openldap 0.0.1pre11

data/ext/openldap.h

@@ -0,0 +1,91 @@
+/* 
+ * Header for openldap.c
+ */
+
+#ifndef __OPENLDAP_H__
+#define __OPENLDAP_H__
+
+#include <stdio.h>
+#include <math.h>
+#include <string.h>
+#include <inttypes.h>
+#include <assert.h>
+
+#include <ldap.h>
+
+#include <ruby.h>
+
+#include "extconf.h"
+
+/* --------------------------------------------------------------
+ * Globals
+ * -------------------------------------------------------------- */
+
+/* Reference to the URI module */
+extern VALUE ropenldap_rbmURI;
+
+extern VALUE ropenldap_mOpenLDAP;
+extern VALUE ropenldap_mOpenLDAPLoggable;
+
+extern VALUE ropenldap_cOpenLDAPConnection;
+
+extern VALUE ropenldap_eOpenLDAPError;
+
+
+/* --------------------------------------------------------------
+ * Typedefs
+ * -------------------------------------------------------------- */
+
+/* OpenLDAP::Connection struct */
+struct ropenldap_connection {
+    LDAP    *ldap;
+    VALUE   connection;
+};
+
+
+/* --------------------------------------------------------------
+ * Macros
+ * -------------------------------------------------------------- */
+#define IsConnection( obj ) rb_obj_is_kind_of( (obj), ropenldap_cOpenLDAPConnection )
+
+#ifdef UNUSED
+#elif defined(__GNUC__)
+# define UNUSED(x) UNUSED_ ## x __attribute__((unused))
+#elif defined(__LCLINT__)
+# define UNUSED(x) /*@unused@*/ x
+#else
+# define UNUSED(x) x
+#endif
+
+
+/* --------------------------------------------------------------
+ * Declarations
+ * -------------------------------------------------------------- */
+
+#ifdef HAVE_STDARG_PROTOTYPES
+#include <stdarg.h>
+#define va_init_list(a,b) va_start(a,b)
+void ropenldap_log_obj( VALUE, const char *, const char *, ... );
+void ropenldap_log( const char *, const char *, ... );
+void ropenldap_check_result( int, const char *, ... );
+#else
+#include <varargs.h>
+#define va_init_list(a,b) va_start(a)
+void ropenldap_log_obj( VALUE, const char *, const char *, va_dcl );
+void ropenldap_log( const char *, const char *, va_dcl );
+void ropenldap_check_result( int, va_dcl );
+#endif
+
+VALUE ropenldap_rb_string_array         _(( char ** ));
+
+
+/* --------------------------------------------------------------
+ * Initializers
+ * -------------------------------------------------------------- */
+
+void Init_openldap_ext                  _(( void ));
+void ropenldap_init_connection          _(( void ));
+
+
+#endif /* __OPENLDAP_H__ */
+

data/lib/openldap.rb

@@ -0,0 +1,102 @@
+#!/usr/bin/env ruby
+
+# The namespace for OpenLDAP classes.
+# 
+# == Authors
+# 
+# * Michael Granger <ged@FaerieMUD.org>
+# 
+module OpenLDAP
+
+	# Library version constant
+	VERSION = '0.0.1'
+
+	# Version-control revision constant
+	REVISION = %q$Revision: 8fbea29a30e3 $
+
+	require 'openldap/utils'
+
+	### Logging
+
+	# Log levels
+	LOG_LEVELS = {
+		'debug' => Logger::DEBUG,
+		'info'  => Logger::INFO,
+		'warn'  => Logger::WARN,
+		'error' => Logger::ERROR,
+		'fatal' => Logger::FATAL,
+	}.freeze
+	LOG_LEVEL_NAMES = LOG_LEVELS.invert.freeze
+
+	@default_logger = Logger.new( $stderr )
+	@default_logger.level = $DEBUG ? Logger::DEBUG : Logger::WARN
+
+	@default_log_formatter = OpenLDAP::LogFormatter.new( @default_logger )
+	@default_logger.formatter = @default_log_formatter
+
+	@logger = @default_logger
+
+
+	class << self
+		# The log formatter that will be used when the logging subsystem is reset
+		attr_accessor :default_log_formatter
+
+		# the logger that will be used when the logging subsystem is reset
+		attr_accessor :default_logger
+
+		# the logger that's currently in effect
+		attr_accessor :logger
+		alias_method :log, :logger
+		alias_method :log=, :logger=
+	end
+
+
+	### Reset the global logger object to the default
+	def self::reset_logger
+		self.logger = self.default_logger
+		self.logger.level = Logger::WARN
+		self.logger.formatter = self.default_log_formatter
+	end
+
+
+	### Returns +true+ if the global logger has not been set to something other than
+	### the default one.
