Article

ofg's picture
article
Reads:

3723

Score:
0
0
 
Comments:

0

Setting Up Scope/Role Relationships in IDM

Author Info

1 August 2007 - 10:01am
Submitted by: ofg

Author Blog
Author Profile

Tags

Tags Map

Problem

A Forum reader recently asked:

"Isn't it possible to define our structured attribute syntax definitions in the eDirectory schema? I can't find any existing attribute definitions that matches my needs.

On a User or Person (Employment) object I need a relation between a O/OU (Scope) and a Person (Role). The attribute should be multi-value with the following structure definition:"

API Data Structure
typedef struct
  {
     pnstr8       objectNameScope;
     pnstr8       objectNameRole;
  } Typed_RoleAsso_T;

And here's the response from Ofer Gigi ...

Solution

You can only add attributes bases on existing schema syntaxes. Of them, one that might do the job is the Path syntax, depending on the actual values you want to store.

The Path syntax is basically this:

typedef struct
{
nuint32 nameSpaceType;
pnstr8 volumeName;
pnstr8 path;
} Path_T

Note that "volumeName" is of type DN, which means you can store a pointer to either your Scope or Person objects. Although it was originally meant to store the path to user's home directory, many other attributes use this syntax today (among them DirXML-Association and DirXML-EntitlementRef).

One other option (which I often tend to use) is the Case Ignore List syntax, in which you can basically build as many "components" as you want. It is relatively easy to parse through the components in IDM policies or XPATH, in a way simillar to a Path-syntax-based attribute. The Case Ignore List syntax is also relatively straightforward to parse by LDAP-based applications (where the components are delimited by the dollar sign).

The structure for Case Ignore List is:

typedef struct _ci_list
{
struct _ci_list N_FAR *next;
pnstr8 s;
} CI_List_T;



Related Articles


User Comments

© 2013 Novell