Exported Enumerations

Programming Guides › Programming Guide for C › Directory API › How to Use the Directory API › Exported Enumerations

Exported Enumerations

SmApi.h includes the following enumerations used by the Directory API:

Sm_DirApi_Capability_t (directory capabilities)
Sm_PolicyResolution_t (policy resolutions)

Directory Capabilities

Sm_DirApi_Capability_t enumerates the capabilities that can be configured for a custom directory.

The following table lists the directory capabilities enumerated in Sm_DirApi_Capability_t. Descriptions of each capability follow the table.

Name	Value
Sm_DirApi_Capability_ForceResetUserPassword	0x00000001
Sm_DirApi_Capability_ChangeUserPassword	0x00000002
Sm_DirApi_Capability_DisableUser	0x00000004
Sm_DirApi_Capability_SetUserAttributes	0x00000008
Sm_DirApi_Capability_Recursive	0x00000010

For a custom directory to have a specific capability, you must define the required user attributes for that capability. For example, to enable SiteMinder to change a user's password, you need to identify a Password Attribute. SiteMinder then uses that attribute to get and set the user password.

Sm_DirApi_Capability_ForceResetUserPassword. The custom directory is capable of forcing user password reset.
To enable SiteMinder to force a reset of the password, define the following user attributes:
- Password attribute. An attribute that SiteMinder can use to get and set the user password. In the SiteMinder Administrative UI, enter that attribute name in the Password Attribute field on the User Attributes tab on the User Directory Dialog box. In the sample, the attribute name is password.
- Disabled Flag. An attribute that SiteMinder can use to get and set the disabled state of a user. In the SiteMinder Administrative UI, enter that attribute name in the Disabled Flag field on the User Attributes tab on the User Directory Dialog box. In the sample, the attribute name is Disabled.
When users are forced to change their passwords, the Policy Server calls SmDirSetUserDisabledState(). In the sample code, the user's Disabled Flag is set to Sm_Api_Disabled_PWMustChange (the disabled reason).
Sm_DirApi_Capability_ChangeUserPassword. The custom directory is capable of changing the user password. To change the password, you need to identify a Password Attribute, which is an attribute that SiteMinder can use to get and set the user password. In the SiteMinder Administrative UI, enter that attribute name in the Password Attribute field on the User Attributes tab on the User Directory Dialog box.
The SiteMinder Policy Server calls SmDirChangeUserPassword() so that you can change the value in the password field for an entry in your custom directory.
Sm_DirApi_Capability_DisableUser. The custom directory is capable of disabling a user account. To disable a user, you need to identify a Disabled Flag, which is an attribute that SiteMinder can use to get and set the disabled state of a user. In the SiteMinder Administrative UI, enter that attribute name in the Disabled Flag field on the User Attributes tab on the User Directory Dialog box.
When an administrator uses the SiteMinder Administrative UI to disable or enable a user account, or when Password Services disables a user account, the SiteMinder Policy Server calls SmDirSetUserDisabledState().

In SiteMinder, user accounts can be disabled for a number of reasons, and these reasons are represented by the members of the data structure Sm_Api_DisabledReason_t.
Sm_DirApi_Capability_SetUserAttributes. SiteMinder can set user attributes in the custom directory.
The SiteMinder Policy Server calls SmDirSetUserAttr() so that you can use SiteMinder to set a user attribute in your custom directory.
Sm_DirApi_Capability_Recursive. The custom directory is capable of supporting recursion. For example, the custom directory may support nested groups.
The following functions in the Directory API have a parameter to hold a recursive flag:
- SmDirGetUserGroups()
- SmDirValidateUserPolicyRelationship()

To send information about the directory capabilities to the SiteMinder Policy Server, implement the function SmDirQueryVersion(). Use the capabilities parameter (pnCapabilites) to pass one or more values enumerated in Sm_DirApi_Capability_t. SiteMinder then checks for those capabilities.

For example, if a user attempts to change a password, the SiteMinder Policy Server calls SmDirQueryVersion() to check for the capability Sm_DirApi_Capability_ChangeUserPassword. If the custom directory does not have that capability, the user receives an error message.

An example of setting the directory capabilities is shown in the sample code. First, initialize *pnCapabilities to zero, then set *pnCapabilities as follows:

*pnCapabilities = 
   *pnCapabilities | Sm_DirApi_Capability_<supported_capability>;

For example:

*pnCapabilities =
   *pnCapabilities | Sm_DirApi_Capability_ChangeUserPassword;
*pnCapabilities =
   *pnCapabilities | Sm_DirApi_Capability_DisableUser;

Ensure that no other application changes data in fields intended for use by SiteMinder. For example, no other application should change data in the field that holds the disabled state of a SiteMinder user.

Policy Resolutions

Sm_PolicyResolution_t, defined in SmApi.h, enumerates the values that describe the relationship between two policy objects. The following Directory API functions use Sm_PolicyResolution_t:

SmDirAddEntry()
SmDirGetDirObjInfo()
SmDirRemoveEntry()
SmDirValidateUserPolicyRelationship()

Email CA about this topic