+	def self::using_default_logger?
+		return self.logger == self.default_logger
+	end
+
+
+	### Get the library version.
+	def self::version_string( include_buildnum=false )
+		vstring = "%s %s" % [ self.name, VERSION ]
+		vstring << " (build %s)" % [ REVISION[/: ([[:xdigit:]]+)/, 1] || '0' ] if include_buildnum
+		return vstring
+	end
+
+	### Load the extension
+	begin
+		require 'openldap_ext'
+	rescue LoadError => err
+		# If it's a Windows binary gem, try the <major>.<minor> subdirectory
+		if RUBY_PLATFORM =~/(mswin|mingw)/i
+			major_minor = RUBY_VERSION[ /^(\d+\.\d+)/ ] or
+				raise "Oops, can't extract the major/minor version from #{RUBY_VERSION.dump}"
+			require "#{major_minor}/openldap_ext"
+		else
+			raise
+		end
+
+	end
+
+	# Load the remaining Ruby parts of the library
+	require 'openldap/exceptions'
+
+end # module OpenLDAP
+
+
+# Allow some backward-compatibility with ruby-ldap
+unless defined?( ::LDAP )
+	::LDAP = ::OpenLDAP
+end
+
+

data/lib/openldap/connection.rb

@@ -0,0 +1,179 @@
+#!/usr/bin/env ruby
+
+require 'uri'
+require 'openldap' unless defined?( OpenLDAP )
+
+# OpenLDAP Connection class
+class OpenLDAP::Connection
+
+	# Default options for new OpenLDAP::Connections.
+	DEFAULT_OPTIONS = {
+		:protocol_version => 3,
+	}
+
+	# Default TLS options to set before STARTTLS
+	DEFAULT_TLS_OPTIONS = {}
+
+	# Mapping of names of TLS peer certificate-checking strategies into Fixnum values used by 
+	# the underlying library.
+	TLS_REQUIRE_CERT_STRATEGIES = {
+		:never  => OpenLDAP::LDAP_OPT_X_TLS_NEVER,
+		:hard   => OpenLDAP::LDAP_OPT_X_TLS_HARD,
+		:demand => OpenLDAP::LDAP_OPT_X_TLS_DEMAND,
+		:allow  => OpenLDAP::LDAP_OPT_X_TLS_ALLOW,
+		:try    => OpenLDAP::LDAP_OPT_X_TLS_TRY
+	}
+
+	# Inverse of TLS_REQUIRE_CERT_STRATEGIES
+	TLS_REQUIRE_CERT_STRATEGY_NAMES = TLS_REQUIRE_CERT_STRATEGIES.invert
+
+	# Mapping of names of TLS CRL evaluation strategies into Fixnum values used by 
+	# the underlying library.
+	TLS_CRL_CHECK_STRATEGIES = {
+		:none => OpenLDAP::LDAP_OPT_X_TLS_CRL_NONE,
+		:peer => OpenLDAP::LDAP_OPT_X_TLS_CRL_PEER,
+		:all  => OpenLDAP::LDAP_OPT_X_TLS_CRL_ALL
+	}
+
+	# Inverse of TLS_CRL_CHECK_STRATEGIES
+	TLS_CRL_CHECK_STRATEGY_NAMES = TLS_CRL_CHECK_STRATEGIES.invert
+
+
+	### Create a new OpenLDAP::Connection object that will attempt to connect to one of the
+	### specified +urls+ in order.
+	def initialize( *urls )
+		options = if urls.last.is_a?( Hash ) then urls.pop else {} end
+		options = DEFAULT_OPTIONS.merge( options )
+
+		url_strings = urls.map( &self.method(:simplify_url) )
+		self._initialize( url_strings )
+
+		# Set options
+		options.each do |opt, val|
+			case opt
+			when :timeout
+				self.network_timeout = Float( val )
+			else
+				if self.respond_to?( "#{opt}=" )
+					self.send( "#{opt}=", val )
+				else
+					self.log.info "Unknown option %p: ignoring" % [ opt ]
+				end
+			end
+		end
+	end
+
+
+	######
+	public
+	######
+
+	### Initiate TLS processing on the LDAP session. If called without a block, the call returns
+	### when TLS handlers have been installed. If called with the block, the call runs asyncronously
+	### and calls the block when TLS is installed. If there is an error, or TLS is already set up on
+	### the connection, an appropriate OpenLDAP::Error is raised.
