636 lines
21 KiB
HTML
636 lines
21 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
|
<title>eimAddAssociation()--Add EIM Association</title>
|
|
<!-- Begin header records -->
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<!-- Change History: -->
|
|
<!-- YYMMDD USERID Change description -->
|
|
<!-- Edited by Kersten Jan 02 -->
|
|
<!-- Created by Carol Budnik on 17 July 2001 -->
|
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
|
</head>
|
|
<body>
|
|
<!--Java sync-link-->
|
|
<script type="text/javascript" language="javascript" src="../rzahg/synch.js">
|
|
</script>
|
|
|
|
<a name="Top_Of_Page"></a>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
|
|
<h2>eimAddAssociation()--Add EIM Association</h2>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- S Y N T A X / P A R M T A B L E -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
<div class="box" style="width: 80%;">
|
|
<br>
|
|
Syntax
|
|
|
|
<pre>
|
|
#include <eim.h>
|
|
|
|
int eimAddAssociation(EimHandle * <em>eim</em>,
|
|
enum EimAssociationType <em>associationType</em>,
|
|
EimIdentifierInfo * <em>idName</em>,
|
|
char * <em>registryName</em>,
|
|
char * <em>registryUserName</em>,
|
|
EimRC * <em>eimrc</em>)
|
|
|
|
|
|
</pre>
|
|
|
|
Service Program Name: QSYS/QSYEIM<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
Default Public Authority: *USE<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
Threadsafe: Yes<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
</div>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- D E S C R I P T I O N -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
<p>The <strong>eimAddAssociation()</strong> function associates a local
|
|
identity in a specified user registry with an EIM identifier. EIM supports
|
|
three kinds of associations: source, target, and administrative. All EIM
|
|
associations are between an EIM identifier and a local user identity -- never
|
|
directly between local user identities.</p>
|
|
|
|
<p>Associated source identities are user identities that are primarily for
|
|
authentication purposes. They can be used as the source identity of a mapping
|
|
lookup operation (that is, eimGetTargetFromSource()), but will not be found as the
|
|
target of a mapping lookup operation.</p>
|
|
|
|
<p>Associated target identities are user identities that are primarily used to
|
|
secure existing data. They will be found as the result of a mapping lookup
|
|
operation, but cannot be used as the source identity for a mapping lookup
|
|
operation.</p>
|
|
|
|
<p>Administrative associations are used to show that an identity is associated
|
|
with an EIM identifier, but cannot be used as the source for, and will not be
|
|
found as the target of, a mapping lookup operation.</p>
|
|
|
|
<p>A single user identity may be used as both a target and a source. This is
|
|
done by creating both a source and a target association for the local user
|
|
identity with the appropriate EIM identifier. While this API supports an
|
|
association type of EIM_SOURCE_AND_TARGET, two associations are actually
|
|
created.</p>
|
|
|
|
<p>For an EIM identifier to be useful in mapping lookup operations, it must
|
|
have at least one "source" and at least one "target" association.</p>
|
|
|
|
<p>
|
|
<img src="delta.gif" alt="Start of change">
|
|
See <a href="eimmappinglookup.htm">EIM Mapping Lookup Algorithm</a>
|
|
for the affect that associations have on the mapping lookup operation.
