TYPE

char *

The database type name, for example, ldbm database.

SLAPI_REQUESTOR_ISROOT

int *

Indicates the requestor is root.

Information About Operations

The following parameters can be used as the second argument to the slapi_pblock_get() and slapi_pblock_set() functions to get and set information about operations.

Parameter ID

Data Type

Description

SLAPI_OPERATION_AUTHTYPE

char *

The authorization type for the operation.

SLAPI_OPERATION_ID

int

The operation ID.

SLAPI_OPERATION_TYPE

int

The operation type; the type is one of the SLAPI_OPERATION_xxx values.

SLAPI_OPINITIATED_TIME

time_t

The time in seconds since 00:00:00 UTC, January 1, 1970 when the Directory Server started processing the operation.


Note	With the exception of the parameters for matching rule plug-in functions, you do not need to get the value of any of these parameters.


Note	Database plug-ins are not supported in Directory Server version 6.x. Please use the pre-operation, post-operation, and/or extended operation API to register plug-in functions.

Parameter ID	Description
`SLAPI_PLUGIN_PRE_BIND_FN`	This function is called before an LDAP bind operation is completed.
`SLAPI_PLUGIN_PRE_UNBIND_FN`	This function is called before an LDAP unbind operation is completed.
`SLAPI_PLUGIN_PRE_SEARCH_FN`	This function is called before an LDAP search operation is completed.
`SLAPI_PLUGIN_PRE_COMPARE_FN`	This function is called before an LDAP compare operation is completed.
`SLAPI_PLUGIN_PRE_MODIFY_FN`	This function is called before an LDAP modify operation is completed.
`SLAPI_PLUGIN_PRE_MODRDN_FN`	This function is called before an LDAP modify RDN operation is completed.
`SLAPI_PLUGIN_PRE_ADD_FN`	This function is called before an LDAP add operation is completed.
`SLAPI_PLUGIN_PRE_DELETE_FN`	This function is called before an LDAP delete operation is completed.
`SLAPI_PLUGIN_PRE_ENTRY_FN`	This function is called before an entry is sent back to the client.
`SLAPI_PLUGIN_PRE_REFERRAL_FN`	This function is called before a set of referrals is sent back to the client.
`SLAPI_PLUGIN_PRE_RESULT_FN`	This function is called before a set of search results is sent back to the client.
`SLAPI_PLUGIN_START_FN`	This function is called after the server starts up. You can specify a start function for each pre-operation plug-in.
`SLAPI_PLUGIN_CLOSE_FN`	This function is called before the server shuts down. You can specify a close function for each pre-operation plug-in.
`SLAPI_PLUGIN_DESTROY_FN`	Function for freeing a filter function or indexer function.
`SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN`	This function is called before an internal LDAP add operation is completed.
`SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN`	This function is called before an internal LDAP delete operation is completed.
`SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN`	This function is called before an internal LDAP modify operation is completed.
`SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN`	This function is called before an internal LDAP modify RDN operation is completed.

Parameter ID	Description
`SLAPI_PLUGIN_POST_BIND_FN`	This function is called after an LDAP bind operation is completed.
`SLAPI_PLUGIN_POST_UNBIND_FN`	This function is called after an LDAP unbind operation is completed.
`SLAPI_PLUGIN_POST_SEARCH_FN`	This function is called after an LDAP search operation is completed.
`SLAPI_PLUGIN_POST_COMPARE_FN`	This function is called after an LDAP compare operation is completed.
`SLAPI_PLUGIN_POST_MODIFY_FN`	This function is called after an LDAP modify operation is completed.
`SLAPI_PLUGIN_POST_MODRDN_FN`	This function is called after an LDAP modify RDN operation is completed.
`SLAPI_PLUGIN_POST_ADD_FN`	This function is called after an LDAP add operation is completed.
`SLAPI_PLUGIN_POST_DELETE_FN`	This function is called after an LDAP delete operation is completed.
`SLAPI_PLUGIN_POST_ABANDON_FN`	This function is called after an LDAP abandon operation is completed.
`SLAPI_PLUGIN_POST_ENTRY_FN`	This function is called after an entry is sent back to the client.
`SLAPI_PLUGIN_POST_REFERRAL_FN`	This function is called after a set of referrals is sent back to the client.
`SLAPI_PLUGIN_POST_RESULT_FN`	This function is called after a set of search results is sent back to the client.
`SLAPI_PLUGIN_START_FN`	This function is called after the server starts up. You can specify a start function for each post-operation plug-in.
`SLAPI_PLUGIN_INTERNAL_POST_ADD_FN`	This function is called after an internal LDAP add operation is completed.
`SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN`	This function is called after an internal LDAP delete operation is completed.
`SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN`	This function is called after an internal LDAP modify operation is completed.
`SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN`	This function is called after an internal LDAP modify RDN operation is completed.