+	###
+	###    conn.start_tls( :tls_require_cert => :try )
+	###
+	def start_tls( options=DEFAULT_TLS_OPTIONS )
+		options.each do |opt, val|
+			if opt.to_s.index( 'tls_' ) != 0
+				self.log.info "Skipping non-TLS option: %p" % [ opt ]
+				next
+			end
+
+			self.send( "#{opt}=", val )
+		end
+
+		self._start_tls
+	end
+
+
+	### Get the current peer certificate-checking strategy (a Symbol). See #tls_require_cert=
+	### for a list of the valid return values and what they mean.
+	def tls_require_cert
+		sym = TLS_REQUIRE_CERT_STRATEGY_NAMES[ self._tls_require_cert ] or
+			raise IndexError, "unknown TLS certificate-checking strategy %p" %
+				[self._tls_require_cert]
+		return sym
+	end
+
+
+	### Set the current peer certificate-checking +strategy+ (a Symbol). One of:
+	###
+	### [:never]  This is the default. The library will not ask the peer for a certificate.
+	### [:allow]  The peer certificate is requested. If no certificate is provided, the session 
+	###           proceeds normally. If a bad certificate is provided, it will be ignored and the 
+	###           session proceeds normally.
+	### [:try]    The peer certificate is requested. If no certificate is provided, the session
+	###           proceeds normally. If a bad certificate is provided, the session is immediately
+	###           terminated.
+	### [:demand] The peer certificate is requested. If no certificate is provided, or a bad 
+	###           certificate is provided, the session is immediately terminated.
+    ###          
+	### Note that a valid client certificate is required in order to use the SASL EXTERNAL
+	### authentication mechanism with a TLS session. As such, a non-default
+	### setting must be chosen to enable SASL EXTERNAL authentication.
+	def tls_require_cert=( strategy )
+		numeric_opt = TLS_REQUIRE_CERT_STRATEGIES[ strategy ] or
+			raise IndexError, "unknown TLS certificate-checking strategy %p" % [strategy]
+		self._tls_require_cert=( numeric_opt )
+	end
+
+
+	### Get the current CRL check strategy (a Symbol). See #tls_crlcheck=
+	### for a list of the valid return values and what they mean.
+	def tls_crlcheck
+		sym = TLS_CRL_CHECK_STRATEGY_NAMES[ self._tls_crlcheck ] or
+			raise IndexError, "unknown TLS CRL evaluation strategy %p" % [self._tls_crlcheck]
+		return sym
+	end
+
+
+	### Specify if the Certificate Revocation List (CRL) of the CA should be used to check
+	### if the client certificates have been revoked or not. This option is ignored with GNUtls. 
+	### +strategy+ can be specified as one of the following:
+	###
+	### [:none]   No CRL checks are performed
+	### [:peer]   Check the CRL of the peer certificate
+	### [:all]    Check the CRL for a whole certificate chain
+	###
+	### If this is set to +:peer+ or +:all+, #tls_cacertdir also needs to be set.
+	def tls_crlcheck=( strategy )
+		numeric_opt = TLS_CRL_CHECK_STRATEGIES[ strategy ] or
+			raise IndexError, "unknown TLS CRL evaluation strategy %p" % [strategy]
+		self._tls_crlcheck=( numeric_opt )
+	end
+
+
+	### Fetch an IO object wrapped around the file descriptor the library is using to 
+	### communicate with the directory. Returns +nil+ if the connection hasn't yet
+	### been established.
+	def socket
+		unless @socket
+			fd = self.fdno or return nil
+			@socket = IO.for_fd( fd, "rb:ascii-8bit" )
+			@socket.autoclose = false
+			@socket.close_on_exec = false
+		end
+
+		return @socket
+	end
+
+
+	#######
+	private
+	#######
+
+	### Strip all but the schema, host, and port from the given +url+ and return it as a
+	### String. 
