|
| DS_ENTRY_ADD - target object |
 |
Thu, 26 Jan 2006 10:03:54 GMT |
Hello,
I am trying to grant privileges to user on object.
I have a problem setting DS_ENTRY_ADD right, I don't know what target
object to set? It is supposed to be the container of the object. I have a
tree - Tree, and context - cnt.context. Using that values as a target does
not seeem to work. But it works fine for [Root].
Here is the code:
Object_ACL_T ACL;
pBuf_T dsBuf = NULL;
NWDSCCODE rcode = ::NWDSAllocBuf((size_t)DEFAULT_MESSAGE_LEN, &dsBuf);
if (rcode)
return rcode;
rcode = NWDSInitBuf(g_ContextHandle, DSV_MODIFY_ENTRY, dsBuf);
if (rcode)
return rcode;
ACL.protectedAttrName = DS_ENTRY_RIGHTS_NAME;
ACL.subjectName = (char*)user;
ACL.privileges = rights;
rcode = NWDSPutChange (g_ContextHandle,dsBuf,mode,"ACL");
rcode = NWDSPutAttrVal(g_ContextHandle,dsBuf,SYN_OBJECT_ACL,&ACL);
rcode = NWDSModifyObject(g_ContextHandle,(char*)target, NULL, 0, dsBuf);
return rcode;
Thaks!
|
| Post Reply
|
| Re: DS_ENTRY_ADD - target object |
 |
Thu, 26 Jan 2006 23:55:45 GMT |
I cant spot anything wrong with your code. What value are you using for
mode - that should DS_ADD_VALUE. The target is the object to which you want
to add the ACL as an attribute value. The fact that it works for [Root] and
not other objects suggests you might not be specifying the object name
correctly relative to the context pointed to by your context handle. What
value do you get for rcode?
John
DevSup SysOp 24
"kazakov" <andrey.kazakov@gmail.com> wrote in message
news:e81Cf.1537$IK1.495@prv-forum2.provo.novell.com...
> Hello,
> I am trying to grant privileges to user on object.
> I have a problem setting DS_ENTRY_ADD right, I don't know what target
> object to set? It is supposed to be the container of the object. I have a
> tree - Tree, and context - cnt.context. Using that values as a target does
> not seeem to work. But it works fine for [Root].
> Here is the code:
>
>
> Object_ACL_T ACL;
> pBuf_T dsBuf = NULL;
>
> NWDSCCODE rcode = ::NWDSAllocBuf((size_t)DEFAULT_MESSAGE_LEN,
&dsBuf);
>
> if (rcode)
> return rcode;
>
> rcode = NWDSInitBuf(g_ContextHandle, DSV_MODIFY_ENTRY, dsBuf);
>
> if (rcode)
> return rcode;
>
>
> ACL.protectedAttrName = DS_ENTRY_RIGHTS_NAME;
> ACL.subjectName = (char*)user;
> ACL.privileges = rights;
>
> rcode = NWDSPutChange (g_ContextHandle,dsBuf,mode,"ACL");
>
> rcode = NWDSPutAttrVal(g_ContextHandle,dsBuf,SYN_OBJECT_ACL,&ACL);
>
> rcode = NWDSModifyObject(g_ContextHandle,(char*)target, NULL, 0, dsBuf);
>
> return rcode;
|
| Post Reply
|
| Re: DS_ENTRY_ADD - target object |
 |
Fri, 27 Jan 2006 09:12:21 GMT |
Hello,
Well I have no error code it returns SUCCESS, but in facts I don't see new
rights working(can't add user).
Can you give me an example for the correct object name ?
Thanks
John Baird wrote:
> I cant spot anything wrong with your code. What value are you using for
> mode - that should DS_ADD_VALUE. The target is the object to which you want
> to add the ACL as an attribute value. The fact that it works for [Root] and
> not other objects suggests you might not be specifying the object name
> correctly relative to the context pointed to by your context handle. What
> value do you get for rcode?
> John
> DevSup SysOp 24
> "kazakov" <andrey.kazakov@gmail.com> wrote in message
> news:e81Cf.1537$IK1.495@prv-forum2.provo.novell.com...