Parameter ID	Description
`SLAPI_PLUGIN_MR_FILTER_CREATE_FN`	This is a factory function for creating filter functions. This function must be thread-safe, since the server may call it concurrently with other functions.
`SLAPI_PLUGIN_MR_INDEXER_CREATE_FN`	This is a factory function for creating indexer functions. This function must be thread-safe, since the server may call it concurrently with other functions.
`SLAPI_PLUGIN_MR_FILTER_MATCH_FN`	This functions uses the ID to set and get a filter function.
`SLAPI_PLUGIN_MR_FILTER_INDEX_FN`	This is a filter function that uses an index to accelerate the processing of a search request.
`SLAPI_PLUGIN_MR_FILTER_RESET_FN`	This function resets the filter function.
`SLAPI_PLUGIN_MR_INDEX_FN`	This function used the ID to get and set the index function.


Note	The Directory Server caches recently added and retrieved entries in memory. The entry fetch plug-in function is called only when reading the entry from the disk, and not when reading the entry from the cache.

Parameter ID	Description
`SLAPI_PLUGIN_ENTRY_FETCH_FUNC`	This function fetches information that represents an LDAP entry.
`SLAPI_PLUGIN_ENTRY_STORE_FUNC`	This function stores information about an entry that was fetched by the `SLAPI_PLUGIN_ENTRY_FETCH_FUNC` function.

Parameter ID	Data Type	Description
`SLAPI_BACKEND`	`Slapi_Backend *`	The database back-end servicing this operation. The value may be NULL if there is currently no back-end associated with the operation.
`SLAPI_BE_MONITORDN`	`char *`	(Directory Server 3.x releases only) DN used to monitor the back-end database. Note that this is no longer supported in the Directory Server 6.1 or higher release.
`SLAPI_BE_TYPE`	`char *`	Type of back-end database (this is the type specified by the `nsslapd`-`database` directive in the server configuration file).
`SLAPI_BE_READONLY`	`int`	Specifies whether or not the back-end database is read-only (this is determined by the `nsslapd`-`readonly` directive in the server configuration file). 1 means that the database back-end is read-only. 0 means that the database back-end is writable.
`SLAPI_DBSIZE`	`int`	Specifies the size of the back-end database.
SLAPI_BE_LASTMOD	int	If 0 (false), the database does not keep track of the last modification time and who modified it. If non-zero (true), the database does keep track. The default is true.
`SLAPI_BE_FLAG_REMOTE_DATA`	`int`	Flag that indicates the entries held by the back-end are remote.
`SLAPI_BE_ALL_BACKENDS`	`int`	Special value that is returned by a distribution plug-in function to indicate that all back-ends should be searched. Used only for search operations.
`SLAPI_BE_MAXNESTLEVEL`	`int *`	Indicates the maximum number of nesting levels allowed within groups for access control evaluation.
`SLAPI_CLIENT_DNS`	`struct berval **`	Contains a list of client IP addresses that are registered in DNS. Used to determine the authorization type.
`SLAPI_FAIL_DISKFULL`	`int`	Return code for a back-end API call that indicates the disk is full and the operation has failed.
`SLAPI_FAIL_GENERAL`	`int`	Return code for a backend API call that indicates that the operation has failed due to some cause other than disk full.