|
|
<img src="deltaend.gif" alt="End of change">
|
|
</p>
|
|
|
|
<br>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- A U T H O R I T I E S A N D L O C K S -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
|
|
<h3>Authorities and Locks</h3>
|
|
|
|
<dl>
|
|
<dt><em>EIM Data</em></dt>
|
|
|
|
<dd>Access to EIM data is controlled by EIM access groups. LDAP administrators
|
|
also have access to EIM data. The authority that the access group has to the
|
|
EIM data depends on the type of association being added:
|
|
|
|
<p>For administrative and source associations, the access groups whose members
|
|
have authority to the EIM data for this API follow:</p>
|
|
|
|
<ul>
|
|
<li>EIM Administrator</li>
|
|
|
|
<li>EIM Identifiers Administrator</li>
|
|
</ul>
|
|
|
|
<p>For target associations, the access groups whose members have authority to
|
|
the EIM data for this API follow:</p>
|
|
|
|
<ul>
|
|
<li>EIM Administrator</li>
|
|
|
|
<li>EIM Registries Administrator</li>
|
|
|
|
<li>EIM authority to an individual registry</li>
|
|
</ul>
|
|
</dd>
|
|
</dl>
|
|
|
|
<br>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- P A R A M E T E R S -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
|
|
<h3>Parameters</h3>
|
|
|
|
<dl><!-- ============================================================== -->
|
|
<!-- eim -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>eim</strong> (Input)</dt>
|
|
|
|
<dd>The EIM handle returned by a previous call to eimCreateHandle(). A valid
|
|
connection is required for this function.<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- associationType -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>associationType</strong> (Input)</dt>
|
|
|
|
<dd>The type of association to be added. Valid values are:<br>
|
|
<br>
|
|
<table width="100%">
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIM_TARGET (1)</em></td>
|
|
<td align="left" valign="top">Add a target association.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIM_SOURCE (2)</em></td>
|
|
<td align="left" valign="top">Add a source association.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIM_SOURCE_AND_TARGET (3)</em></td>
|
|
<td align="left" valign="top">Add both a source association and a target
|
|
association.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIM_ADMIN (4)</em></td>
|
|
<td align="left" valign="top">Add an administrative association.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- idName -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>idName</strong> (Input)</dt>
|
|
|
|
<dd>A structure that contains the identifier name for this association. The
|
|
layout of the EimIdentifierInfo structure follows:
|
|
|
|
<pre>
|
|
enum EimIdType {
|
|
EIM_UNIQUE_NAME,
|
|
EIM_ENTRY_UUID,
|
|
EIM_NAME
|
|
};
|
|
|
|
typedef struct EimIdentifierInfo
|
|
{
|
|
union {
|
|
char * uniqueName;
|
|
char * entryUUID;
|
|
char * name;
|
|
} id;
|
|
enum EimIdType idtype;
|
|
} EimIdentifierInfo;
|
|
|
|
</pre>
|
|
|
|
<p><samp>idtype</samp> indicates which identifier name is provided. Use of the
|
|
<samp>uniqueName</samp> provides the best performance. Specifying an
|
|
<samp>idtype</samp> of EIM_NAME does not guarantee that a unique EIM identifier
|
|
will be found. Therefore, use of EIM_NAME may result in an error.</p>
|
|
|
|
<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- registry name -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>registryName</strong> (Input)</dt>
|
|
|
|
<dd>The registry name for the association.<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- registry user name -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>registryUserName</strong> (Input)</dt>
|
|
|
|
<dd>The registry user name for the association. The registry user name may be
|
|
normalized according to the normalization method for defined registry.<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- eimrc -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>eimrc</strong> (Input/Output)</dt>
|
|
|
|
<dd>The structure in which to return error code information. If the return
|
|
value is not 0, eimrc is set with additional information. This parameter may be
|
|
NULL. For the format of the structure, see <a href="eimrc.htm">EimRC--EIM
|
|
Return Code Parameter</a>.<br>
|
|
<br>
|
|
</dd>
|
|
</dl>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- R E T U R N V A L U E -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
