changeLogAddEntry
- Name: changeLogAddEntry
- Description: Causes the LDAP server to create a change log entry in the change log by using information passed to the extended operation. All input values must be in UTF8.
- Assigned object identifier: 1.3.18.0.2.12.48
- Values: The following ASN.1 syntax describes the BER encoding of the request value.
RequestValue ::= SEQUENCE { version INTEGER, applicationID INTEGER, userid OCTET STRING, group OCTET STRING, class OCTET STRING, resource OCTET STRING, changeType INTEGER { add (0), delete (1), modify (2), rename (3) }, changeTime OCTET STRING, initiator OCTET STRING, changes SEQUENCE OF changeAttributeList OPTIONAL}
Where,
version
- Identifies which version of the interface is being used. Currently the only value supported is 2. If the interface is extended in the future then other values are supported.applicationID
- 1 for RACF®. Other applications have different identifiers. The identifier informs the LDAP server which (if any) translations of the data should be done.userid
- A string containing the user ID that is created, modified, deleted, or renamed. This string is used to form the value of the targetDN attribute in the change log entry.group
- For the RACF application, a string containing the group that is created, modified, deleted, or renamed. The RACF application can specify a value for both user ID and group to indicate that the change is to the connection of that user to that group. This string is used to form the value of the targetDN attribute in the change log entry.class
- A string containing the class of the resource profile that is created, modified, deleted, or renamed. This string is used along with the resource string to form a resource profile DN as the value of the targetDN attribute in the change log entry.resource
- A string containing the resource profile that is created, modified, deleted, or renamed. This string is used along with the class string to form a resource profile DN as the value of the targetDN attribute in the change log entry.changeType
- An integer value indicating the type of change. This is used to form the value of the changeType attribute in the change log entry.changeTime
- A string of decimal numbers, used to form the changeTime attribute in the change log entry. The format of the string is: yyyymmddhhiiss.
uuuuuuZ
Where,
yyyy is year, mm is month, dd is day, hh is hour, ii is minutes, ss is seconds, uuuuuu is micro seconds,
Z
is a character constant meaning that this time is based on Coordinated Universal Time.initiator
- A string containing the user ID that made the change. This string is used to form the value of the ibm-changeInitiatorsName attribute in the change log entry.changeAttributeList ::= SEQUENCE { field attributeDescription, vals SEQUENCE OF AttributeValue, action ENUMERATED { add (0), replace (1), delete (2) }, requestValue Boolean }
Where,
field
- The name of the attribute that has been changed. For RACF, this consists of the segment name followed by a period followed by the field name. LDAP maps the RACF segment and field name to an LDAP attribute name.vals
- A ber representation (length and data) of the new attribute value.action
- Describes what has happened to the attribute (value add, replace, or delete). To indicate that an entire attribute is deleted, specify an action ofdelete
with no value in thevals
field.requestValue
- A flag that, if TRUE, indicates that the attribute value in thevals
field is not present and should be requested from the application.The
changeAttributeList
values are used to form the changes attribute in the change log entry. IfchangeAttributeList
is not specified, a change log entry is created without a changes attribute. This acts as a notification to the user of the change log that it should read the entire entry out of the directory tree. - Detailed description: Class and resource cannot be specified with user ID or group. Both class and resource must be specified if either one is specified. In this case, SDBM must be configured to support RACF resources, by specifying enableResources on in the SDBM section of the LDAP server configuration file.
- Response object identifier: 1.3.18.0.2.12.49
- Response description: This response is used to return error information if an incorrect changeLogAddEntryRequest is passed to the LDAP server. If no errors are encountered, then an indication of success is returned to the caller. All output is in UTF8.
- Response values: The following describes the response
value.
ResponseValue ::= SEQUENCE { changeLogresultCode ENUMERATED { success (0), loggingFailed (1), invalidCredentials (2), remoteNotSupported (3), notConfigured (4), notActive (5), decodeFailed (6), valueOutOfRange (7), dnConvertFailed (8) } msg OCTET STRING }
- Response detailed description:
The following table summarizes some different error scenarios and the changeLogAddEntryRequest response returned for such scenarios.
Error scenario changeLogAddEntryRequests response An internal error prevents the logging operation from completing Returns a loggingFailed return code The caller is not in supervisor state Returns an invalidCredentials return code Change log is not configured Returns a notConfigured return code Change log is not active Returns a notActive return code LDAP server is unable to parse the request Returns a decodeFailed return code Value is outside the range of allowable values Returns a valueOutOfRange return code LDAP server is unable to convert a RACF user ID to an LDAP DN Returns a dnConvertFailed return code