Parameter ID	Data Type	Description
`SLAPI_CONN_CERT`	`CERTCertificate *` Note: This is an NSS database. See `http://mozilla.org/projects/security/pki/nss/`	The client certificate associated with the connection (may be absent).
`SLAPI_CONN_IS_REPLICATION_ SESSION`	`char *`	Indicates the current connection is a replication session.
`SLAPI_CONN_IS_SSL_ CONNECTION`	`char *`	Indicates the current connection is through SSL.
`SLAPI_CONNECTION`	`Slapi_Connection *`	Information about the current client connection.
`SLAPI_CONN_ID`	`int *`	ID identifying the current connection.
`SLAPI_CONN_DN`	`char *`	DN of the user authenticated on the current connection. If you call `slapi_pblock_get()` to get this DN, you should call `slapi_ch_free_string()` to free the resulting DN when done.
`SLAPI_CONN_AUTHMETHOD`	`char *`	Method used to authenticate the current user. If you call `slapi_pblock_get()` to get this value, you should call `slapi_ch_free_string()` to free the resulting value when done. This parameter can have one of the following values: `SLAPD_AUTH_NONE` specifies that no authentication mechanism was used (for example, in cases of anonymous authentication). `SLAPD_AUTH_SIMPLE` specifies that simple authentication (user name and password) was used to authenticate the current user. `SLAPD_AUTH_SSL` specifies that SSL (certificate-based authentication) was used to authenticate the current user. `SLAPD_AUTH_SASL` specifies that a SASL (simple authentication and security layer) mechanism was used to authenticate the current user.
`SLAPI_CONN_AUTHTYPE`	`char *`	This parameter has been deprecated for the 6.1 or higher release. Use `SLAPI_CONN_AUTHMETHOD` instead.
`SLAPI_CONN_CLIENTIP`	`struct in_addr`	IP address of the client requesting the operation. This parameter has been replaced by `SLAPI_CONN_CLIENTNETADDR`, but is provided here for backward compatibility.
`SLAPI_CONN_SERVERIP`	`struct in_addr`	IP address that the client is connecting to. You might want to use this parameter if, for example, your server accepts connections on multiple IP addresses.This parameter has been replaced by `SLAPI_CONN_SERVERADDR`, but is provided here for backward compatibility
`SLAPI_CONN_CLIENTNETADDR*`	`PRNetAddr`	IP address of the client requesting the operation.
`SLAPI_CONN_SERVERNETADDR*`	`PRNetAddr`	IP address that the client is connecting to. You might want to use this parameter if, for example, your server accepts connections on multiple IP addresses.

Parameter ID	Data Type	Description
`SLAPI_OPERATION`	`Slapi_Operation *`	Information about the operation currently in progress.
`SLAPI_OPINITIATED_TIME`	`time_t`	Time when the server began processing the operation.
`SLAPI_REQUESTOR_ISROOT`	`int`	Specifies whether or not the user requesting the operation is the "root DN". 1 means that the "root DN" is requesting the operation. 0 means that the user requesting the operation is not the "root DN." The "root DN" is the "superuser" of the directory. This DN is specified by the `nsslapd-rootdn` attribute in the `cn=config entry` in the server configuration file.
`SLAPI_REQUESTOR_ISUPDATEDN`	`int`	Deprecated.
`SLAPI_REQUESTOR_DN`	`char *`	Specifies the DN of the user requesting the operation.
`SLAPI_TARGET_DN`	`char *`	Specifies the DN to which the operation applies (for example, the DN of the entry being added or removed).
`SLAPI_REQCONTROLS`	`LDAPControl **`	Array of the controls specified in the request.
`SLAPI_CONTROLS_ARG`	`LDAPControl **`	Allows control arguments to be passed before an operation object is created.

Parameter ID	Data Type	Description
`SLAPI_EXT_OP_REQ_OID`	`char *`	Object ID (OID) of the extended operation specified in the request.
`SLAPI_EXT_OP_REQ_VALUE`	`struct berval*`	Value specified in the request.
`SLAPI_EXT_OP_RET_OID`	`char *`	Object ID (OID) that you want sent back to the client.
`SLAPI_EXT_OP_RET_VALUE`	`struct berval*`	Return value that you want sent back to the client.

Parameter ID	Data Type	Description
`SLAPI_PARENT_TXN`	void *	Parent transaction.
`SLAPI_TXN`	void *	ID for current transaction.

Parameter ID	Data Type	Description
`SLAPI_PLUGIN_ACL_ALLOW_ACCESS`	`int`	Flag sent to the ACL plug-in when it is called that indicates that ACL access is allowed.
`SLAPI_PLUGIN_ACL_INIT`	`int`	Flag that is set when ACL plug-ins are initialized that allows the use of ACL plugin access functions.
`SLAPI_PLUGIN_ACL_MODS_ALLOWED`	`int`	Flag that indicates if the modifications that were made are allowed.
`SLAPI_PLUGIN_ACL_MODS_UPDATE`	`int`	Flag that indicates you can modify (remove, ad, or change) the access control items (ACIs).
`SLAPI_PLUGIN_ACL_SYNTAX_CHECK`	`int`	Flag that verifies the ACI being added for the entry has a valid syntax.

