The following flags are defined for the Single Sign-on API
functions:
5.4.1 Input Only Flags for Write API
Value
Flag
Description
0x00000001L
NSSS_ENHANCED_PROTECTION_F
Enhanced Protection indicator flag for Read
and Write.
0x00000040L
NSSS_EP_PASSWORD_USED_F
(Optional) Enhanced Protection optional password
indicator flag for Read and Write.
0x00004000L
NSSS_CHK_SID_FOR_COLLISION_F
Check for existing SID to prevent collision
and overwrite.
5.4.2 Input Only Flags for Unlock API
Value
Flag
Description
0x00000020L
NSSS_EP_MASTER_PWORD_USED_ F
The master password used to read a secret
in place of the Enhanced Protection password or to unlock in place of
the old eDirectory password.
0x00000004L
NSSS_REMOVE_LOCK_FROM_ STORE_F
Can delete locked secrets from store
to remove lock.
5.4.3 Input Only Flags for Read API
Value
Flag
Description
0x00000020L
NSSS_EP_MASTER_PWORD_USED_ F
The master password used to read a secret
in place of the Enhanced Protection password or to unlock in place of
the old eDirectory password.
0x00000008L
NSSS_REPAIR_THE_ STORE_F
Request all possible repairs on damaged store.
5.4.4 Input Only Flags for All APIs
Value
Flag
Description
0x00000010L
NSSS_ALL_STRINGS_UNICODE_F
Informs the service that the strings,
such as secretID, DN, searchString, etc., are already converted
to unicode and no conversion is necessary. (Results returned in
unicode.)
0x00000200L
NSSS_DESTROY_CONTEXT_F
Internally destroys the DS context passed
in. This flag can be used on the last call to SecretStore to destroy
the context that was used.
0x00000800L
NSSS_UNBINDLDAP_F
Indicates LDAP-based access to directory
should be terminated.
0x00000080L
NSSS_SET_TREE_NAME_F
Use the tree name in the context to set the
tree.
5.4.5 Input Only Flag for GetServiceInfo
API
Value
Flag
Description
0x00000080L
NSSS_SET_TREE_NAME_F
Sets the tree name.
0x00000100L
NSSS_GET_ CONTEXT_F
Returns a DS context for reuse in the subsequent
calls.
0x00000800L
NSSS_BINDLDAP_F
Bind over LDAP to eDirectory hosting
the SecretStore is requested.
5.4.6 Output Only Flags from Read API
These flags come back on the returned optional extension structures, NSSSGetServiceInformation and NSSSReadSecret (statFlags on reading
a secret and statFlags on the store):
Value
Flag
Description
0x0001000L
NSSS_SECRET_LOCKED_F
Enhanced protection lock on a secret.
0x0002000L
NSSS_SECRET_NOT_INITIALIZED_F
Secret not yet initialized with a Write.
0x0004000L
NSSS_ENHANCED_PROTECT_INFO_ F
Secret is marked for enhanced protection.
0x0008000L
NSSS_STORE_NOT_SYNCED_F
Store is not yet synchronized across replicas.
0x0020000L
NSSS_EP_PWORD_PRESENT_F
There is an Enhanced Protection application
password on the secret.
5.4.7 Output Only Flag from GetServiceInformation
API statFlags
Value
Flag
Description
0x0080000L
NSSS_MP_NOT_ ALLOWED_F
The use of master password has been disabled
by the service.
0x0040000L
NSSS_EP_MASTER_PWORD_ PRESENT_F
There is a master password on the SecretStore
(Admin configurable option on the server).
5.4.8 Context Flags for The Type of Context
Passed in to Initialize Context Structure
Value
Flag
Description
0x00000001L
NSSS_NCP_CTX_F
NCP context.
0x00000002L
NSSS_LDAP_CTX_F
LDAP context. (Reserved for the future.)
0x00000008L
NSSS_INIT_LDAP_SS_HANDLE_F
Initialize the client supplied context
for SS use.
0x00000010L
NSSS_DEINIT_LDAP_SS_HANDLE_F
Deinitialize the client context for application
unbind
0x00000020L
NSSS_REINIT_TARGET_DN_F
Reinitialize the target DN for admin
in the context when admin is switching target.
0x00000040L
NSSS_LDAP_CONTEXT_LESS_DN_F
Resolving the context less DN for the bind
is requested because the DN that is passed in is contextless.
0x00000080L
NSSS_ADV_BIND_INFO_F
Use the advanced bind structure and preform
service location.
5.4.9 Context Flags for Input and Returned
from the Context Structure
Value
Flag
Description
0x00000004L
NSSS_CONTEXT_INITIALIZED_F
Connection to server is established and context
structure is initialized (returned from SS when context is initialized
or can be supplied when the context is preinitialized outside SS
and is passed in for SS use).