+	def simplify_url( url )
+		url = URI( url ) unless url.is_a?( URI )
+		simpleurl = URI::Generic.build( :scheme => url.scheme, :host => url.host, :port => url.port )
+		self.log.info "Simplified URL %s to: %s" % [ url, simpleurl ]
+
+		return simpleurl.to_s
+	end
+
+end # class OpenLDAP::Connection
+

data/lib/openldap/exceptions.rb

@@ -0,0 +1,246 @@
+#!/usr/bin/env ruby
+
+require 'openldap' unless defined?( OpenLDAP )
+
+
+module OpenLDAP
+
+	# A map of result codes to the corresponding exception class
+	RESULT_EXCEPTION_CLASS = {}
+
+	# The base class for all OpenLDAP exceptions
+	#
+	# The exception class hierarchy follows the error constants specified by the OpenLDAP
+	# client library, and looks like this:
+	# 
+	# * OpenLDAP::Error
+	#   * Referral
+	#   * OperationsError
+	#   * ProtocolError
+	#   * TimelimitExceeded
+	#   * SizelimitExceeded
+	#   * CompareFalse
+	#   * CompareTrue
+	#   * AuthMethodNotSupported
+	#   * StrongAuthRequired
+	#   * PartialResults
+	#   * AdminlimitExceeded
+	#   * UnavailableCriticalExtension
+	#   * ConfidentialityRequired
+	#   * SASLBindInProgress
+	#   * AttrError
+	#     * NoSuchAttribute
+	#     * UndefinedType
+	#     * InappropriateMatching
+	#     * ConstraintViolation
+	#     * TypeOrValueExists
+	#     * InvalidSyntax
+	#   * NameError
+	#     * NoSuchObject
+	#     * AliasProblem
+	#     * InvalidDNSyntax
+	#     * IsLeaf
+	#     * AliasDerefProblem
+	#   * SecurityError
+	#     * XProxyAuthzFailure
+	#     * InappropriateAuth
+	#     * InvalidCredentials
+	#     * InsufficientAccess
+	#   * ServiceError
+	#     * Busy
+	#     * Unavailable
+	#     * UnwillingToPerform
+	#     * LoopDetect
+	#   * UpdateError
+	#     * NamingViolation
+	#     * ObjectClassViolation
+	#     * NotAllowedOnNonleaf
+	#     * NotAllowedOnRdn
+	#     * AlreadyExists
+	#     * NoObjectClassMods
+	#     * ResultsTooLarge
+	#     * AffectsMultipleDSAs
+	#     * VLVError
+	#   * OtherError
+	#   * APIError
+	#     * ServerDown
+	#     * LocalError
+	#     * EncodingError
+	#     * DecodingError
+	#     * Timeout
+	#     * AuthUnknown
+	#     * FilterError
+	#     * UserCancelled
+	#     * ParamError
+	#     * NoMemory
+	#     * ConnectError
+	#     * NotSupported
+	#     * ControlNotFound
+	#     * NoResultsReturned
+	#     * MoreResultsToReturn
+	#     * ClientLoop
+	#     * ReferralLimitExceeded
+	#     * XConnecting
+	class Error < RuntimeError
+
+		# The result code that corresponds to the exception type
+		@result_code = nil
+		class << self; attr_accessor :result_code; end
+
+		### Inheritance hook -- Initialize the result code class instance variable
+		### for inheriting exception classes.
+		def self::inherited( subclass )
+			subclass.instance_variable_set( :@result_code, nil )
+		end
+
+		### Return the appropriate Exception class for the given +resultcode+.
+		### @param [Integer] resultcode  the result code from an ldap_* call.
+		### @return [Class] 
+		def self::subclass_for( resultcode )
+			return OpenLDAP::RESULT_EXCEPTION_CLASS[ resultcode ]
+		end
+
+	end # class Error
+
+
+	### Define a new Exception class named +classname+ for the specified +result_code+
+	### and inheriting from +superclass+.
+	def self::def_ldap_exception( classname, result_code, superclass=OpenLDAP::Error )
+		eclass = Class.new( superclass ) do
+			def initialize( message=nil ) # :nodoc:
+				ldapmsg = OpenLDAP.err2string( self.class.result_code )
+				ldapmsg += ': ' + message if message
+				super( ldapmsg )
+			end
+		end
+		eclass.result_code = result_code
+
+		const_set( classname, eclass )
+		RESULT_EXCEPTION_CLASS[ result_code ] = eclass
+	end
+
+
+	# The LDAP referral class -- raised when the target LDAP directory instructs
+	# the client to refer to another directory
+	class Referral < OpenLDAP::Error
+
+		### Create a new referral to the specified +url+.