Parameter ID	Data Type	Description
`SLAPI_PLUGIN`	`void *`	Pointer to the internal server representation of this plug-in.
`SLAPI_PLUGIN_PRIVATE`	`void *`	Private data that you want passed to your plug-in functions.
`SLAPI_PLUGIN_TYPE`	`int`	Specifies the type of plug-in function (see Types of Plug-Ins)
`SLAPI_PLUGIN_ARGV`	`char **`	NULL-terminated array of command-line arguments specified for the `plugin` directive in the server configuration file.
`SLAPI_PLUGIN_ARGC`	`int`	Number of command-line arguments specified for the `plugin` directive in the server configuration file.
`SLAPI_PLUGIN_VERSION`	`char *`	Specifies the version of the plug-in function (see Version Information).
`SLAPI_PLUGIN_OPRETURN`	`int`	Specifies the return value of the LDAP operation that has just been processed.
`SLAPI_PLUGIN_OBJECT`	`void *`	Reserved for internal use only — used with filter processing.
`SLAPI_PLUGIN_DESTROY_FN`	`void *`	Reserved for internal use only — used with filter processing.
`SLAPI_PLUGIN_DESCRIPTION`	`char *`	Provides a description of this plug-in function.
`SLAPI_PLUGIN_IDENTITY`	`char *`	Identifies this plug-in function.

Defined Constant	Description
`SLAPI_PLUGIN_DATABASE`	Deprecated.
`SLAPI_PLUGIN_EXTENDEDOP`	Extended operation plug-in.
`SLAPI_PLUGIN_PREOPERATION`	Pre-operation/data validation plug-in.
`SLAPI_PLUGIN_POSTOPERATION`	Post-operation/data notification plug-in.
`SLAPI_PLUGIN_MATCHINGRULE`	Matching rule plug-in.
`SLAPI_PLUGIN_SYNTAX`	Syntax plug-in.
`SLAPI_PLUGIN_ACL`	Access control plug-in.
`SLAPI_PLUG_BEPREOPERATION`	Database pre-operation plug-in.
`SLAPI_PLUGIN_BEPOSTOPERATION`	Database post-operation plug-in.
`SLAPI_PLUGIN_PWD_STORAGE_SCHEME`	Password storage scheme plug-in.
`SLAPI_PLUGIN_REVER_PWD_STORAGE_ SCHEME`	Reverse password storage scheme plug-in.
`SLAPI_PLUGIN_VATTR_SP`	Virtual attribute service provider plug-in.
`SLAPI_PLUGIN_INDEX`	Indexing plug-in.
`SLAPI_PLUGIN_TYPE_OBJECT`	Object type plug-in.
`SLAPI_PLUGIN_LDBM_ENTRY_FETCH_ STORE`	Plug-in that fetches and stores an entry from the default back-end database (ldbm).

Defined Constant	Description
`SLAPI_PLUGIN_CURRENT_VERSION`	The current version of the Directory Server plug-in.
`SLAPI_PLUGIN_VERSION_01`	Version 1 of the plug-in interface, which is supported by the Directory Server 3.x and subsequent releases (including 4.0).
`SLAPI_PLUGIN_VERSION_02`	Version 2 of the plug-in interface, which is supported by the Directory Server 4.x release but not by previous releases.
`SLAPI_PLUGIN_VERSION_03`	Version 3 of the plug-in interface, which is supported by the Directory Server 6.1 release, but not by previous releases.

Parameter ID	Data Type	Description
`SLAPI_ARGC`	`int`	Determines the number of command-line arguments the the Directory Server was invoked with.
`SLAPI_ARGV`	`char **`	Pointer to an array of character strings that contain the command-line arguments, one per string, that the Directory Server was invoked with.

Parameter ID	Data Type	Description
`SLAPI_ATTR_NSCP_ENTRYDN`	`int`	The `nscpEntryDN` attribute value.
`SLAPI_ATTR_OBJECTCLASS`	`int`	The `objectclass` attribute value.
`SLAPI_ATTR_UNIQUEID`	`int`	The `nsuniqueid` (unique ID) attribute value.
`SLAPI_ATTR_VALUE_PARENT_UNIQUEID`	`int`	The `nsParentUniqueID` attribute value.
`SLAPI_ATTR_VALUE_TOMBSTONE`	`int`	The `nsTombstone` attribute value.

