Chapter 6. Writing Pre- and Post-operation Plug-ins

This chapter explains how to write functions that the Red Hat Directory Server (Directory Server) calls before and after executing an LDAP operation. These functions are called pre-operation and post-operation plug-in functions.

6.1. How Pre- and Post-operation Plug-ins Work

The Directory Server can perform the following LDAP operations: bind, unbind, search, modify, add, delete, modifyRDN, compare, and abandon.

Note

The Directory Server can also perform extended operations as defined in the LDAPv3 protocol. For information on implementing plug-in functions to execute extended operations, refer to Chapter 10, Writing Extended Operation Plug-ins.
You can configure the Directory Server to call your custom plug-in functions before and after executing any of these LDAP operations.
For example, you can write a pre-operation function that validates an entry before the server performs an LDAP add operation. An example of a post-operation plug-in function would be one that sends a notification to a user after their entry has been modified by an LDAP modify operation.
The Directory Server can call custom plug-in functions before and after performing operations, such as:
  • Sending an LDAP entry to the client.
  • Sending an LDAP result code to the client.
  • Sending an LDAP referral to the client.
Figure 6.1, “Calling Pre-operation and Post-operation Plug-in Functions” illustrates how the Directory Server front-end calls pre-operation and post-operation functions before and after executing an LDAP operation.
When processing a request, the Directory Server will call all registered pre-operation functions before it calls the backend to service the request. All pre-operation functions must return before the front-end calls the associated backend function.
Calling Pre-operation and Post-operation Plug-in Functions

Figure 6.1. Calling Pre-operation and Post-operation Plug-in Functions