<h3>Return Value</h3>
|
|
|
|
<p>The return value from the API. Following each return value is the list of
|
|
possible values for the <samp>messageCatalogMessageID</samp> field in the
|
|
<em>eimrc</em> parameter for that value.</p>
|
|
|
|
<dl><!-- ============================================================== -->
|
|
<!-- 0 -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>0</strong></dt>
|
|
|
|
<dd>Request was successful.<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EACCES -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EACCES</strong></dt>
|
|
|
|
<dd>Access denied. Not enough permissions to access data.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="25 75" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_ACCESS (1)</em></td>
|
|
<td align="left" valign="top">Insufficient access to EIM data.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EBADDATA -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EBADDATA</strong></dt>
|
|
|
|
<dd>eimrc is not valid.<br>
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EBADNAME -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EBADNAME</strong></dt>
|
|
|
|
<dd>Registry or identifier name is not valid or insufficient access to EIM
|
|
data.<br>
|
|
<br>
|
|
|
|
|
|
<table cellpadding="5">
|
|
<!-- cols="35 65" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_IDNAME_AMBIGUOUS (20)</em></td>
|
|
<td align="left" valign="top">More than 1 EIM Identifier was found that matches
|
|
the requested Identifier name.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_NOIDENTIFIER (25)</em></td>
|
|
<td align="left" valign="top">EIM Identifier not found or insufficient access
|
|
to EIM data.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_NOREG (28)</em></td>
|
|
<td align="left" valign="top">EIM Registry not found or insufficient access to
|
|
EIM data.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EBUSY -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EBUSY</strong></dt>
|
|
|
|
<dd>Unable to allocate internal system object.<br>
|
|
<br>
|
|
|
|
|
|
<table cellpadding="5">
|
|
<!-- cols="25 75" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_NOLOCK (26)</em></td>
|
|
<td align="left" valign="top">Unable to allocate internal system object.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- ECONVERT -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>ECONVERT</strong></dt>
|
|
|
|
<dd>Data conversion error.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="35 65" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_DATA_CONVERSION (13)</em></td>
|
|
<td align="left" valign="top">Error occurred when converting data between code
|
|
pages.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EINVAL -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EINVAL</strong></dt>
|
|
|
|
<dd>Input parameter was not valid.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="35 65" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_ASSOC_TYPE_INVAL (4)</em></td>
|
|
<td align="left" valign="top">Association type is not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_HANDLE_INVAL (17)</em></td>
|
|
<td align="left" valign="top">EimHandle is not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_IDNAME_TYPE_INVAL (52)</em></td>
|
|
<td align="left" valign="top">The EimIdType value is not valid.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_PARM_REQ (34)</em></td>
|
|
<td align="left" valign="top">Missing required parameter. Please check API
|
|
documentation.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_PTR_INVAL (35)</em></td>
|
|
<td align="left" valign="top">Pointer parameter is not valid.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- ENOMEM -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>ENOMEM</strong></dt>
|
|
|
|
<dd>Unable to allocate required space.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="25 75" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_NOMEM (27)</em></td>
|
|
<td align="left" valign="top">No memory available. Unable to allocate required
|
|
space.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- ENOTCONN -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>ENOTCONN</strong></dt>
|
|
|
|
<dd>LDAP connection has not been made.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="25 75" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_NOT_CONN (31)</em></td>
