[Previous] [Next]

CertMapInitFn_t (Init Function)

 Type definition for a user-defined initialization function, which is invoked on server startup and which can be used to specify that your own certificate mapping, search, and verification functions are used (instead of the default functions.)

Syntax
typedef int (*CertMapInitFn_t)(void *certmap_info, 
      const char *issuerName, const char *issuerDN, 
      const char *libname);
Parameters
 Functions with this type definition have the following parameters:
Name Description 
certmap_info
 Structure containing information about the configuration parameters for the certificate authority (CA) who issued the certificate.

If you need to get the value for a particular configuration attribute (or a property), pass the structure to the ldapu_get_cert_ava_val() function. 

issuerName
 Name of the certificate authority (CA).

issuerDN
 DN of the certificate authority (CA). If NULL, the function specified by the mapfn argument becomes the default certificate mapping function. 

libname
 (Used on Windows NT only) Name of the DLL containing your functions. On UNIX, you can pass a NULL string for this argument.

Returns
Functions with this type definition return one of the following values:

The server startup will be aborted if the return value is not LDAPU_SUCCESS.

Description
For each certificate authority (CA) listed in the certmap.conf file, you can specify an initialization function.

As is the case with the other functions, you need to define your initialization function in your shared library (or dynamic link library). To specify the library of your functions that needs to be loaded, use the Library statement in the certmap.conf file.

To identify this function as the function used for initialization, use the InitFn statement in the certmap.conf file. For example, the following configuration file specifies that on server startup, the initialization function named plugin_init_fn(), which is defined in the library mylib.so, should be invoked for the ace certificate authority:

certmap ace ou=Ace Certificate Authority, o=Ace Industry, c=US 
ace:library /usr/netscape/suitespot/userdb/mylib.so 
ace:InitFn plugin_init_fn 
ace:DNComps ou, o, c 
ace:FilterComps uid, mail 
ace:verifycert on
When the configuration file is loaded, any user-defined initialization functions are called with the certmap_info structure pertaining to the certificate authority (CA).

Example
The following initialization function specifies that the certificate mapping function my_mapping_fn() and the verification function my_v_fn() should be used instead of the default mapping and verification functions.

Since this section of code does not set up a search function, the default search function is used.

#include <stdio.h> 
#include "certmap.h" 


/* init function must be defined extern "C" if using a C++ compiler */ 


#ifdef __cplusplus 


extern "C" { 


#endif 


int my_init_fn (void *certmap_info, const char *issuerName, 


                    const char *issuerDN, const char *libname); 


#ifdef __cplusplus 


} 


#endif 


int my_init_fn (void *certmap_info, const char *issuerName, 
         const char *issuerDN, const char *libname) 


{ 


   int rv;


   static int initialized = 0;




   /* Make sure CertmapDLLInit is initialized only once */


   if (!initialized) {


#ifdef WIN32


   CertmapDLLInit(rv, libname);


   if (rv != LDAPU_SUCCESS) {


      /* If you want to log an error, insert the code here. */


      return rv;


   }


#endif


      initialized = 1;


   }




/* Specify that the function my_mapping_fn() should be used to generate base DNs and search filters, rather than the default function */


   rv = ldapu_set_cert_mapfn(issuerDN, (CertMapFn_t)my_mapping_fn); 


   if ( rv != LDAPU_SUCCESS ) { 


      return LDAPU_CERT_MAP_INITFN_FAILED;


   } 




/* Specify that the function my_v_fn() should be used to verify certificates, rather than the default function */


   rv = ldapu_set_cert_verifyfn(issuerDN, (CertVerifyFn_t)my_v_fn); 


   if (rv != LDAPU_SUCCESS ) { 


      return LDAPU_CERT_MAP_INITFN_FAILED;


   } 


   return LDAPU_SUCCESS; 


}



 See Also




CertSearchFn_t (Search Function), CertVerifyFn_t (Verification Function), CertMapFn_t (Mapping Function).




[Previous] [Next]











 
 Copyright ⌐ 1997 
Netscape Communications Corporation