Sm_PolicyApi_UserDir_t

Defines a stmndr user directory object.
casso126
Defines a
CA Single Sign-On
user directory object.
Syntax
typedef struct Sm_PolicyApi_UserDir_s
{
int iStructId;
char pszOid[BFSIZE];
char pszName[BFSIZE];/* Required */
char pszDesc[BFSIZE];
char pszNamespace[BFSIZE];/* Required */
char pszServer[BFSIZE];/* Required */
char pszSearchRoot[BFSIZE];
char pszUserLookupStart[BFSIZE];
char pszUserLookupEnd[BFSIZE];
char pszUsername[BFSIZE];
char pszPassword[BFSIZE];
int nSearchResults;/* Required */
int nSearchScope;/* Required */
int nSearchTimeout;/* Required */
bool bSecureConnection;/* Required */
bool bRequireCredentials;/* Required */
char pszDisabledAttr[BFSIZE];
char pszUniversalIDAttr[BFSIZE];
char pszODBCQuerySchemeOid[BFSIZE];
char pszAnonymousId[BFSIZE];
char pszPasswordData[BFSIZE];
char pszPasswordAttribute[BFSIZE];
char pszEmailAddressAttr[BFSIZE];
char pszChallengeRespAttr[BFSIZE];
struct Sm_PolicyApi_UserDir_s* next;
} Sm_PolicyApi_UserDir_t;
Field
Description
iStructId
User directory data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid
The object identifier of the user directory object.
pszName
Name of the user directory.
pszDesc
Brief description of the user directory.
pszNamespace
Mandatory field that designates the specific directory service being connected to (for example, LDAP:, ODBC:, WinNT:, AD:, or Custom:).
pszServer
Mandatory field. This is an overloaded field whose contents depend upon the namespace:
ODBC - Data source name.
NT - Domain name.
LDAP or AD - An IP address or an IP address and port number in the format
IP_address:port_number
. The port number 389 is assumed if no port number is specified.
Custom - Library name.
pszSearchRoot
One of the following values:
With LDAP directories, the location in the LDAP tree that serves as the starting point for the directory connection-typically, an organization (o) or organizational unit (ou). The Policy Server begins searching at the root when locating a user.
With custom directories, any parameters to pass to the custom library.
pszUserLookupStart
The User DN Lookup Start allows users to authenticate by entering only a part of the user name, without having to enter an entire DN string. Identifying unique and non-unique segments of the user DN string does this.
Use this field with LDAP directories only.
pszUserLookupEnd
The User DN Lookup End allows users to authenticate by entering only a part of the user name, without having to enter an entire whole DN string.
Use this field with LDAP directories only.
pszUsername
The user name needed to access a user directory.
pszPassword
The password needed to access a user directory.
nSearchResults
The maximum number of records that can be returned from a search of an LDAP or custom directory.
nSearchScope
The extent to which
CA Single Sign-On
looks forusers and user groups below
pszSearchRoot
in an LDAP directory - all levels below the root (subtree) or just one level below the root.
Specify 1 for one level down or 2 for subtree.
nSearchTimeout
The maximum amount of time, in seconds, that
CA Single Sign-On
will query an LDAP or custom directory.
bSecureConnection
This flag must be enabled when accessing an LDAP or custom directory over SSL. Enabling Secure Connect means that
CA Single Sign-On
performs secure authentication and encrypted transmissions.
bRequireCredentials
Flag to specify credentials necessary to authenticate against a user directory
pszDisabledAttr
Name of the user directory attribute that
CA Single Sign-On
uses to keep track of a user's enabled or disabled state.
Applies to LDAP and ODBC directories, and possibly to custom directories.
pszUniversalIDAttr
Name of the user directory attribute that has been designated as the Universal ID. Typically, the Universal ID differs from the user's login ID, and the Universal ID is used to look up user information.
Applies to LDAP, ODBC, and WinNT directories, and possibly to custom directories.
pszODBCQuerySchemeOid
The object identifier for a set of ODBC queries that
CA Single Sign-On
uses to query the ODBC directory.
pszAnonymousId
Name of the user directory attribute that is designated as the anonymous user DN. This DN is defined in the anonymous authentication scheme. Anonymous users impersonate this DN to gain access to the resources associated with the anonymous authentication scheme.
Applies to LDAP directories, and possibly to custom directories.
pszPasswordData
Name of the user directory attribute that
CA Single Sign-On
uses to store password policy information.
Applies to LDAP and ODBC directories, and possibly to custom directories.
pszPasswordAttribute
Name of the user directory attribute that contains the user's password, as defined using Password Services.
Applies to LDAP and ODBC directories, and possibly to custom directories.
pszEmailAddressAttr
Reserved for future use.
pszChallengeRespAttr
Name of the user directory attribute that contains a response to return to the user, such as a hint for a forgotten password.
Applies to LDAP directories, and possibly to custom directories.
next
Pointer to the next directory structure.
Remarks
Fields apply to all types of directories (LDAP, ODBC, WinNT, and custom) unless individual directory types are specified.
Fields that apply to LDAP directories also apply to Active Directories.