> > Hello,
> > I am trying to grant privileges to user on object.
> > I have a problem setting DS_ENTRY_ADD right, I don't know what target
> > object to set? It is supposed to be the container of the object. I
have a
> > tree - Tree, and context - cnt.context. Using that values as a target
does
> > not seeem to work. But it works fine for [Root].
> > Here is the code:
> >
> >
> > Object_ACL_T ACL;
> > pBuf_T dsBuf = NULL;
> >
> > NWDSCCODE rcode = ::NWDSAllocBuf((size_t)DEFAULT_MESSAGE_LEN,
&dsBuf);
> >
> > if (rcode)
> > return rcode;
> >
> > rcode = NWDSInitBuf(g_ContextHandle, DSV_MODIFY_ENTRY, dsBuf);
> >
> > if (rcode)
> > return rcode;
> >
> >
> > ACL.protectedAttrName = DS_ENTRY_RIGHTS_NAME;
> > ACL.subjectName = (char*)user;
> > ACL.privileges = rights;
> >
> > rcode = NWDSPutChange (g_ContextHandle,dsBuf,mode,"ACL");
> >
> > rcode =
NWDSPutAttrVal(g_ContextHandle,dsBuf,SYN_OBJECT_ACL,&ACL);
> >
> > rcode = NWDSModifyObject(g_ContextHandle,(char*)target, NULL, 0,
dsBuf);
> >
> > return rcode;
|
| Post Reply
|
| Re: DS_ENTRY_ADD - target object |
 |
Fri, 27 Jan 2006 20:54:24 GMT |
If the context handle pointed to ny.sales.abc and the objects you were
dealing with were in that container, then you would just pass in the rdn
e.g. john. If your context handle pointed to [Root], you would pass in the
distinguished name e.g. john.ny.sales.abc. Whether or not you include typing
in the names (as in CN=John.OU=ny.OU=sales.o=abc) depends on the setting for
the context flag DCV_TYPELESS_NAMES. Can you check if the ACL is actually
created? Do you need to make this rights setting inheritable?
John
DevSup SysOp 24
"kazakov" <andrey.kazakov@gmail.com> wrote in message
news:VtlCf.600$I_5.214@prv-forum2.provo.novell.com...
> Hello,
> Well I have no error code it returns SUCCESS, but in facts I don't see new
> rights working(can't add user).
>
> Can you give me an example for the correct object name ?
>
> Thanks
>
> John Baird wrote:
>
>> I cant spot anything wrong with your code. What value are you using
for
>> mode - that should DS_ADD_VALUE. The target is the object to which you
>> want
>> to add the ACL as an attribute value. The fact that it works for [Root]
>> and
>> not other objects suggests you might not be specifying the object name
>> correctly relative to the context pointed to by your context handle.
What
>> value do you get for rcode?
>
>> John
>> DevSup SysOp 24
>
>
>
>> "kazakov" <andrey.kazakov@gmail.com> wrote in message
>> news:e81Cf.1537$IK1.495@prv-forum2.provo.novell.com...
>> > Hello,
>> > I am trying to grant privileges to user on object.
>> > I have a problem setting DS_ENTRY_ADD right, I don't know what
target
>> > object to set? It is supposed to be the container of the object. I
have
>> > a
>> > tree - Tree, and context - cnt.context. Using that values as a
target
>> > does
>> > not seeem to work. But it works fine for [Root].
