winldap.pas

详细Windows API大全有关知识以及相关问题

  LDAP_CONNECT_ERROR              =   $5b;
  {$EXTERNALSYM LDAP_NOT_SUPPORTED}
  LDAP_NOT_SUPPORTED              =   $5c;
  {$EXTERNALSYM LDAP_NO_RESULTS_RETURNED}
  LDAP_NO_RESULTS_RETURNED        =   $5e;
  {$EXTERNALSYM LDAP_CONTROL_NOT_FOUND}
  LDAP_CONTROL_NOT_FOUND          =   $5d;
  {$EXTERNALSYM LDAP_MORE_RESULTS_TO_RETURN}
  LDAP_MORE_RESULTS_TO_RETURN     =   $5f;

  {$EXTERNALSYM LDAP_CLIENT_LOOP}
  LDAP_CLIENT_LOOP                =   $60;
  {$EXTERNALSYM LDAP_REFERRAL_LIMIT_EXCEEDED}
  LDAP_REFERRAL_LIMIT_EXCEEDED    =   $61;


//
//  Bind methods.  We support the following methods :
//
//      Simple         Clear text password... try not to use as it's not secure.
//
//      MSN            MSN(Microsoft Network)authentication. This package
//                     may bring up UI to prompt the user for MSN credentials.
//
//      DPA            Normandy authentication... new MSN authentication.  Same
//                     usage as MSN.
//
//      NTLM           NT domain authentication.  Use NULL credentials and
//                     we'll try to use default logged in user credentials.
//
//      Sicily         Negotiate with the server for any of: MSN, DPA, NTLM
//
//      SSPI           Use GSSAPI Negotiate package to negotiate security
//                     package of either Kerberos v5 or NTLM(or any other
//                     package the client and server negotiate).  Pass in
//                     NULL credentials to specify default logged in user or
//                     you may pass in a SEC_WINNT_AUTH_IDENTITY_W(defined
//                     in rpcdce.h)to specify alternate credentials.
//
//  For all bind methods except for Simple, you may pass in a
//  SEC_WINNT_AUTH_IDENTITY_W (defined in rpcdce.h) or the newer
//  SEC_WINNT_AUTH_IDENTITY_EXW (defined in secext.h) to specify alternate
//  credentials.
//
//  All bind methods other than simple are synchronous only calls.
//  Calling the asynchronous bind call for any of these messages will
//  return LDAP_PARAM_ERROR.
//
//  Using any other method besides simple will cause WLDAP32 to pull in
//  the SSPI security DLLs(SECURITY.DLL etc).
//
//  On NTLM and SSPI, if you specify NULL credentials, we'll attempt to use
//  the default logged in user.
//

const
  {$EXTERNALSYM LDAP_AUTH_SIMPLE}
  LDAP_AUTH_SIMPLE                = $80;
  {$EXTERNALSYM LDAP_AUTH_SASL}
  LDAP_AUTH_SASL                  = $83;

  {$EXTERNALSYM LDAP_AUTH_OTHERKIND}
  LDAP_AUTH_OTHERKIND             = $86;

// The SICILY type covers package negotiation to MSN servers.
// Each of the supported types can also be specified without
// doing the package negotiation, assuming the caller knows
// what the server supports.

  {$EXTERNALSYM LDAP_AUTH_SICILY}
  LDAP_AUTH_SICILY                = LDAP_AUTH_OTHERKIND or $0200;

  {$EXTERNALSYM LDAP_AUTH_MSN}
  LDAP_AUTH_MSN                   = LDAP_AUTH_OTHERKIND or $0800;
  {$EXTERNALSYM LDAP_AUTH_NTLM}
  LDAP_AUTH_NTLM                  = LDAP_AUTH_OTHERKIND or $1000;
  {$EXTERNALSYM LDAP_AUTH_DPA}
  LDAP_AUTH_DPA                   = LDAP_AUTH_OTHERKIND or $2000;

// This will cause the client to use the GSSAPI negotiation
// package to determine the most appropriate authentication type.
// This type should be used when talking to NT5.

  {$EXTERNALSYM LDAP_AUTH_NEGOTIATE}
  LDAP_AUTH_NEGOTIATE             = LDAP_AUTH_OTHERKIND or $0400;

// backward compatible #define for older constant name.

  {$EXTERNALSYM LDAP_AUTH_SSPI}
  LDAP_AUTH_SSPI                  = LDAP_AUTH_NEGOTIATE;

//
//  Client applications typically don't have to encode/decode LDAP filters,
//  but if they do, we define the operators here.
//
//  Filter types.