+		def initialize( url )
+			super( "Referral to #{url}" )
+			@url = url
+		end
+
+		######
+		public
+		######
+
+		# The URL of the directory to refer to
+		attr_reader :url
+
+	end # class Referral
+
+
+	def_ldap_exception :OperationsError, LDAP_OPERATIONS_ERROR
+	def_ldap_exception :ProtocolError, LDAP_PROTOCOL_ERROR
+	def_ldap_exception :TimelimitExceeded, LDAP_TIMELIMIT_EXCEEDED
+	def_ldap_exception :SizelimitExceeded, LDAP_SIZELIMIT_EXCEEDED
+	def_ldap_exception :CompareFalse, LDAP_COMPARE_FALSE
+	def_ldap_exception :CompareTrue, LDAP_COMPARE_TRUE
+	def_ldap_exception :AuthMethodNotSupported, LDAP_AUTH_METHOD_NOT_SUPPORTED
+	def_ldap_exception :StrongAuthRequired, LDAP_STRONG_AUTH_REQUIRED
+	def_ldap_exception :PartialResults, LDAP_PARTIAL_RESULTS
+	def_ldap_exception :AdminlimitExceeded, LDAP_ADMINLIMIT_EXCEEDED
+	def_ldap_exception :UnavailableCriticalExtension, LDAP_UNAVAILABLE_CRITICAL_EXTENSION
+	def_ldap_exception :ConfidentialityRequired, LDAP_CONFIDENTIALITY_REQUIRED
+	def_ldap_exception :SASLBindInProgress, LDAP_SASL_BIND_IN_PROGRESS
+
+	#define LDAP_ATTR_ERROR(n)	LDAP_RANGE((n),0x10,0x15) /* 16-21 */
+	class AttrError < OpenLDAP::Error # :nodoc:
+	end
+
+	def_ldap_exception :NoSuchAttribute, LDAP_NO_SUCH_ATTRIBUTE, OpenLDAP::AttrError
+	def_ldap_exception :UndefinedType, LDAP_UNDEFINED_TYPE, OpenLDAP::AttrError
+	def_ldap_exception :InappropriateMatching, LDAP_INAPPROPRIATE_MATCHING, OpenLDAP::AttrError
+	def_ldap_exception :ConstraintViolation, LDAP_CONSTRAINT_VIOLATION, OpenLDAP::AttrError
+	def_ldap_exception :TypeOrValueExists, LDAP_TYPE_OR_VALUE_EXISTS, OpenLDAP::AttrError
+	def_ldap_exception :InvalidSyntax, LDAP_INVALID_SYNTAX, OpenLDAP::AttrError
+
+	#define LDAP_NAME_ERROR(n)	LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
+	class NameError < OpenLDAP::Error # :nodoc:
+	end
+
+	def_ldap_exception :NoSuchObject, LDAP_NO_SUCH_OBJECT, OpenLDAP::NameError
+	def_ldap_exception :AliasProblem, LDAP_ALIAS_PROBLEM, OpenLDAP::NameError
+	def_ldap_exception :InvalidDNSyntax, LDAP_INVALID_DN_SYNTAX, OpenLDAP::NameError
+	def_ldap_exception :IsLeaf, LDAP_IS_LEAF, OpenLDAP::NameError
+	def_ldap_exception :AliasDerefProblem, LDAP_ALIAS_DEREF_PROBLEM, OpenLDAP::NameError
+
+	#define LDAP_SECURITY_ERROR(n)	LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
+	class SecurityError < OpenLDAP::Error # :nodoc:
+	end
+
+	def_ldap_exception :XProxyAuthzFailure, LDAP_X_PROXY_AUTHZ_FAILURE, OpenLDAP::SecurityError
+	def_ldap_exception :InappropriateAuth, LDAP_INAPPROPRIATE_AUTH, OpenLDAP::SecurityError
+	def_ldap_exception :InvalidCredentials, LDAP_INVALID_CREDENTIALS, OpenLDAP::SecurityError
+	def_ldap_exception :InsufficientAccess, LDAP_INSUFFICIENT_ACCESS, OpenLDAP::SecurityError
+
+	#define LDAP_SERVICE_ERROR(n)	LDAP_RANGE((n),0x33,0x36) /* 51-54 */
+	class ServiceError < OpenLDAP::Error # :nodoc:
+	end
+
+	def_ldap_exception :Busy, LDAP_BUSY, OpenLDAP::ServiceError
