Novell Cool Solutions

Setting Up Scope/Role Relationships in IDM


August 1, 2007 11:01 am






A Forum reader recently asked:

“Isn’t it possible to define our structured attribute syntax definitions in the eDirectory schema? I can’t find any existing attribute definitions that matches my needs.

On a User or Person (Employment) object I need a relation between a O/OU (Scope) and a Person (Role). The attribute should be multi-value with the following structure definition:”

API Data Structure
typedef struct
     pnstr8       objectNameScope;
     pnstr8       objectNameRole;
  } Typed_RoleAsso_T;

And here’s the response from Ofer Gigi …


You can only add attributes bases on existing schema syntaxes. Of them, one that might do the job is the Path syntax, depending on the actual values you want to store.

The Path syntax is basically this:

typedef struct
nuint32 nameSpaceType;
pnstr8 volumeName;
pnstr8 path;
} Path_T

Note that “volumeName” is of type DN, which means you can store a pointer to either your Scope or Person objects. Although it was originally meant to store the path to user’s home directory, many other attributes use this syntax today (among them DirXML-Association and DirXML-EntitlementRef).

One other option (which I often tend to use) is the Case Ignore List syntax, in which you can basically build as many “components” as you want. It is relatively easy to parse through the components in IDM policies or XPATH, in a way simillar to a Path-syntax-based attribute. The Case Ignore List syntax is also relatively straightforward to parse by LDAP-based applications (where the components are delimited by the dollar sign).

The structure for Case Ignore List is:

typedef struct _ci_list
struct _ci_list N_FAR *next;
pnstr8 s;
} CI_List_T;

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.