eimAddAssociation()--Add EIM Association


  Syntax 
 #include <eim.h>

 int eimAddAssociation(EimHandle               * eim,
                       enum EimAssociationType   associationType,
                       EimIdentifierInfo       * idName,
                       char                    * registryName,
                       char                    * registryUserName,
         EimRC                   * eimrc)
  Service Program Name: QSYS/QSYEIM

  Default Public Authority: *USE

  Threadsafe: Yes

The eimAddAssociation() function associates a local identity in a specified user registry with an EIM identifier. EIM supports three kinds of associations: source, target, and administrative. All EIM associations are between an EIM identifier and a local user identity -- never directly between local user identities.

Associated source identities are user identities that are primarily for authentication purposes. They can be used as the source identity of a mapping lookup operation (that is, eimGetTargetFromSource()), but will not be found as the target of a mapping lookup operation.

Associated target identities are user identities that are primarily used to secure existing data. They will be found as the result of a mapping lookup operation, but cannot be used as the source identity for a mapping lookup operation.

Administrative associations are used to show that an identity is associated with an EIM identifier, but cannot be used as the source for, and will not be found as the target of, a mapping lookup operation.

A single user identity may be used as both a target and a source. This is done by creating both a source and a target association for the local user identity with the appropriate EIM identifier. While this API supports an association type of EIM_SOURCE_AND_TARGET, two associations are actually created.

For an EIM identifier to be useful in mapping lookup operations, it must have at least one "source" and at least one "target" association.

Start of change See EIM Mapping Lookup Algorithm for the affect that associations have on the mapping lookup operation. End of change


Authorities and Locks

EIM Data
Access to EIM data is controlled by EIM access groups. LDAP administrators also have access to EIM data. The authority that the access group has to the EIM data depends on the type of association being added:

For administrative and source associations, the access groups whose members have authority to the EIM data for this API follow:

For target associations, the access groups whose members have authority to the EIM data for this API follow:


Parameters

eim (Input)
The EIM handle returned by a previous call to eimCreateHandle(). A valid connection is required for this function.

associationType (Input)
The type of association to be added. Valid values are:

EIM_TARGET (1) Add a target association.
EIM_SOURCE (2) Add a source association.
EIM_SOURCE_AND_TARGET (3) Add both a source association and a target association.
EIM_ADMIN (4) Add an administrative association.


idName (Input)
A structure that contains the identifier name for this association. The layout of the EimIdentifierInfo structure follows: 
   enum EimIdType {
       EIM_UNIQUE_NAME,                       
       EIM_ENTRY_UUID,
       EIM_NAME
   };

   typedef struct EimIdentifierInfo
   {
       union {
           char       * uniqueName;
           char       * entryUUID;
           char       * name;
       } id;
       enum EimIdType        idtype;
   } EimIdentifierInfo;

idtype indicates which identifier name is provided. Use of the uniqueName provides the best performance. Specifying an idtype of EIM_NAME does not guarantee that a unique EIM identifier will be found. Therefore, use of EIM_NAME may result in an error.



registryName (Input)
The registry name for the association.

registryUserName (Input)
The registry user name for the association. The registry user name may be normalized according to the normalization method for defined registry.

eimrc (Input/Output)
The structure in which to return error code information. If the return value is not 0, eimrc is set with additional information. This parameter may be NULL. For the format of the structure, see EimRC--EIM Return Code Parameter.

Return Value

The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.

0
Request was successful.

EACCES
Access denied. Not enough permissions to access data.

EIMERR_ACCESS (1) Insufficient access to EIM data.

EBADDATA
eimrc is not valid.

EBADNAME
Registry or identifier name is not valid or insufficient access to EIM data.

EIMERR_IDNAME_AMBIGUOUS (20) More than 1 EIM Identifier was found that matches the requested Identifier name.
EIMERR_NOIDENTIFIER (25) EIM Identifier not found or insufficient access to EIM data.
EIMERR_NOREG (28) EIM Registry not found or insufficient access to EIM data.

EBUSY
Unable to allocate internal system object.

EIMERR_NOLOCK (26) Unable to allocate internal system object.

ECONVERT
Data conversion error.

EIMERR_DATA_CONVERSION (13) Error occurred when converting data between code pages.

EINVAL
Input parameter was not valid.

EIMERR_ASSOC_TYPE_INVAL (4) Association type is not valid.
EIMERR_HANDLE_INVAL (17) EimHandle is not valid.
EIMERR_IDNAME_TYPE_INVAL (52) The EimIdType value is not valid.
EIMERR_PARM_REQ (34) Missing required parameter. Please check API documentation.
EIMERR_PTR_INVAL (35) Pointer parameter is not valid.

ENOMEM
Unable to allocate required space.

EIMERR_NOMEM (27) No memory available. Unable to allocate required space.

ENOTCONN
LDAP connection has not been made.

EIMERR_NOT_CONN (31) Not connected to LDAP. Use eimConnect() API and try the request again.

EROFS
LDAP connection is for read only. Need to connect to master.

EIMERR_READ_ONLY (36) LDAP connection is for read only. Use eimConnectToMaster() to get a write connection.

EUNKNOWN
Unexpected exception.

EIMERR_LDAP_ERR (23) Unexpected LDAP error. %s
EIMERR_UNEXP_OBJ_VIOLATION (56) Unexpected object violation.
EIMERR_UNKNOWN (44) Unknown error or unknown system state.

Related Information


Example

See Code disclaimer information for information pertaining to code examples.

The following example creates 3 associations for the same identifier: administrative, source and target.

#include <eim.h>
#include <stdio.h>

int main(int argc, char *argv[])
{
    int           rc;
    char          eimerr[100];
    EimRC       * err;
    EimHandle   * handle;

    EimIdentifierInfo x;

    /* Get eim handle from input arg.           */
    /* This handle is already connected to EIM. */
    handle = (EimHandle *)argv[1];

    /* Set up error structure.                  */
    memset(eimerr,0x00,100);
    err = (EimRC *)eimerr;
    err->memoryProvidedByCaller = 100;

    /* Set up identifier information            */
    x.idtype = EIM_UNIQUE_NAME;
    x.id.uniqueName = "mjones";
    
    /* Add an admin association                 */
    if (0 != (rc = eimAddAssociation(handle,
                                     EIM_ADMIN,
                                     &x,
                                     "MyRegistry",
                                     "maryjones",
                                     err)))
    {
        printf("Add Association error = %d", rc);
        return -1;
    }
    /* Add a source association                 */
    if (0 != (rc = eimAddAssociation(handle,
                                     EIM_SOURCE,
                                     &x,
                                     "kerberosRegistry",
                                     "mjjones",
                                     err)))
    {
        printf("Add Association error = %d", rc);
        return -1;
    }
    /* Add a target association                 */
    if (0 != (rc = eimAddAssociation(handle,
                                     EIM_TARGET,
                                     &x,
                                     "MyRegistry",
                                     "maryjo",
                                     err)))
    {
        printf("Add Association error = %d", rc);
        return -1;
    }

    return 0;
}

API introduced: V5R2
Top | Security APIs | APIs by category