このバックエンドは主にプロトタイプで利用するように意図しています。
これらのオプションは与えられた LDAP 操作への応答で実行するプログラムのパス名と引数を指定します。 以下にあげる各オプションの後にはプログラムが 受け取る入力行が何かを示しています。
ADD
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
<entry in LDIF format>
BIND
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
dn: <DN>
method: <method number>
credlen: <length of <credentials>>
cred: <credentials>
COMPARE
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
dn: <DN>
<attribute>: <value>
DELETE
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
dn: <DN>
MODIFY
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
#dn: <DN>
<repeat {
<"add"/"delete"/"replace">: <attribute>
<repeat { <attribute>: <value> }>
-
}>
MODRDN
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
dn: <DN>
newrdn: <new RDN>
deleteoldrdn: <0 or 1>
<if new superior is specified: "newSuperior: <DN>">
SEARCH
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
base: <base DN>
scope: <0-2, see ldap.h>
deref: <0-3, see ldap.h>
sizelimit: <size limit>
timelimit: <time limit>
filter: <filter>
attrsonly: <0 or 1>
attrs: <"all" or space-separated attribute list>
UNBIND
msgid: <message id>
<repeat { "suffix:" <database suffix DN> }>
dn: <bound DN>
バックエンドに処理してほしいコマンドを設定行に指定するだけです。 コマンドの指定されていない操作を行うと "unwilling to perform" エラー となって拒絶されます。
コマンド(unbind を除く)は以下を出力すべきです。
RESULT code: <integer> matched: <matched DN> info: <text>
The add operation does not require write (=w) access to the children pseudo-attribute of the parent entry.
The bind operation requires auth (=x) access to the entry pseudo-attribute of the entry whose identity is being assessed; auth (=x) access to the credentials is not checked, but rather delegated to the underlying shell script.
The compare operation requires read (=r) access (FIXME: wouldn't compare (=c) be a more appropriate choice?) to the entry pseudo-attribute of the object whose value is being asserted; compare (=c) access to the attribute whose value is being asserted is not checked.
The delete operation does not require write (=w) access to the children pseudo-attribute of the parent entry.
The modify operation requires write (=w) access to the entry pseudo-attribute; write (=w) access to the specific attributes that are modified is not checked.
The modrdn operation does not require write (=w) access to the children pseudo-attribute of the parent entry, nor to that of the new parent, if different; write (=w) access to the distinguished values of the naming attributes is not checked.
The search operation does not require search (=s) access to the entry pseudo_attribute of the searchBase; search (=s) access to the attributes and values used in the filter is not checked.