Show Table of Contents
1.3. Types of Directory Server Plug-ins
Several types of plug-ins can be written for Directory Server:
- Pre-operation/data validationThe server calls a pre-operation/data validation plug-in function before performing an LDAP operation.The main purpose of this type of plug-in is to validate data before the data is added to the directory or before it is used in an operation. For example, a bind pre-operation plug-in can be used to validate authentication or even to provide alternate authentication mechanisms, if passwords are stored in an external database.
- Post-operation/data notificationThe server calls a post-operation/data notification plug-in function after performing an LDAP operation.The main purpose of this type of plug-in is to invoke a function after a particular operation is executed. For example, you can write a plug-in that sends email to users if their entries are modified.The post-operation plug-ins are called after an operation completes and returns the results for both success and failure. The returned result code can be pulled from the previous operation using the
SLAPI_RESULT_CODEpblock parameter. For example:int return_code; if (slapi_pblock_get(pb, SLAPI_RESULT_CODE, &return_code) != 0) { // something went wrong } - Entry storage and entry fetchThe server calls an entry storage plug-in function immediately before writing data to the database backend. The server calls entry fetch plug-in functions after retrieving an entry from the database backend.For example, you can create an entry storage plug-in that encrypts an entry before it is saved to the database and an entry fetch plug-in that decrypts an entry after it is read from the database.
- Extended operationThe server calls an extended operation plug-in function when the client requests an operation by OID. Extended operations are defined in LDAP v3 and are described in more detail in Chapter 10, Writing Extended Operation Plug-ins.
- SyntaxThe server calls a syntax plug-in function when getting a list of possible candidates for a search. The server also calls these functions when adding or deleting values from certain attribute indexes.Syntax plug-in functions can define the comparison operations used in searches. For example, you could use a syntax plug-in function to define how the “equals” comparison works for case-insensitive strings.
- Matching ruleThe server calls matching rule plug-in functions when the client sends a search request with an extensible matching search filter. You can also write matching rule plug-in functions that the server calls when indexing attributes for the backend database.
The following diagram illustrates how some of these different plug-in types fit into the Directory Server architecture.
Figure 1.2. Architecture of the Directory Server and Server Plug-ins
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.