eimAddAssociation()--Add EIM Association
Syntax
#include <eim.h>
int eimAddAssociation(EimHandle * eim,
enum EimAssociationType associationType,
EimIdentifierInfo * idName,
char * registryName,
char * registryUserName,
EimRC * eimrc)
Service Program Name: QSYS/QSYEIMDefault Public Authority: *USE
Threadsafe: Yes
The eimAddAssociation() function associates a local identity in a specified user registry with an EIM identifier. EIM supports three kinds of associations: source, target, and administrative. All EIM associations are between an EIM identifier and a local user identity -- never directly between local user identities.
Associated source identities are user identities that are primarily for authentication purposes. They can be used as the source identity of a mapping lookup operation (that is, eimGetTargetFromSource()), but will not be found as the target of a mapping lookup operation.
Associated target identities are user identities that are primarily used to secure existing data. They will be found as the result of a mapping lookup operation, but cannot be used as the source identity for a mapping lookup operation.
Administrative associations are used to show that an identity is associated with an EIM identifier, but cannot be used as the source for, and will not be found as the target of, a mapping lookup operation.
A single user identity may be used as both a target and a source. This is done by creating both a source and a target association for the local user identity with the appropriate EIM identifier. While this API supports an association type of EIM_SOURCE_AND_TARGET, two associations are actually created.
For an EIM identifier to be useful in mapping lookup operations, it must have at least one "source" and at least one "target" association.
See EIM Mapping Lookup Algorithm for the affect that associations have on the mapping lookup operation.
Authorities and Locks
- EIM Data
- Access to EIM data is controlled by EIM access groups. LDAP administrators
also have access to EIM data. The authority that the access group has to the
EIM data depends on the type of association being added:
For administrative and source associations, the access groups whose members have authority to the EIM data for this API follow:
- EIM Administrator
- EIM Identifiers Administrator
For target associations, the access groups whose members have authority to the EIM data for this API follow:
- EIM Administrator
- EIM Registries Administrator
- EIM authority to an individual registry
Parameters
- eim (Input)
- The EIM handle returned by a previous call to eimCreateHandle(). A valid
connection is required for this function.
- associationType (Input)
- The type of association to be added. This parameter is passed by value. Valid values are:
EIM_TARGET (1) Add a target association. EIM_SOURCE (2) Add a source association. EIM_SOURCE_AND_TARGET (3) Add both a source association and a target association. EIM_ADMIN (4) Add an administrative association.
- idName (Input)
- A structure that contains the identifier name for this association. The
layout of the EimIdentifierInfo structure follows:
enum EimIdType { EIM_UNIQUE_NAME, EIM_ENTRY_UUID, EIM_NAME }; typedef struct EimIdentifierInfo { union { char * uniqueName; char * entryUUID; char * name; } id; enum EimIdType idtype; } EimIdentifierInfo;idtype indicates which identifier name is provided. Use of the uniqueName provides the best performance. Specifying an idtype of EIM_NAME does not guarantee that a unique EIM identifier will be found. Therefore, use of EIM_NAME may result in an error.
- registryName (Input)
- The registry name for the association.
- registryUserName (Input)
- The registry user name for the association. The registry user name may be
normalized according to the normalization method for defined registry.
- eimrc (Input/Output)
- The structure in which to return error code information. If the return
value is not 0, eimrc is set with additional information. This parameter may be
NULL. For the format of the structure, see EimRC--EIM
Return Code Parameter.
Return Value
The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.
- 0
- Request was successful.
- EACCES
- Access denied. Not enough permissions to access data.
EIMERR_ACCESS (1) Insufficient access to EIM data.
- EBADDATA
- eimrc is not valid.
- EBADNAME
- Registry or identifier name is not valid or insufficient access to EIM
data.
EIMERR_IDNAME_AMBIGUOUS (20) More than 1 EIM Identifier was found that matches the requested Identifier name. EIMERR_NOIDENTIFIER (25) EIM Identifier not found or insufficient access to EIM data. EIMERR_NOREG (28) EIM Registry not found or insufficient access to EIM data.
- EBUSY
- Unable to allocate internal system object.
EIMERR_NOLOCK (26) Unable to allocate internal system object.
- ECONVERT
- Data conversion error.
EIMERR_DATA_CONVERSION (13) Error occurred when converting data between code pages.
- EINVAL
- Input parameter was not valid.
EIMERR_ASSOC_TYPE_INVAL (4) Association type is not valid. EIMERR_HANDLE_INVAL (17) EimHandle is not valid. EIMERR_IDNAME_TYPE_INVAL (52) The EimIdType value is not valid. EIMERR_PARM_REQ (34) Missing required parameter. Please check API documentation. EIMERR_PTR_INVAL (35) Pointer parameter is not valid.
- ENOMEM
- Unable to allocate required space.
EIMERR_NOMEM (27) No memory available. Unable to allocate required space.
- ENOTCONN
- LDAP connection has not been made.
EIMERR_NOT_CONN (31) Not connected to LDAP. Use eimConnect() API and try the request again.
- EROFS
- LDAP connection is for read only. Need to connect to master.
EIMERR_READ_ONLY (36) LDAP connection is for read only. Use eimConnectToMaster() to get a write connection.
- EUNKNOWN
- Unexpected exception.
EIMERR_LDAP_ERR (23) Unexpected LDAP error. %s EIMERR_UNEXP_OBJ_VIOLATION (56) Unexpected object violation. EIMERR_UNKNOWN (44) Unknown error or unknown system state.
Related Information
- eimGetAssociatedIdentifiers()
--Get Associated EIM Identifiers
- eimRemoveAssociation()--Remove an
EIM Association
- eimListAssociations()--List EIM
Associations
Example
The following example creates 3 associations for the same identifier: administrative, source and target.
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
#include <eim.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
int rc;
char eimerr[100];
EimRC * err;
EimHandle * handle;
EimIdentifierInfo x;
/* Get eim handle from input arg. */
/* This handle is already connected to EIM. */
handle = (EimHandle *)argv[1];
/* Set up error structure. */
memset(eimerr,0x00,100);
err = (EimRC *)eimerr;
err->memoryProvidedByCaller = 100;
/* Set up identifier information */
x.idtype = EIM_UNIQUE_NAME;
x.id.uniqueName = "mjones";
/* Add an admin association */
if (0 != (rc = eimAddAssociation(handle,
EIM_ADMIN,
&x,
"MyRegistry",
"maryjones",
err)))
{
printf("Add Association error = %d", rc);
return -1;
}
/* Add a source association */
if (0 != (rc = eimAddAssociation(handle,
EIM_SOURCE,
&x,
"kerberosRegistry",
"mjjones",
err)))
{
printf("Add Association error = %d", rc);
return -1;
}
/* Add a target association */
if (0 != (rc = eimAddAssociation(handle,
EIM_TARGET,
&x,
"MyRegistry",
"maryjo",
err)))
{
printf("Add Association error = %d", rc);
return -1;
}
return 0;
}
API introduced: V5R2
[ Back to top | Security APIs | APIs by category ]