Programming GuidesProgramming Guide for CPolicy Management APIPolicy Management API Data Structures › Sm_PolicyApi_UserDir_t

Previous Topic: Sm_PolicyApi_UserContext_t

Next Topic: Sm_PolicyApi_UserPasswordState_t
Sm_PolicyApi_UserDir_t

Defines a SiteMinder user directory object.

Syntax

typedef struct Sm_PolicyApi_UserDir_s
{
   int iStructId;
   char pszOid[BFSIZE];
   char pszName[BFSIZE];                     /* Required */
   char pszDesc[BFSIZE];
   char pszNamespace[BFSIZE];                /* Required */
   char pszServer[BFSIZE];                   /* Required */
   char pszSearchRoot[BFSIZE];
   char pszUserLookupStart[BFSIZE];
   char pszUserLookupEnd[BFSIZE];
   char pszUsername[BFSIZE];
   char pszPassword[BFSIZE];
   int nSearchResults;                       /* Required */
   int nSearchScope;                         /* Required */
   int nSearchTimeout;                       /* Required */
   bool bSecureConnection;                   /* Required */
   bool bRequireCredentials;                 /* Required */
   char pszDisabledAttr[BFSIZE];
   char pszUniversalIDAttr[BFSIZE];
   char pszODBCQuerySchemeOid[BFSIZE];
   char pszAnonymousId[BFSIZE];
   char pszPasswordData[BFSIZE];
   char pszPasswordAttribute[BFSIZE];
   char pszEmailAddressAttr[BFSIZE];
   char pszChallengeRespAttr[BFSIZE];
   struct Sm_PolicyApi_UserDir_s* next;
} Sm_PolicyApi_UserDir_t;

Field

Description

iStructId

User directory data structure ID, defined in Sm_PolicyApi_Structs_t.

pszOid

The object identifier of the user directory object.

pszName

Name of the user directory.

pszDesc

Brief description of the user directory.

pszNamespace

Mandatory field that designates the specific directory service being connected to (for example, LDAP:, ODBC:, WinNT:, AD:, or Custom:).

pszServer

Mandatory field. This is an overloaded field whose contents depend upon the namespace:

  • ODBC - Data source name.
  • NT - Domain name.
  • LDAP or AD - An IP address or an IP address and port number in the format IP_address:port_number. The port number 389 is assumed if no port number is specified.
  • Custom - Library name.

pszSearchRoot

One of the following values:

  • With LDAP directories, the location in the LDAP tree that serves as the starting point for the directory connection-typically, an organization (o) or organizational unit (ou). The Policy Server begins searching at the root when locating a user.
  • With custom directories, any parameters to pass to the custom library.

pszUserLookupStart

The User DN Lookup Start allows users to authenticate by entering only a part of the user name, without having to enter an entire DN string. Identifying unique and non-unique segments of the user DN string does this.

Use this field with LDAP directories only.

pszUserLookupEnd

The User DN Lookup End allows users to authenticate by entering only a part of the user name, without having to enter an entire whole DN string.

Use this field with LDAP directories only.

pszUsername

The user name needed to access a user directory.

pszPassword

The password needed to access a user directory.

nSearchResults

The maximum number of records that can be returned from a search of an LDAP or custom directory.

nSearchScope

The extent to which SiteMinder looks for users and user groups below pszSearchRoot in an LDAP directory - all levels below the root (subtree) or just one level below the root.

Specify 1 for one level down or 2 for subtree.

nSearchTimeout

The maximum amount of time, in seconds, that SiteMinder will query an LDAP or custom directory.

bSecureConnection

This flag must be enabled when accessing an LDAP or custom directory over SSL. Enabling Secure Connect means that SiteMinder performs secure authentication and encrypted transmissions.

bRequireCredentials

Flag to specify credentials necessary to authenticate against a user directory

pszDisabledAttr

Name of the user directory attribute that SiteMinder uses to keep track of a user's enabled or disabled state.

Applies to LDAP and ODBC directories, and possibly to custom directories.

pszUniversalIDAttr

Name of the user directory attribute that has been designated as the Universal ID. Typically, the Universal ID differs from the user's login ID, and the Universal ID is used to look up user information.

Applies to LDAP, ODBC, and WinNT directories, and possibly to custom directories.

pszODBCQuerySchemeOid

The object identifier for a set of ODBC queries that SiteMinder uses to query the ODBC directory.

pszAnonymousId

Name of the user directory attribute that is designated as the anonymous user DN. This DN is defined in the anonymous authentication scheme. Anonymous users impersonate this DN to gain access to the resources associated with the anonymous authentication scheme.

Applies to LDAP directories, and possibly to custom directories.

pszPasswordData

Name of the user directory attribute that SiteMinder uses to store password policy information.

Applies to LDAP and ODBC directories, and possibly to custom directories.

pszPasswordAttribute

Name of the user directory attribute that contains the user's password, as defined using Password Services.

Applies to LDAP and ODBC directories, and possibly to custom directories.

pszEmailAddressAttr

Reserved for future use.

pszChallengeRespAttr

Name of the user directory attribute that contains a response to return to the user, such as a hint for a forgotten password.

Applies to LDAP directories, and possibly to custom directories.

next

Pointer to the next directory structure.

Remarks

Fields apply to all types of directories (LDAP, ODBC, WinNT, and custom) unless individual directory types are specified.

Fields that apply to LDAP directories also apply to Active Directories.

Copyright © 2010 CA. All rights reserved. Email CA about this topic