|
|
<td align="left" valign="top">Not connected to LDAP. Use eimConnect() API and
|
|
try the request again.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EROFS -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EROFS</strong></dt>
|
|
|
|
<dd>LDAP connection is for read only. Need to connect to master.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="25 75" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_READ_ONLY (36)</em></td>
|
|
<td align="left" valign="top">LDAP connection is for read only. Use
|
|
eimConnectToMaster() to get a write connection.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<!-- ============================================================== -->
|
|
<!-- EUNKNOWN -->
|
|
<!-- ============================================================== -->
|
|
<dt><strong>EUNKNOWN</strong></dt>
|
|
|
|
<dd>Unexpected exception.<br>
|
|
<br>
|
|
<table cellpadding="5">
|
|
<!-- cols="40 60" -->
|
|
<tr>
|
|
<td align="left" valign="top">EIMERR_LDAP_ERR (23)</td>
|
|
<td align="left" valign="top">Unexpected LDAP error. %s</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_UNEXP_OBJ_VIOLATION (56)</em></td>
|
|
<td align="left" valign="top">Unexpected object violation.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>EIMERR_UNKNOWN (44)</em></td>
|
|
<td align="left" valign="top">Unknown error or unknown system state.</td>
|
|
</tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
|
|
<br>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- U S A G E N O T E S -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- R E L A T E D I N F O R M A T I O N -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
|
|
<h3>Related Information</h3>
|
|
|
|
<ul>
|
|
<li><a href="eimgetassociatedidentifiers.htm">eimGetAssociatedIdentifiers()</a>
|
|
--Get Associated EIM Identifiers<br>
|
|
<br>
|
|
</li>
|
|
|
|
<li><a href="eimremoveassociation.htm">eimRemoveAssociation()</a>--Remove an
|
|
EIM Association<br>
|
|
<br>
|
|
</li>
|
|
|
|
<li><a href="eimlistassociations.htm">eimListAssociations()</a>--List EIM
|
|
Associations<br>
|
|
<br>
|
|
</li>
|
|
</ul>
|
|
|
|
<br>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- E X A M P L E -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
|
|
<h3>Example</h3>
|
|
<p>See <a href="../apiref/aboutapis.htm#codedisclaimer">Code disclaimer information</a>
|
|
for information pertaining to code examples.</p>
|
|
<p>The following example creates 3 associations for the same identifier:
|
|
administrative, source and target.</p>
|
|
|
|
<pre>
|
|
#include <eim.h>
|
|
#include <stdio.h>
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int rc;
|
|
char eimerr[100];
|
|
EimRC * err;
|
|
EimHandle * handle;
|
|
|
|
EimIdentifierInfo x;
|
|
|
|
<em>/* Get eim handle from input arg. */</em>
|
|
<em>/* This handle is already connected to EIM. */</em>
|
|
handle = (EimHandle *)argv[1];
|
|
|
|
<em>/* Set up error structure. */</em>
|
|
memset(eimerr,0x00,100);
|
|
err = (EimRC *)eimerr;
|
|
err->memoryProvidedByCaller = 100;
|
|
|
|
<em>/* Set up identifier information */</em>
|
|
x.idtype = EIM_UNIQUE_NAME;
|
|
x.id.uniqueName = "mjones";
|
|
|
|
<em>/* Add an admin association */</em>
|
|
if (0 != (rc = eimAddAssociation(handle,
|
|
EIM_ADMIN,
|
|
&x,
|
|
"MyRegistry",
|
|
"maryjones",
|
|
err)))
|
|
{
|
|
printf("Add Association error = %d", rc);
|
|
return -1;
|
|
}
|
|
<em>/* Add a source association */</em>
|
|
if (0 != (rc = eimAddAssociation(handle,
|
|
EIM_SOURCE,
|
|
&x,
|
|
"kerberosRegistry",
|
|
"mjjones",
|
|
err)))
|
|
{
|
|
printf("Add Association error = %d", rc);
|
|
return -1;
|
|
}
|
|
<em>/* Add a target association */</em>
|
|
if (0 != (rc = eimAddAssociation(handle,
|
|
EIM_TARGET,
|
|
&x,
|
|
"MyRegistry",
|
|
"maryjo",
|
|
err)))
|
|
{
|
|
printf("Add Association error = %d", rc);
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
</pre>
|
|
|
|
<br>
|
|
<!-- ============================================================== -->
|
|
<!-- -->
|
|
<!-- F O O T E R -->
|
|
<!-- -->
|
|
<!-- ============================================================== -->
|
|
|
|
<hr>
|
|
API introduced: V5R2
|
|
|
|
<hr>
|
|
<center>
|
|
<table cellpadding="2" cellspacing="2">
|
|
<tr align="center">
|
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
|
</tr>
|
|
</table>
|
|
</center>
|
|
</body>
|
|
</html>
|
|
|