  {$EXTERNALSYM LDAP_FILTER_AND}
  LDAP_FILTER_AND         = $a0;    // context specific + constructed - SET OF Filters.
  {$EXTERNALSYM LDAP_FILTER_OR}
  LDAP_FILTER_OR          = $a1;    // context specific + constructed - SET OF Filters.
  {$EXTERNALSYM LDAP_FILTER_NOT}
  LDAP_FILTER_NOT         = $a2;    // context specific + constructed - Filter
  {$EXTERNALSYM LDAP_FILTER_EQUALITY}
  LDAP_FILTER_EQUALITY    = $a3;    // context specific + constructed - AttributeValueAssertion.
  {$EXTERNALSYM LDAP_FILTER_SUBSTRINGS}
  LDAP_FILTER_SUBSTRINGS  = $a4;    // context specific + constructed - SubstringFilter
  {$EXTERNALSYM LDAP_FILTER_GE}
  LDAP_FILTER_GE          = $a5;    // context specific + constructed - AttributeValueAssertion.
  {$EXTERNALSYM LDAP_FILTER_LE}
  LDAP_FILTER_LE          = $a6;    // context specific + constructed - AttributeValueAssertion.
  {$EXTERNALSYM LDAP_FILTER_PRESENT}
  LDAP_FILTER_PRESENT     = $87;    // context specific + primitive   - AttributeType.
  {$EXTERNALSYM LDAP_FILTER_APPROX}
  LDAP_FILTER_APPROX      = $a8;    // context specific + constructed - AttributeValueAssertion.
  {$EXTERNALSYM LDAP_FILTER_EXTENSIBLE}
  LDAP_FILTER_EXTENSIBLE  = $a9;    // context specific + constructed - MatchingRuleAssertion.

//  Substring filter types

  {$EXTERNALSYM LDAP_SUBSTRING_INITIAL}
  LDAP_SUBSTRING_INITIAL  = $80;   // class context specific
  {$EXTERNALSYM LDAP_SUBSTRING_ANY}
  LDAP_SUBSTRING_ANY      = $81;   // class context specific
  {$EXTERNALSYM LDAP_SUBSTRING_FINAL}
  LDAP_SUBSTRING_FINAL    = $82;   // class context specific

//
//  Possible values for ld_deref field.
//      "Never"     - never deref aliases.  return only the alias.
//      "Searching" - only deref aliases when searching, not when locating
//                    the base object of a search.
//      "Finding"   - dereference the alias when locating the base object but
//                    not during a search.
//      "Always"    - always dereference aliases.
//

  {$EXTERNALSYM LDAP_DEREF_NEVER}
  LDAP_DEREF_NEVER        = 0;
  {$EXTERNALSYM LDAP_DEREF_SEARCHING}
  LDAP_DEREF_SEARCHING    = 1;
  {$EXTERNALSYM LDAP_DEREF_FINDING}
  LDAP_DEREF_FINDING      = 2;
  {$EXTERNALSYM LDAP_DEREF_ALWAYS}
  LDAP_DEREF_ALWAYS       = 3;

//  Special values for ld_sizelimit :

  {$EXTERNALSYM LDAP_NO_LIMIT}
  LDAP_NO_LIMIT       = 0;

//  Flags for ld_options field :

  {$EXTERNALSYM LDAP_OPT_DNS}
  LDAP_OPT_DNS                = $00000001;  // utilize DN & DNS
  {$EXTERNALSYM LDAP_OPT_CHASE_REFERRALS}
  LDAP_OPT_CHASE_REFERRALS    = $00000002;  // chase referrals
  {$EXTERNALSYM LDAP_OPT_RETURN_REFS}
  LDAP_OPT_RETURN_REFS        = $00000004;  // return referrals to calling app

//
//  LDAP structure per connection
//

{$HPPEMIT '#pragma pack(push, 4)'}
{$ALIGN ON}

type
  {$EXTERNALSYM PLDAP}
  PLDAP = ^LDAP;
  {$EXTERNALSYM LDAP}
  LDAP = record

    ld_sb: record
      sb_sd: ULONG;
      Reserved1: array [0..(10 * sizeof(ULONG))] of Byte;
      sb_naddr: ULONG;   // notzero implies CLDAP available
      Reserved2: array [0..(6 * sizeof(ULONG)) - 1] of Byte;
    end;

    //
    //  Following parameters MAY match up to reference implementation of LDAP
    //

    ld_host: PChar;
    ld_version: ULONG;
    ld_lberoptions: Byte;

    //
    //  Safe to assume that these parameters are in same location as
    //  reference implementation of LDAP API.
    //

    ld_deref: ULONG;

    ld_timelimit: ULONG;
    ld_sizelimit: ULONG;

    ld_errno: ULONG;
    ld_matched: PChar;
    ld_error: PChar;
    ld_msgid: ULONG;

    Reserved3: array  [0..(6*sizeof(ULONG))] of Byte;

    //
    //  Following parameters may match up to reference implementation of LDAP API.
    //

    ld_cldaptries: ULONG;
    ld_cldaptimeout: ULONG;
    ld_refhoplimit: ULONG;
    ld_options: ULONG;
  end;

//
//  Our timeval structure is a bit different from the reference implementation
//  since Win32 defines a _timeval structure that is different from the LDAP
//  one.
//