Parameter ID	Description
`SLAPI_ATTR_FLAG_COLLECTIVE`	Flag that indicates the optional collective marker has been set (not supported).
`SLAPI_ATTR_FLAG_NOUSERMOD`	Flag that indicates this attribute cannot be modified by a user over LDAP.
`SLAPI_ATTR_FLAG_OBSOLETE`	Flag that indicates this attribute is obsolete.
`SLAPI_ATTR_FLAG_OPATTR`	Flag that determines if the attribute is an operational attribute.
`SLAPI_ATTR_FLAG_READONLY`	Flag that determines if the attribute is read-only.
`SLAPI_ATTR_FLAG_SINGLE`	Flag that determines if the attribute is single-valued.
`SLAPI_ATTR_FLAG_STD_ATTR`	Flag that indicates that this is a standard, non-user-defined attribute that is not listed in the user defined schema file, which is typically the schema file named `99user.ldif`. Standard attribute types can't be deleted by modifying the subschema subentry (`cn=schema`) over LDAP.

Parameter ID	Description
`SLAPI_TYPE_CMP_BASE`	Ignores the options on both names and compares the base names only.
`SLAPI_TYPE_CMP_EXACT`	Compares the base name plus options as specified.
`SLAPI_TYPE_CMP_SUBTYPE`	Ignores the options on the second name that are not in the first name.

Parameter ID	Data Type	Description
`SLAPI_TARGET_ADDRESS`	`void *`	Indicates the target address (DN + `uniqueid`) should be normalized.
`SLAPI_TARGET_DN`	`char *`	Indicates the target DN of the operation, which is normalized.
`SLAPI_TARGET_UNIQUEID`	`char *`	Indicates the target `uniqueid` should be normalized.

Parameter ID	Data Type	Description
`SLAPI_BIND_TARGET`	`char *`	DN of the entry to bind to.
`SLAPI_BIND_METHOD`	`int`	Authentication method used (for example, `LDAP_AUTH_SIMPLE` or `LDAP_AUTH_SASL`).
`SLAPI_BIND_CREDENTIALS`	`struct berval *`	Credentials from the bind request.
`SLAPI_BIND_RET_SASLCREDS`	`struct berval *`	Simple Authentication and Security Layer (SASL) credentials that you want to send back to the client. (Set this before calling `slapi_send_ldap_result()`.)
`SLAPI_BIND_SASLMECHANISM`	`char *`	Simple Authentication and Security Layer (SASL) mechanism that is used (for example, `LDAP_SASL_EXTERNAL`).

Parameter ID	Data Type	Description
`SLAPI_SEARCH_TARGET`	`char *`	DN of the base entry in the search operation (the starting point of the search).
`SLAPI_SEARCH_SCOPE`	`int`	The scope of the search. The scope can be one of the following values: `LDAP_SCOPE_BASE` `LDAP_SCOPE_ONELEVEL` `LDAP_SCOPE_SUBTREE`
`SLAPI_SEARCH_DEREF`	`int`	Method for handling aliases in a search. This method can be one of the following values: `LDAP_DEREF_NEVER` `LDAP_DEREF_SEARCHING` `LDAP_DEREF_FINDING` `LDAP_DEREF_ALWAYS`
`SLAPI_SEARCH_SIZELIMIT`	`int`	Maximum number of entries to return in the search results.
`SLAPI_SEARCH_TIMELIMIT`	`int`	Maximum amount of time (in seconds) allowed for the search operation.
`SLAPI_SEARCH_FILTER`	`Slapi_Filter *`	`Slapi_Filter` struct (an opaque data structure) representing the filter to be used in the search.
`SLAPI_SEARCH_STRFILTER`	`char *`	String representation of the filter to be used in the search.
`SLAPI_SEARCH_ATTRS`	`char **`	Array of attribute types to be returned in the search results.
`SLAPI_SEARCH_ATTRSONLY`	`int`	Specifies whether the search results return attribute types only or attribute types and values. (0 means return both attributes and values; 1 means return attribute types only).

