| Directory Services |
The LDAP_SERVER_SD_FLAGS_OID control is used to pass flags to the server to control various security desciptor behaviors.
To use this control, set the members of the LDAPControl structure as follows:
PWCHAR ldctl_oid = LDAP_SERVER_SD_FLAGS_OID; struct berval ldctl_value; BOOLEAN ldctl_iscritical;
The Security Descriptor control allows the client to pass flags to specify various security descriptor options. The ldctl_value field is set to the following BER-encoded sequence:
Sequence {
Flags INTEGER
}
The ber_printf routine is used to create the sequence data. The flags portion contains the descriptor options to include. This code shows how to manually format the sequence data.
LDAPControl *FormatSDFlags(int iFlagValue)
{
BerElement *pber = NULL;
PLDAPControl pLControl = NULL;
PBERVAL pldctrl_value = NULL;
int success = -1;
// format & encode the SEQUENCE data in a BerElement
pber = ber_alloc_t(LBER_USE_DER);
if(pber==NULL) return NULL;
pLControl = new LDAPControl;
if(pLControl==NULL) { ber_free(pber,1); return NULL; }
ber_printf(pber,"{i}",iFlagValue);
// transfer the encoded data into a BERVAL
success = ber_flatten(pber,&pldctrl_value);
if(success == 0)
ber_free(pber,1);
else
{
printf("ber_flatten failed");
// Call error handler here.
}
// copy the BERVAL data to the LDAPControl structure
pLControl.ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
pLControl.ldctl_iscritical = TRUE;
pLControl.ldctl_value.bv_val = new char[pldctrl_value->bv_len];
memcpy(pLControl.ldctl_value.bv_val,
pldctrl_value->bv_val, pldctrl_value->bv_len);
pLControl.ldctl_value.bv_len = pldctrl_value->bv_len;
// clean up temporary berval
ber_bvfree(pldctrl_value);
// return the formatted LDAPControl data
return pLControl;
}
Client: Included in Windows XP and
Windows 2000 Professional.
Server: Included in Windows Server 2003 and
Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension
on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Winldap.h.