+	def_ldap_exception :Unavailable, LDAP_UNAVAILABLE, OpenLDAP::ServiceError
+	def_ldap_exception :UnwillingToPerform, LDAP_UNWILLING_TO_PERFORM, OpenLDAP::ServiceError
+	def_ldap_exception :LoopDetect, LDAP_LOOP_DETECT, OpenLDAP::ServiceError
+
+	#define LDAP_UPDATE_ERROR(n)	LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
+	class UpdateError < OpenLDAP::Error # :nodoc:
+	end
+
+	def_ldap_exception :NamingViolation, LDAP_NAMING_VIOLATION, OpenLDAP::UpdateError
+	def_ldap_exception :ObjectClassViolation, LDAP_OBJECT_CLASS_VIOLATION, OpenLDAP::UpdateError
+	def_ldap_exception :NotAllowedOnNonleaf, LDAP_NOT_ALLOWED_ON_NONLEAF, OpenLDAP::UpdateError
+	def_ldap_exception :NotAllowedOnRdn, LDAP_NOT_ALLOWED_ON_RDN, OpenLDAP::UpdateError
+	def_ldap_exception :AlreadyExists, LDAP_ALREADY_EXISTS, OpenLDAP::UpdateError
+	def_ldap_exception :NoObjectClassMods, LDAP_NO_OBJECT_CLASS_MODS, OpenLDAP::UpdateError
+	def_ldap_exception :ResultsTooLarge, LDAP_RESULTS_TOO_LARGE, OpenLDAP::UpdateError
+	def_ldap_exception :AffectsMultipleDSAs, LDAP_AFFECTS_MULTIPLE_DSAS, OpenLDAP::UpdateError
+
+	def_ldap_exception :VLVError, LDAP_VLV_ERROR if defined?( OpenLDAP::LDAP_VLV_ERROR )
+
+	# Implementation-specific errors
+	class OtherError < OpenLDAP::Error # :nodoc:
+	end
+	RESULT_EXCEPTION_CLASS.default = OpenLDAP::OtherError
+
+	# API Error Codes
+	# 
+	# Based on draft-ietf-ldap-c-api-xx
+	# but with new negative code values
+	# 
+	class APIError < OpenLDAP::Error # :nodoc:
+	end
+
+	def_ldap_exception :ServerDown, LDAP_SERVER_DOWN, OpenLDAP::APIError
+	def_ldap_exception :LocalError, LDAP_LOCAL_ERROR, OpenLDAP::APIError
+	def_ldap_exception :EncodingError, LDAP_ENCODING_ERROR, OpenLDAP::APIError
+	def_ldap_exception :DecodingError, LDAP_DECODING_ERROR, OpenLDAP::APIError
+	def_ldap_exception :Timeout, LDAP_TIMEOUT, OpenLDAP::APIError
+	def_ldap_exception :AuthUnknown, LDAP_AUTH_UNKNOWN, OpenLDAP::APIError
+	def_ldap_exception :FilterError, LDAP_FILTER_ERROR, OpenLDAP::APIError
+	def_ldap_exception :UserCancelled, LDAP_USER_CANCELLED, OpenLDAP::APIError
+	def_ldap_exception :ParamError, LDAP_PARAM_ERROR, OpenLDAP::APIError
+	def_ldap_exception :NoMemory, LDAP_NO_MEMORY, OpenLDAP::APIError
+	def_ldap_exception :ConnectError, LDAP_CONNECT_ERROR, OpenLDAP::APIError
+	def_ldap_exception :NotSupported, LDAP_NOT_SUPPORTED, OpenLDAP::APIError
+	def_ldap_exception :ControlNotFound, LDAP_CONTROL_NOT_FOUND, OpenLDAP::APIError
+	def_ldap_exception :NoResultsReturned, LDAP_NO_RESULTS_RETURNED, OpenLDAP::APIError
+	def_ldap_exception :MoreResultsToReturn, LDAP_MORE_RESULTS_TO_RETURN, OpenLDAP::APIError
+	def_ldap_exception :ClientLoop, LDAP_CLIENT_LOOP, OpenLDAP::APIError
+	def_ldap_exception :ReferralLimitExceeded, LDAP_REFERRAL_LIMIT_EXCEEDED, OpenLDAP::APIError
+	def_ldap_exception :XConnecting, LDAP_X_CONNECTING, OpenLDAP::APIError
+
+
+end # module OpenLDAP
+
+