SmApi.h includes the following enumerations used by the Directory API:
Directory Capabilities
Sm_DirApi_Capability_t enumerates the capabilities that can be configured for a custom directory.
The following table lists the directory capabilities enumerated in Sm_DirApi_Capability_t. Descriptions of each capability follow the table.
Name |
Value |
---|---|
Sm_DirApi_Capability_ForceResetUserPassword |
0x00000001 |
Sm_DirApi_Capability_ChangeUserPassword |
0x00000002 |
Sm_DirApi_Capability_DisableUser |
0x00000004 |
Sm_DirApi_Capability_SetUserAttributes |
0x00000008 |
Sm_DirApi_Capability_Recursive |
0x00000010 |
For a custom directory to have a specific capability, you must define the required user attributes for that capability. For example, to enable SiteMinder to change a user’s password, you need to identify a Password Attribute. SiteMinder then uses that attribute to get and set the user password.
To enable SiteMinder to force a reset of the password, define the following user attributes:
When users are forced to change their passwords, the Policy Server calls SmDirSetUserDisabledState(). In the sample code, the user’s Disabled Flag is set to Sm_Api_Disabled_PWMustChange (the disabled reason).
The SiteMinder Policy Server calls SmDirChangeUserPassword() so that you can change the value in the password field for an entry in your custom directory.
When an administrator uses the SiteMinder Administrative UI to disable or enable a user account, or when Password Services disables a user account, the SiteMinder Policy Server calls SmDirSetUserDisabledState().
In SiteMinder, user accounts can be disabled for a number of reasons, and these reasons are represented by the members of the data structure Sm_Api_DisabledReason_t.
The SiteMinder Policy Server calls SmDirSetUserAttr() so that you can use SiteMinder to set a user attribute in your custom directory.
The following functions in the Directory API have a parameter to hold a recursive flag:
To send information about the directory capabilities to the SiteMinder Policy Server, implement the function SmDirQueryVersion(). Use the capabilities parameter (pnCapabilites) to pass one or more values enumerated in Sm_DirApi_Capability_t. SiteMinder then checks for those capabilities.
For example, if a user attempts to change a password, the SiteMinder Policy Server calls SmDirQueryVersion() to check for the capability Sm_DirApi_Capability_ChangeUserPassword. If the custom directory does not have that capability, the user receives an error message.
An example of setting the directory capabilities is shown in the sample code. First, initialize *pnCapabilities to zero, then set *pnCapabilities as follows:
*pnCapabilities = *pnCapabilities | Sm_DirApi_Capability_<supported_capability>;
For example:
*pnCapabilities = *pnCapabilities | Sm_DirApi_Capability_ChangeUserPassword; *pnCapabilities = *pnCapabilities | Sm_DirApi_Capability_DisableUser;
Ensure that no other application changes data in fields intended for use by SiteMinder. For example, no other application should change data in the field that holds the disabled state of a SiteMinder user.
Policy Resolutions
Sm_PolicyResolution_t, defined in SmApi.h, enumerates the values that describe the relationship between two policy objects. The following Directory API functions use Sm_PolicyResolution_t:
Copyright © 2014 CA.
All rights reserved.
|
|