eimChangeDomain()--Change an EIM Domain Object


  Syntax 
 #include <eim.h>

 int eimChangeDomain(char               * ldapURL,
                     EimConnectInfo       connectInfo,
                     enum EimDomainAttr   attrName,
                     char               * attrValue,
                     enum EimChangeType   changeType,
                     EimRC              * eimrc)
  Service Program Name: QSYS/QSYEIM

  Default Public Authority: *USE

  Threadsafe: Yes

The eimChangeDomain() function changes an attribute for the EIM domain entry identified by ldapURL.


Authorities and Locks

EIM Data
Access to EIM data is controlled by EIM access groups. LDAP administrators also have access to EIM data. The access groups whose members have authority to the EIM data for this API follow:

Parameters

ldapURL  (Input)
A uniform resource locator (URL) that contains the EIM host information. This URL has the following format: 
    ldap://host:port/dn
          or
    ldaps://host:port/dn

where:

Examples:


connectInfo  (Input)
Connect information. EIM uses ldap. This parameter provides the information required to bind to ldap.

If the system is configured to connect to a secure port, EimSSLInfo is required.

For EIM_SIMPLE connect type, the creds field should contain the EimSimpleConnectInfo structure with a binddn and password. EimPasswordProtect is used to determine the level of password protection on the ldap bind.

EIM_PROTECT_NO (0) The clear-text password is sent on the bind.
EIM_PROTECT_CRAM_MD5 (1) The protected password is sent on the bind. The server side must support cram-md5 protocol to send the protected password.
EIM_PROTECT_CRAM_MD5_OPTIONAL (2) The protected password is sent on the bind if the cram-md5 protocol is supported. Otherwise, the clear-text password is sent.

For EIM_KERBEROS, the default logon credentials are used. The kerberos creds field must be NULL.

For EIM_CLIENT_AUTHENTICATION, the creds field is ignored. EimSSLInfo must be provided.

The structure layouts follow:

   enum EimPasswordProtect {
       EIM_PROTECT_NO,              
       EIM_PROTECT_CRAM_MD5,
       EIM_PROTECT_CRAM_MD5_OPTIONAL
   };
   enum EimConnectType {
       EIM_SIMPLE,
       EIM_KERBEROS,
       EIM_CLIENT_AUTHENTICATION
   };

   typedef struct EimSimpleConnectInfo 
   {
        enum EimPasswordProtect protect;
        char * bindDn;
        char * bindPw;
   } EimSimpleConnectInfo;

   typedef struct EimSSLInfo 
   {
        char * keyring;
        char * keyring_pw;
        char * certificateLabel;
   } EimSSLInfo; 

   typedef struct EimConnectInfo
   {
        enum EimConnectType type;
        union {
            gss_cred_id_t * kerberos;
            EimSimpleConnectInfo simpleCreds;
        } creds;
      EimSSLInfo * ssl;
   } EimConnectInfo;
attrName  (Input)
The attribute to be updated. Valid values are:
EIM_DOMAIN_DESCRIPTION (0) Changes the description for the EIM domain. Valid changeType is EIM_CHG (0).
EIM_DOMAIN_POLICY_ASSOCIATIONS (1) Change the indicator for whether or not the domain supports policy associations in a mapping lookup. By default, the policy associations are not supported. Valid changeType is EIM_ENABLE (3) or EIM_DISABLE (4). This attribute is controlled by the version of the API interface, not the domain. If this attribute is enabled for the domain, it will only be checked in a mapping lookup operation if the version of the mapping lookup API that is used to access the domain supports this attribute. EIM version 2 must be supported by the local EIM APIs to specify this attribute (see eimGetVersion()--Get EIM Version).

attrValue  (Input)
The new value for the attribute.

If the attribute being changed is EIM_DOMAIN_POLICY_ASSOCIATIONS, this value must be NULL.

changeType  (Input)
The type of change to make. This could be add, remove, change, enable, or disable.   attrName parameter indicates which type is allowed for each attribute.

eimrc  (Input/Output)
The structure in which to return error code information. If the return value is not 0, eimrc will be set with additional information. This parameter may be NULL. For the format of the structure, see EimRC--EIM Return Code Parameter.


Return Value

The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.

0
Request was successful.

EACCES
Access denied. Not enough permissions to access data.

EIMERR_ACCESS (1) Insufficient access to EIM data.

EBADDATA
eimrc is not valid.

EBADNAME
EIM domain not found or insufficient access to EIM data.

EIMERR_NODOMAIN (24) EIM Domain not found or insufficient access to EIM data.

ECONVERT
Data conversion error.

EIMERR_DATA_CONVERSION (13) Error occurred when converting data between code pages.

EINVAL
Input parameter was not valid.

EIMERR_ATTR_INVAL (5) Attribute name is not valid.
EIMERR_CHGTYPE_INVAL (9) This change type is not valid with the requested attribute. Please check the API documentation.
EIMERR_CONN_INVAL (54) Connection type is not valid.
EIMERR_NOT_SECURE (32) The system is not configured to connect to a secure port. Connection type of EIM_CLIENT_AUTHENTICATION is not valid.
EIMERR_PARM_REQ (34) Missing required parameter. Please check API documentation.
EIMERR_PROTECT_INVAL (22) The protect parameter in EimSimpleConnectInfo is not valid.
EIMERR_PTR_INVAL (35) Pointer parameter is not valid.
EIMERR_SSL_REQ (42) The system is configured to connect to a secure port. EimSSLInfo is required.
EIMERR_URL_NODN (45) URL has no dn (required).
EIMERR_URL_NODOMAIN (46) URL has no domain (required).
EIMERR_URL_NOHOST (47) URL does not have a host.
EIMERR_URL_NOTLDAP (49) URL does not begin with ldap.
EIMERR_INVALID_DN (66) Distinguished Name (DN) is not valid.
EIMERR_FUNCTION_NOT_ SUPPORTED (70) The specified function is not supported by the EIM version.

ENOMEM
Unable to allocate required space.

EIMERR_NOMEM (27) No memory available. Unable to allocate required space.

ENOTSUP
Connection type is not supported.

EIMERR_CONN_NOTSUPP (12) Connection type is not supported.

EROFS
LDAP connection is for read only. Need to connect to master.

EIMERR_URL_READ_ONLY (50) LDAP connection can only be made to a replica ldap server. Change the connection information and try the request again.

EUNKNOWN
Unexpected exception.

EIMERR_LDAP_ERR (23) Unexpected LDAP error. %s
EIMERR_UNKNOWN (44) Unknown error or unknown system state.

Related Information


Example

The following example changes the description of the specified EIM domain and enables the use of policy associations for the domain.

Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.

#include <eim.h>
#include <stdio.h>

int main(int argc, char *argv[])
{
    int           rc;
    char          eimerr[100];
    EimRC       * err;

    char * ldapURL = "ldap://eimsystem:389/ibm-eimDomainName=myEimDomain,o=mycompany,c=us";
    
    EimConnectInfo con;
    
    /* Set up connection information           */
    con.type = EIM_SIMPLE;
    con.creds.simpleCreds.protect = EIM_PROTECT_NO;
    con.creds.simpleCreds.bindDn = "cn=admin";
    con.creds.simpleCreds.bindPw = "secret";
    con.ssl = NULL;

    /* Set up error structure.                 */
    memset(eimerr,0x00,100);
    err = (EimRC *)eimerr;
    err->memoryProvidedByCaller = 100;

    /* Change the description for this domain. */
    if (0 != (rc = eimChangeDomain(ldapURL,
                                   con,
                                   EIM_DOMAIN_DESCRIPTION,
                                   "This is the new description",
                                   EIM_CHG,
                                   err)))
        printf("Change domain error = %d", rc);

    /* Enable the use of policy associations. */
    if (0 != (rc = eimChangeDomain(ldapURL,
                                   con,
                                   EIM_DOMAIN_POLICY_ASSOCIATIONS,
                                   NULL,
                                   EIM_ENABLE,
                                   err)))
        printf("Change domain error = %d", rc);

    return 0;
}

API introduced: V5R2

[ Back to top | Security APIs | APIs by category ]