Parameter ID	Data Type	Description
`SLAPI_SEARCH_RESULT_SET`	`void *`	Set of search results.
`SLAPI_SEARCH_RESULT_ENTRY`	`void *`	Entry returned from iterating through the results set.
`SLAPI_SEARCH_RESULT_ENTRY_EXT`	`void *`	Reserved for future use.
`SLAPI_NENTRIES`	`int`	Number of search results found.
`SLAPI_SEARCH_REFERRALS`	`struct berval **`	Array of the URLs to other LDAP servers that the current server is referring the client to.

Parameter ID	Data Type	Description
SLAPI_RESULT_CODE	`int *`	Result code that was encountered during the search; this corresponds to the `resultCode` field within an `LDAPResult` message.
SLAPI_RESULT_MATCHED	`char *`	The portion of the target DN that was matched; this corresponds to the `matchedDN` field within an `LDAPResult` message.
SLAPI_RESULT_TEXT	`char *`	The textual error message; this corresponds to the `errorMessage` field within an `LDAPResult` message.
SLAPI_PB_RESULT_TEXT	`char *`	A textual error message passed from internal subsystems to a plug-in. Currently used by the `slapi_entry_schema_check()` function to provide extra explantory information when it returns a non-zero value (that is, when the schema check fails).

Parameter ID	Description
SLAPI_STR2ENTRY_ADDRDNVALS	In the conversion from strings to entries, adds the RDN value as an attribute if it is not present.
SLAPI_STR2ENTRY_BIGENTRY	Provides a hint that the entry is large; this enables some optimizations related to large entries.
SLAPI_STR2ENTRY_EXPAND_OBJECT CLASSES	Adds any missing ancestor values based on the object class hierarchy.
SLAPI_STR2ENTRY_IGNORE_STATE	Ignores entry state information if present.
SLAPI_STR2ENTRY_INCLUDE_VERSI ON_STR	Returns entries that have a "version: 1" line as part of the LDIF representation.
SLAPI_STR2ENTRY_NOT_WELL_FORM ED_LDIF	Informs `slapi_str2entry()` that the LDIF input is not well formed. Well formed LDIF input has no duplicate attribute values, already has the RDN as an attribute of the entry, and has all values for a given attribute type listed contiguously.
SLAPI_STR2ENTRY_REMOVEDUPVALS	Removes duplicate values.
SLAPI_STR2ENTRY_TOMBSTONE_CHE CK	Checks to see if the entry is a tombstone; if so, sets the tombstone flag.

Parameter ID	Data Type	Description
`SLAPI_ADD_TARGET`	`char *`	DN of the entry to be added.
`SLAPI_ADD_ENTRY`	`Slapi_Entry *`	The entry to be added (specified as the opaque `Slapi_Entry` datatype).
`SLAPI_ADD_EXISTING_DN_ENTRY`	`Slapi_Entry *`	Internal only — used by the multimaster replication update resolution procedure code. If adding an entry that already exists, this is the entry which has the same DN.
`SLAPI_ADD_PARENT_ENTRY`	`Slapi_Entry *`	Internal only — used by the multimaster replication update resolution procedure code. This is the parent entry of the entry to add.
`SLAPI_ADD_PARENT_UNIQUEID`	`char *`	Internal only — used by the multimaster replication update resolution procedure code. This is the unique ID of the parent entry of the entry to add.
`SLAPI_ADD_EXISTING_UNIQUEID_ENTRY`	`Slapi_Entry *`	Internal only — used by the multimaster replication resolution procedure code. If adding an entry that already exists, this is the entry which has the same unique ID.

Parameter ID	Data Type	Description
`SLAPI_COMPARE_TARGET`	`char *`	DN of the entry to be compared.
`SLAPI_COMPARE_TYPE`	`char *`	Attribute type to use in the comparison.
`SLAPI_COMPARE_VALUE`	`struct berval *`	Attribute value to use in the comparison

Parameter ID	Data Type	Description
`SLAPI_DELETE_TARGET`	`char *`	DN of the entry to delete.
`SLAPI_DELETE_EXISTING_ENTRY`	`Slapi_Entry *`	Internal only — used by the multimaster replication resolution procedure code.

Parameter ID	Data Type	Description
`SLAPI_MODIFY_TARGET`	`char *`	DN of the entry to be modified.
`SLAPI_MODIFY_MODS`	`LDAPMod **`	A NULL-terminated array of `LDAPMod` structures, which represent the modifications to be performed on the entry.
`SLAPI_MODIFY_EXISTING_ENTRY`	`Slapi_Entry *`	Internal only — used by the multimaster replication update resolution procedure code.