  PLDAPTimeVal = ^TLDAPTimeVal;
  {$EXTERNALSYM l_timeval}
  l_timeval = packed record
    tv_sec: Longint;
    tv_usec: Longint;
  end;
  {$EXTERNALSYM LDAP_TIMEVAL}
  LDAP_TIMEVAL = l_timeval;
  {$EXTERNALSYM PLDAP_TIMEVAL}
  PLDAP_TIMEVAL = ^LDAP_TIMEVAL;
  TLDAPTimeVal = l_timeval;

//
//  The berval structure is used to pass in any arbitrary octet string.  It
//  is useful for attributes that cannot be represented using a null
//  terminated string.
//

  PLDAPBerVal = ^TLDAPBerVal;
  PPLDAPBerVal = ^PLDAPBerVal;
  {$EXTERNALSYM PLDAP_BERVAL}
  PLDAP_BERVAL = ^berval;
  {$EXTERNALSYM PBERVAL}
  PBERVAL = ^berval;
  {$EXTERNALSYM berval}
  berval = record
    bv_len: ULONG;
    bv_val: PChar;
  end;
  {$EXTERNALSYM LDAP_BERVAL}
  LDAP_BERVAL = berval;
  TLDAPBerVal = berval;

//
//  The following structure has to be compatible with reference implementation.
//

  PPLDAPMessage = ^PLDAPMessage;
  {$EXTERNALSYM PLDAPMessage}
  PLDAPMessage = ^LDAPMessage;
  {$EXTERNALSYM ldapmsg}
  ldapmsg = record
    lm_msgid: ULONG;             // message number for given connection
    lm_msgtype: ULONG;           // message type of the form LDAP_RES_xxx

    lm_ber: Pointer;             // ber form of message

    lm_chain: PLDAPMessage;      // pointer to next result value
    lm_next: PLDAPMessage;       // pointer to next message
    lm_time: ULONG;

    //
    //  new fields below not in reference implementation
    //

    Connection: PLDAP;           // connection from which we received response
    Request: Pointer;            // owning request(opaque structure)
    lm_returncode: ULONG;        // server's return code
    lm_referral: Word;           // index of referral within ref table
    lm_chased: ByteBool;         // has referral been chased already?
    lm_eom: ByteBool;            // is this the last entry for this message?
    ConnectionReferenced: ByteBool; // is the Connection still valid?
  end;
  {$EXTERNALSYM LDAPMessage}
  LDAPMessage = ldapmsg;

//
//  Controls... there are three types :
//
//   1) those passed to the server
//   2) those passed to the client and handled by the client API
//   3) those returned by the server
//

// Extra types defined for use as parameter.
  PPPLDAPControlA = ^PPLDAPControlA;
  {$NODEFINE PPPLDAPControlA}
  PPPLDAPControlW = ^PPLDAPControlW;
  {$NODEFINE PPPLDAPControlW}
  PPPLDAPControl = PPPLDAPControlA;
  PPLDAPControlA = ^PLDAPControlA;
  {$NODEFINE PPLDAPControlA}
  PPLDAPControlW = ^PLDAPControlW;
  {$NODEFINE PPLDAPControlW}
  PPLDAPControl = PPLDAPControlA;

  {$EXTERNALSYM PLDAPControlA}
  PLDAPControlA = ^LDAPControlA;
  {$EXTERNALSYM PLDAPControlW}
  PLDAPControlW = ^LDAPControlW;
  {$EXTERNALSYM PLDAPControl}
  PLDAPControl = PLDAPControlA;

  {$EXTERNALSYM LDAPControlA}
  LDAPControlA = record
    ldctl_oid: PAnsiChar;
    ldctl_value: TLDAPBerVal;
    ldctl_iscritical: ByteBool;
  end;
  {$EXTERNALSYM LDAPControlW}
  LDAPControlW = record
    ldctl_oid: PWideChar;
    ldctl_value: TLDAPBerVal;
    ldctl_iscritical: ByteBool;
  end;
  {$EXTERNALSYM LDAPControl}
  LDAPControl = LDAPControlA;

  TLDAPControlA = LDAPControlA;
  TLDAPControlW = LDAPControlW;
  TLDAPControl = TLDAPControlA;

//
//  Client controls section : these are the client controls that wldap32.dll
//  supports.
//
//  If you specify LDAP_CONTROL_REFERRALS in a control, the value field should
//  point to a ULONG of the following flags :
//
//      LDAP_CHASE_SUBORDINATE_REFERRALS
//      LDAP_CHASE_EXTERNAL_REFERRALS
//
const
  {$EXTERNALSYM LDAP_CONTROL_REFERRALS_W}
  LDAP_CONTROL_REFERRALS_W = '1.2.840.113556.1.4.616';
  {$EXTERNALSYM LDAP_CONTROL_REFERRALS}
  LDAP_CONTROL_REFERRALS   = '1.2.840.113556.1.4.616';