Directory Services

LDAP_SERVER_SD_FLAGS_OID

The LDAP_SERVER_SD_FLAGS_OID control is used to pass flags to the server to control various security desciptor behaviors.

To use this control, set the members of the LDAPControl structure as follows:

PWCHAR ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
struct berval ldctl_value;
BOOLEAN ldctl_iscritical;

Members

ldctl_oid
LDAP_SERVER_SD_FLAGS_OID, which is defined as "1.2.840.113556.1.4.801".
ldctl_value
Specifies a BER-encoded sequence of parameters that allows the application to specify various descriptor flags. In the berval structure, set bv_val to a pointer to the sequence containing the flag data (see the following Remarks section), and set bv_len to the length of the sequence.
ldctl_iscritical
Can be TRUE or FALSE depending on whether paging the results is critical to your application.

Remarks

The Security Descriptor control allows the client to pass flags to specify various security descriptor options. The ldctl_value field is set to the following BER-encoded sequence:

Sequence {
  Flags	INTEGER
}

The ber_printf routine is used to create the sequence data. The flags portion contains the descriptor options to include. This code shows how to manually format the sequence data.

LDAPControl *FormatSDFlags(int iFlagValue)
{
  BerElement *pber = NULL;
  PLDAPControl pLControl = NULL;
  PBERVAL pldctrl_value = NULL;
  int success = -1;
  
  // format & encode the SEQUENCE data in a BerElement
  pber = ber_alloc_t(LBER_USE_DER);
  if(pber==NULL) return NULL;
  pLControl = new LDAPControl;
  if(pLControl==NULL) { ber_free(pber,1); return NULL; }
  ber_printf(pber,"{i}",iFlagValue);

  // transfer the encoded data into a BERVAL
  success = ber_flatten(pber,&pldctrl_value);
  if(success == 0)
	ber_free(pber,1);
  else
  {
	printf("ber_flatten failed");
	// Call error handler here.
  }

  // copy the BERVAL data to the LDAPControl structure
  pLControl.ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
  pLControl.ldctl_iscritical = TRUE;
  pLControl.ldctl_value.bv_val = new char[pldctrl_value->bv_len];
  memcpy(pLControl.ldctl_value.bv_val, 
		 pldctrl_value->bv_val, pldctrl_value->bv_len);
  pLControl.ldctl_value.bv_len = pldctrl_value->bv_len;

  // clean up temporary berval
  ber_bvfree(pldctrl_value);

  // return the formatted LDAPControl data
  return pLControl;
}

Requirements

Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Winldap.h.

See Also

Data Structures, LDAPMessage, Using Controls