Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

LDAP_SERVER_SD_FLAGS_OID control code

The LDAP_SERVER_SD_FLAGS_OID control is used to pass flags to the server to control various security descriptor results.

To use this control, set the members of the LDAPControl structure as follows.

PWCHAR ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
struct berval ldctl_value;
BOOLEAN ldctl_iscritical;

Members

ldctl_oid

LDAP_SERVER_SD_FLAGS_OID, defined as "1.2.840.113556.1.4.801".

ldctl_value

Specifies a BER-encoded sequence of parameters that enables the application to specify various descriptor flags. In the berval structure, set bv_val to a pointer to the sequence that contains the flag data and set bv_len to the length of the sequence. For more information, see the Remarks section.

ldctl_iscritical

Can be TRUE or FALSE depending on whether SD search/modify is critical to the operation.

Remarks

The Security Descriptor control enables the client to pass flags to specify various security descriptor options. The ldctl_value field is set to the following BER-encoded sequence.


Sequence {
  Flags    INTEGER
}

The ber_printf function is used to create the sequence data. The flags portion contains the descriptor options to include. The following example code shows how to format the sequence data.


LDAPControl *FormatSDFlags(int iFlagValue)
{
  BerElement *pber = NULL;
  PLDAPControl pLControl = NULL;
  PBERVAL pldctrl_value = NULL;
  int success = -1;
  
  // Format and encode the SEQUENCE data in a BerElement.
  pber = ber_alloc_t(LBER_USE_DER);
  if(pber==NULL) return NULL;
  pLControl = new LDAPControl;
  if(pLControl==NULL) { ber_free(pber,1); return NULL; }
  ber_printf(pber,"{i}",iFlagValue);

  // Transfer the encoded data into a BERVAL.
  success = ber_flatten(pber,&pldctrl_value);
  if(success == 0)
      ber_free(pber,1);
  else
  {
      printf("ber_flatten failed");
      // Call error handler here.
  }

  // Copy the BERVAL data to the LDAPControl structure.
  pLControl.ldctl_oid = LDAP_SERVER_SD_FLAGS_OID;
  pLControl.ldctl_iscritical = TRUE;
  pLControl.ldctl_value.bv_val = new char[pldctrl_value->bv_len];
  memcpy(pLControl.ldctl_value.bv_val, 
         pldctrl_value->bv_val, pldctrl_value->bv_len);
  pLControl.ldctl_value.bv_len = pldctrl_value->bv_len;

  // Cleanup temporary berval.
  ber_bvfree(pldctrl_value);

  // Return the formatted LDAPControl data.
  return pLControl;
}

The security information flags indicate which security descriptor parts to retrieve during a search. They can be bitwise ORed to get multiple or all parts.

Security information flagValueDescription

OWNER_SECURITY_INFORMATION

0x00000001L

Owner identifier of the object.

GROUP_SECURITY_INFORMATION

0x00000002L

Primary group identifier.

DACL_SECURITY_INFORMATION

0x00000004L

Discretionary ACL of the object.

SACL_SECURITY_INFORMATION

0x00000008L

System ACL of the object.

 

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2003

Header

Ntldap.h

See also

Data Structures
LDAPMessage
Using Controls

 

 

Show:
© 2015 Microsoft