Novell is now a part of Micro Focus

Setting Up Scope/Role Relationships in IDM

Novell Cool Solutions: Tip
By Ofer Gigi

Digg This - Slashdot This

Posted: 1 Aug 2007


A Forum reader recently asked:

"Isn't it possible to define our structured attribute syntax definitions in the eDirectory schema? I can't find any existing attribute definitions that matches my needs.

On a User or Person (Employment) object I need a relation between a O/OU (Scope) and a Person (Role). The attribute should be multi-value with the following structure definition:"

API Data Structure
typedef struct
     pnstr8       objectNameScope;
     pnstr8       objectNameRole;
  } Typed_RoleAsso_T;

And here's the response from Ofer Gigi ...


You can only add attributes bases on existing schema syntaxes. Of them, one that might do the job is the Path syntax, depending on the actual values you want to store.

The Path syntax is basically this:

typedef struct
nuint32 nameSpaceType;
pnstr8 volumeName;
pnstr8 path;
} Path_T

Note that "volumeName" is of type DN, which means you can store a pointer to either your Scope or Person objects. Although it was originally meant to store the path to user's home directory, many other attributes use this syntax today (among them DirXML-Association and DirXML-EntitlementRef).

One other option (which I often tend to use) is the Case Ignore List syntax, in which you can basically build as many "components" as you want. It is relatively easy to parse through the components in IDM policies or XPATH, in a way simillar to a Path-syntax-based attribute. The Case Ignore List syntax is also relatively straightforward to parse by LDAP-based applications (where the components are delimited by the dollar sign).

The structure for Case Ignore List is:

typedef struct _ci_list
struct _ci_list N_FAR *next;
pnstr8 s;
} CI_List_T;

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates