ldap_create_proxyauth_control()--Create Control for Proxy Identity
Syntax
#include <ldap.h>
int ldap_create_proxyauth_control(
LDAP
*ld,
char
*proxyID,
int
*isCritical,
LDAPControl
**control)
Library Name/Service Program: QSYS/QGLDCLNT
Default Public Authority: *USE
Threadsafe: Yes
The create_proxyauth_control() function is used to create the LDAP control that will allow a bind entity to assume a proxy identity. The LDAP control must contain the proxy authorization identity which will be included in LDAP operations to request an operation from the server.
Using the proxy authorization control mechanism, a client can bind to the LDAP directory using its own identity, but is granted proxy authorization rights of another user to access the target directory.
When the IBM® Directory Server receives an operation with proxy authorization control, the bind DN is validated against the administrative group and/or the predefined proxy authorization group to determine whether the bind DN should be granted the proxy authorization right. In other words, the bound application client must be a member of the administrative group or proxy authorization group in order to request a proxy authorization operation.
Authorities and Locks
No IBM i authority is required.
Parameters
ld
(Input) Specifies the LDAP pointer returned by previous call to ldap_init(), ldap_ssl_init() or ldap_open(). Must not be NULL.
proxyID
(Input) Specifies the authorization identity the client will assume.
The authorization identity can be specified in two forms:
u:user-name specifies the authorization identity using a user name.
dn:distinguished-name specifies the authorization identity using an LDAP distinguished name.
isCritical
(Input) Specifies whether the proxy authorization control is critical to the search operation. This should be set to a non-zero value since the proxy authorization control is critical.
control
(Output) Specifies a pointer to a structure created by the function for the proxy identity control. See Controls for LDAP APIs for more information about server controls. This control should be freed by calling the ldap_control_free() function when finished using the control.
Return Value
LDAP_SUCCESS
if the request was successful.
LDAP_PARAM_ERROR
if a non-valid parameter was passed.
LDAP_NO_MEMORY
if memory cannot be allocated.
LDAP_ENCODING_ERROR
if an error occurred when encoding the control.
LDAP_UNAVAILALBLE_CRITICAL_EXTENSION
if server does not support proxy authorization and iscritical is set to a non-zero value.