LDAP_SERVER_SD_FLAGS_OID control code
The LDAP_SERVER_SD_FLAGS_OID control is used to pass flags to the server to control various security descriptor results.
To use this control, set the members of the LDAPControl structure as follows.
PWCHAR ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
struct berval ldctl_value;
BOOLEAN ldctl_iscritical;
Members
-
ldctl_oid
-
LDAP_SERVER_SD_FLAGS_OID, defined as "1.2.840.113556.1.4.801".
-
ldctl_value
-
Specifies a BER-encoded sequence of parameters that enables the application to specify various descriptor flags. In the berval structure, set bv_val to a pointer to the sequence that contains the flag data and set bv_len to the length of the sequence. For more information, see the Remarks section.
-
ldctl_iscritical
-
Can be TRUE or FALSE depending on whether SD search/modify is critical to the operation.
Remarks
The Security Descriptor control enables the client to pass flags to specify various security descriptor options. The ldctl_value field is set to the following BER-encoded sequence.
Sequence {
Flags INTEGER
}
The ber_printf function is used to create the sequence data. The flags portion contains the descriptor options to include. The following example code shows how to format the sequence data.
LDAPControl *FormatSDFlags(int iFlagValue)
{
BerElement *pber = NULL;
PLDAPControl pLControl = NULL;
PBERVAL pldctrl_value = NULL;
int success = -1;
// Format and encode the SEQUENCE data in a BerElement.
pber = ber_alloc_t(LBER_USE_DER);
if(pber==NULL) return NULL;
pLControl = new LDAPControl;
if(pLControl==NULL) { ber_free(pber,1); return NULL; }
ber_printf(pber,"{i}",iFlagValue);
// Transfer the encoded data into a BERVAL.
success = ber_flatten(pber,&pldctrl_value);
if(success == 0)
ber_free(pber,1);
else
{
printf("ber_flatten failed");
// Call error handler here.
}
// Copy the BERVAL data to the LDAPControl structure.
pLControl.ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
pLControl.ldctl_iscritical = TRUE;
pLControl.ldctl_value.bv_val = new char[pldctrl_value->bv_len];
memcpy(pLControl.ldctl_value.bv_val,
pldctrl_value->bv_val, pldctrl_value->bv_len);
pLControl.ldctl_value.bv_len = pldctrl_value->bv_len;
// Cleanup temporary berval.
ber_bvfree(pldctrl_value);
// Return the formatted LDAPControl data.
return pLControl;
}
The security information flags indicate which security descriptor parts to retrieve during a search. They can be bitwise ORed to get multiple or all parts.
| Security information flag | Value | Description |
|---|---|---|
| OWNER_SECURITY_INFORMATION |
0x00000001L |
Owner identifier of the object. |
| GROUP_SECURITY_INFORMATION |
0x00000002L |
Primary group identifier. |
| DACL_SECURITY_INFORMATION |
0x00000004L |
Discretionary ACL of the object. |
| SACL_SECURITY_INFORMATION |
0x00000008L |
System ACL of the object. |
Requirements
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Header |
|