>> > Here is the code:
>> >
>> >
>> > Object_ACL_T ACL;
>> > pBuf_T dsBuf = NULL;
>> >
>> > NWDSCCODE rcode = ::NWDSAllocBuf((size_t)DEFAULT_MESSAGE_LEN,
>> > &dsBuf);
>> >
>> > if (rcode)
>> > return rcode;
>> >
>> > rcode = NWDSInitBuf(g_ContextHandle, DSV_MODIFY_ENTRY, dsBuf);
>> >
>> > if (rcode)
>> > return rcode;
>> >
>> >
>> > ACL.protectedAttrName = DS_ENTRY_RIGHTS_NAME;
>> > ACL.subjectName = (char*)user;
>> > ACL.privileges = rights;
>> >
>> > rcode = NWDSPutChange
(g_ContextHandle,dsBuf,mode,"ACL");
>> >
>> > rcode =
NWDSPutAttrVal(g_ContextHandle,dsBuf,SYN_OBJECT_ACL,&ACL);
>> >
>> > rcode = NWDSModifyObject(g_ContextHandle,(char*)target, NULL, 0,
>> > dsBuf);
>> >
>> > return rcode;
>
>
|
| Post Reply
|
| Re: DS_ENTRY_ADD - target object |
 |
Mon, 30 Jan 2006 09:25:56 GMT |
I Am actually interested for the sample of the target container object
(when i am going to apply DS_ENTRY_ADD rule)
Thanks
John Baird wrote:
> If the context handle pointed to ny.sales.abc and the objects you were
> dealing with were in that container, then you would just pass in the rdn
> e.g. john. If your context handle pointed to [Root], you would pass in the
> distinguished name e.g. john.ny.sales.abc. Whether or not you include
typing
> in the names (as in CN=John.OU=ny.OU=sales.o=abc) depends on the setting
for
> the context flag DCV_TYPELESS_NAMES. Can you check if the ACL is actually
> created? Do you need to make this rights setting inheritable?
> John
> DevSup SysOp 24
> "kazakov" <andrey.kazakov@gmail.com> wrote in message
> news:VtlCf.600$I_5.214@prv-forum2.provo.novell.com...
> > Hello,
> > Well I have no error code it returns SUCCESS, but in facts I don't see
new
> > rights working(can't add user).
> >
> > Can you give me an example for the correct object name ?
> >
> > Thanks
> >
> > John Baird wrote:
> >
> >> I cant spot anything wrong with your code. What value are you
using for
> >> mode - that should DS_ADD_VALUE. The target is the object to which
you
> >> want
> >> to add the ACL as an attribute value. The fact that it works for
[Root]
> >> and
> >> not other objects suggests you might not be specifying the object
name
> >> correctly relative to the context pointed to by your context
handle. What
> >> value do you get for rcode?
> >
> >> John
> >> DevSup SysOp 24
> >
> >
> >
> >> "kazakov" <andrey.kazakov@gmail.com> wrote in
message
> >> news:e81Cf.1537$IK1.495@prv-forum2.provo.novell.com...
> >> > Hello,
> >> > I am trying to grant privileges to user on object.
> >> > I have a problem setting DS_ENTRY_ADD right, I don't know
what target
> >> > object to set? It is supposed to be the container of the
object. I have
> >> > a
> >> > tree - Tree, and context - cnt.context. Using that values as
a target
> >> > does
> >> > not seeem to work. But it works fine for [Root].
> >> > Here is the code:
> >> >
> >> >
> >> > Object_ACL_T ACL;
> >> > pBuf_T dsBuf = NULL;
> >> >
> >> > NWDSCCODE rcode =
::NWDSAllocBuf((size_t)DEFAULT_MESSAGE_LEN,
> >> > &dsBuf);
> >> >
> >> > if (rcode)
> >> > return rcode;
> >> >
> >> > rcode = NWDSInitBuf(g_ContextHandle, DSV_MODIFY_ENTRY,
dsBuf);
> >> >
> >> > if (rcode)
> >> > return rcode;
> >> >
> >> >
> >> > ACL.protectedAttrName = DS_ENTRY_RIGHTS_NAME;
> >> > ACL.subjectName = (char*)user;
> >> > ACL.privileges = rights;
> >> >
> >> > rcode = NWDSPutChange
(g_ContextHandle,dsBuf,mode,"ACL");
> >> >
> >> > rcode =
NWDSPutAttrVal(g_ContextHandle,dsBuf,SYN_OBJECT_ACL,&ACL);
> >> >
> >> > rcode = NWDSModifyObject(g_ContextHandle,(char*)target,
NULL, 0,
> >> > dsBuf);
> >> >
> >> > return rcode;
> >
> >
|
| Post Reply
|
|
|