#include <qsyeimapi.h>
#include <eim.h>
int QsySetEIMConnectInfo(enum QsyEimConnectSystem connectSystem,
QsyEimConnectionInfo connectInfo,
EimRc * eimrc)
Service Program Name: QSYS/QSYEIMAPIThe QsySetEIMConnectInfo() function defines the connection information that will be used by the operating system when it needs to connect to the EIM domain that is configured for this system or for the master system. EIM configuration information is set using eimSetConfiguration().
The system defined by eimSetConfiguration(). If the configured system is a replica system and EIM updates will be done, then connection information for the master system must also be defined.
| QSY_EIM_CONFIG (0) | The specified connection information will be used to connect to the EIM domain that is configured for this system. |
| QSY_EIM_MASTER (1) | The specified connection information will be used to connect to the master system. |
The connection information. EIM uses ldap. The connection information indicates the required information to bind to ldap. There are two types of connections supported, simple bind and Kerberos.
If the system is configured to connect to a secure port then Digital Certificate Manager (DCM) must be used to assign a certificate to the Enterprise Identity Mapping Client (QIBM_QSY_EIM_CLIENT) application.
For QSY_EIM_SIMPLE (0) connect type, the connectInfo field must contain an EimSimpleConnectInfo structure with a binddn and password. The binddn cannot be longer than 400 bytes. The password cannot be longer than 174 bytes. EimPasswordProtect is used to determine the level of password protection on the ldap bind.
| EIM_PROTECT_NO (0) | The "clear-text" password is sent on the bind. |
| EIM_PROTECT_CRAM_MD5 (1) | The protected password is sent on the bind. The server side must support cram-md5 protocol in order to send the protected password. |
| EIM_PROTECT_CRAM_MD5_OPTIONAL (2) | The protected password will be sent on the bind if the cram-md5 protocol is supported. Otherwise, the "clear-text" password is sent. |
For QSY_EIM_KERBEROS_KEYTAB (1), connect type, the connectInfo field must contain a QsyEimKerberosKeyTab structure with a keytab file name, principal, and realm. Each of the keytab file name, principal, and realm cannot be longer than 400 bytes.
For QSY_EIM_KERBEROS_PWD (2), connect type, the connectInfo field must contain a QsyEimKerberosPassword structure with a principal, realm, and password. The principal and realm cannot be longer than 400 bytes. The password cannot be longer than 174 bytes.
For QSY_EIM_REMOVE_CONNECT_INFO (3), connect type, the connectInfo field must be zeros. The connection information that is currently defined for the specified connection system will be removed.
Following are the structure layouts:
#pragma enumsize(4)
enum QsyEimConnectType {
QSY_EIM_SIMPLE,
QSY_EIM_KERBEROS_KEYTAB,
QSY_EIM_KERBEROS_PWD,
QSY_EIM_REMOVE_CONNECT_INFO
};
enum EimPasswordProtect {
EIM_PROTECT_NO,
EIM_PROTECT_CRAM_MD5,
EIM_PROTECT_CRAM_MD5_OPTIONAL
};
typedef struct EimSimpleConnectInfo
{
enum EimPasswordProtect protect;
char reserved[12];
char * bindDn;
char * bindPw;
} EimSimpleConnectInfo;
typedef struct QsyEimKerberosKeyTab
{
char * keyTabFile;
char * principal;
char * realm;
}
typedef struct QsyEimKerberosPassword
{
char * principal;
char * realm;
char * password;
}
typedef struct QsyEimConnectionInfo
{
enum QsyEimConnectType type;
union {
EimSimpleConnectInfo simpleCreds;
QsyEimKerberosKeyTab kerberosKeyTab;
QsyEimKerberosPassword kerberosPassword;
} connectInfo;
} QsyEimConnectionInfo;
The structure in which to return error code information. If the return value is not 0, eimrc is set with additional information. This parameter may be NULL. For the format of the structure, see EimRC--EIM Return Code Parameter.
The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.
| EIMERR_AUTH_ERR (7) | Insufficient authority for the operation. |
| EIMERR_NOLOCK (26) | Unable to allocate internal system object. |
| EIMERR_PROTECT_INVAL (22) | The protect parameter in EimSimpleConnectInfo is not valid. |
| EIMERR_PARM_REQ (34) | Missing required parameter. Please check API documentation. |
| EIMERR_PTR_INVAL (35) | Pointer parameter is not valid. |
| EIMERR_OS400_CONN_SYS_INVAL (5002) | Connection system is not valid. |
| EIMERR_RESERVE_INVAL (57) | Reserved field is not valid. |
| EIMERR_OS400_BINDDN_SIZE (5001) | Bind DN is too large. |
| EIMERR_OS400_KEYTAB_SIZE (5003) | Kerberos keytab file name is too large. |
| EIMERR_OS400_PRINCIPAL_SIZE (5004) | Kerberos principal is too large. |
| EIMERR_OS400_PWD_SIZE (5005) | Kerberos password is too large. |
| EIMERR_OS400_REALM_SIZE (5006) | Kerberos realm is too large. |
| EIMERR_NOMEM (27) | No memory available. Unable to allocate required space. |
| EIMERR_CONN_NOTSUPP (12) | Connection type is not supported. |
| EIMERR_UNKNOWN (44) | Unknown error or unknown system state. |
The following example sets connection information used by the operating system.
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
#include <eim.h>
#include <qsyeimapi.h>
int main(int argc, char *argv[])
{
int rc;
enum QsyEimConnectSystem *connectSys;
QsyEimConnectionInfo connectInfo;
char eimerr[100];
EimRC *err;
/* Get the system that the connection information is for. */
connectSys = (enum QsyEimConnectSystem *)argv[1];
/* Get the type of the connection information. */
connectInfo.type = *((enum QsyEimConnectType *)argv[2]);
/* Set the connection information based on the connection type.
switch (connectInfo.type) /* Determine connect type. */
{
case QSY_EIM_SIMPLE:
{
connectInfo.connectInfo.simpleCreds.protect =
*((enum EimPasswordProtect *)argv[3]);
connectInfo.connectInfo.simpleCreds.bindDn = argv[4];
connectInfo.connectInfo.simpleCreds.bindPw = argv[5];
break;
}
case QSY_EIM_KERBEROS_KEYTAB:
{
connectInfo.connectInfo.kerberosKeyTab.keyTabFile = argv[3];
connectInfo.connectInfo.kerberosKeyTab.principal = argv[4];
connectInfo.connectInfo.kerberosKeyTab.realm = argv[5];
break;
}
case QSY_EIM_KERBEROS_PWD:
{
connectInfo.connectInfo.kerberosPassword.principal = argv[3];
connectInfo.connectInfo.kerberosPassword.realm = argv[4];
connectInfo.connectInfo.kerberosPassword.password = argv[5];
break;
}
case QSY_EIM_REMOVE_CONNECT_INFO:
{
connectInfo.connectInfo.kerberosPassword.principal = NULL;
connectInfo.connectInfo.kerberosPassword.realm = NULL;
connectInfo.connectInfo.kerberosPassword.password = NULL;
break;
}
} /* end determine connect type. */
err = (EimRC *)eimerr;
err->memoryProvidedByCaller = 100;
if (0 != (rc = QsySetEIMConnectInfo(*connectSys,
connectInfo,
err)))
printf("Set connection information error = %d", rc);
return 0;
}
[ Back to top | Security APIs | APIs by category ]