eimCreateDomain()--Create an EIM Domain Object

 #include <eim.h>

 int eimCreateDomain(char           * ldapURL,
                     EimConnectInfo   connectInfo,
                     char           * description,
         EimRC          * eimrc)
 

The eimCreateDomain() function creates an EIM domain object on the specified EIM domain controller.

Authorities and Locks

EIM Data

LDAP administrators have the authority to create an EIM domain.

Parameters

ldapURL  (Input)

A uniform resource locator (URL) that contains the EIM host information. This URL has the following format:

    ldap://host:port/dn
          or
    ldaps://host:port/dn

where:

• host:port is the name of the host on which the EIM domain controller is running with an optional port number.
• dn is the distinguished name of the domain to create.
• ldaps indicates that this host/port combination uses SSL and TLS.

Examples:

• ldap://systemx:389/ibm-eimDomainName=myEimDomain,o=myCompany,c=us
• ldaps://systemy:636/ibm-eimDomainName=thisEimDomain

connectInfo  (Input)

Connect information. EIM uses ldap. This parameter provides the information required to bind to ldap.

If the system is configured to connect to a secure port, EimSSLInfo is required.

For EIM_SIMPLE connect type, the creds field should contain the EimSimpleConnectInfo structure with a binddn and password. EimPasswordProtect is used to determine the level of password protection on the ldap bind.

EIM_PROTECT_NO (0)	The clear-text password is sent on the bind.
EIM_PROTECT_CRAM_MD5 (1)	The protected password is sent on the bind. The server side must support cram-md5 protocol to send the protected password.
EIM_PROTECT_CRAM_MD5_OPTIONAL (2)	The protected password is sent on the bind if the cram-md5 protocol is supported. Otherwise, the clear-text password is sent.

For EIM_KERBEROS, the default logon credentials are used. The kerberos creds field must be NULL.

For EIM_CLIENT_AUTHENTICATION, the creds field is ignored. EimSSLInfo must be provided.

The structure layouts follow:

   enum EimPasswordProtect {
       EIM_PROTECT_NO,              
       EIM_PROTECT_CRAM_MD5,
       EIM_PROTECT_CRAM_MD5_OPTIONAL
   };
   enum EimConnectType {
       EIM_SIMPLE,
       EIM_KERBEROS,
       EIM_CLIENT_AUTHENTICATION
   };

   typedef struct EimSimpleConnectInfo 
   {
        enum EimPasswordProtect protect;
        char * bindDn;
        char * bindPw;
   } EimSimpleConnectInfo;

   typedef struct EimSSLInfo 
   {
        char * keyring;
        char * keyring_pw;
        char * certificateLabel;
   } EimSSLInfo; 

   typedef struct EimConnectInfo
   {
        enum EimConnectType type;
        union {
            gss_cred_id_t * kerberos;
            EimSimpleConnectInfo simpleCreds;
        } creds;
      EimSSLInfo * ssl;
   } EimConnectInfo;      

description  (Input)

Textual description for the new EIM domain entry. This parameter may be NULL.

eimrc  (Input/Output)

The structure in which to return error code information. If the return value is not 0, eimrc is set with additional information. This parameter may be NULL. For the format of the structure, see EimRC--EIM Return Code Parameter.

Return Value

The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.

0

Request was successful.

EACCES

Access denied. Not enough permissions to access data.

EIMERR_ACCESS (1)

Insufficient access to EIM data.

EBADDATA

eimrc is not valid.

ECONVERT

Data conversion error.

EIMERR_DATA_CONVERSION (13)

Error occurred when converting data between code pages.

EEXIST

EIM domain already exists.

EIMERR_DOMAIN_EXISTS (14)

EIM domain already exists in EIM.

EINVAL

Input parameter was not valid.

EIMERR_CHAR_INVAL (21)	A restricted character was used in the object name. Check the API for a list of restricted characters.
EIMERR_CONN_INVAL (54)	Connection type is not valid.
EIMERR_NOT_SECURE (32)	The system is not configured to connect to a secure port. Connection type of EIM_CLIENT_AUTHENTICATION is not valid.
EIMERR_PARM_REQ (34)	Missing required parameter. Please check API documentation.
EIMERR_PROTECT_INVAL (22)	The protect parameter in EimSimpleConnectInfo is not valid.
EIMERR_PTR_INVAL (35)	Pointer parameter is not valid.
EIMERR_SSL_REQ (42)	The system is configured to connect to a secure port. EimSSLInfo is required.
EIMERR_URL_NODN (45)	URL has no dn (required).
EIMERR_URL_NODOMAIN (46)	URL has no domain (required).
EIMERR_URL_NOHOST (47)	URL does not have a host.
EIMERR_URL_NOTLDAP (49)	URL does not begin with ldap.
EIMERR_INVALID_DN (66)	Distinguished Name (DN) is not valid.

ENOMEM

Unable to allocate required space.

EIMERR_NOMEM (27)

No memory available. Unable to allocate required space.

ENOTSUP

Connection type is not supported.

EIMERR_CONN_NOTSUPP (12)

Connection type is not supported.

EROFS

LDAP connection is for read only. Need to connect to master.

EIMERR_URL_READ_ONLY (50)

LDAP connection can only be made to a replica ldap server. Change the connection information and try the request again.

EUNKNOWN

Unexpected exception.

EIMERR_LDAP_ERR (23)	Unexpected LDAP error. %s
EIMERR_UNKNOWN (44)	Unknown error or unknown system state.

Restrictions

There is a restriction on the characters allowed for domain name.

The following characters are special characters that are not allowed in object names. They also should not be used in object attributes that would be used for a search operation.

 ,    =    +    <     >    #    ;   \   *    "

Related Information

• eimDeleteDomain()--Delete an EIM Domain Object
  
  
• eimChangeDomain()--Change an EIM Domain Object
  
  
• eimListDomains()--List EIM Domain Objects

Example

See Code disclaimer information for information pertaining to code examples.

The following example creates an EIM domain by the name of myEIMDomain. The distinguished name for the domain after it is created will be: "ibm-eimDomainName=myEIMDomain,o=mycompany,c=us".

#include <eim.h>
#include <stdio.h>

int main(int argc, char *argv[])
{
    int           rc;
    char          eimerr[100];
    EimRC       * err;
    
    char * ldapURL = "ldap://eimsystem:389/ibm-eimDomainName=myEimDomain,o=mycompany,c=us";
    
    EimConnectInfo con;
    
    /* Set up connection information           */
    con.type = EIM_SIMPLE;
    con.creds.simpleCreds.protect = EIM_PROTECT_NO;
    con.creds.simpleCreds.bindDn = "cn=admin";
    con.creds.simpleCreds.bindPw = "secret";
    con.ssl = NULL;

    /* Set up error structure.                 */
    memset(eimerr,0x00,100);
    err = (EimRC *)eimerr;
    err->memoryProvidedByCaller = 100;
    
    /* Create a new EIM domain                 */
    if (0 != (rc = eimCreateDomain(ldapURL,
                                   con,
                                   NULL,
                                   err)))
        printf("Create domain error = %d", rc);

    return 0;
}