- Creating and deleting or enabling and disabling a connected-system account
- adding/removing connected-system accounts group memberships
- adding/setting attribute values to connected-system accounts
Granting and Revoking Entitlement (DirXML-EntitlementRef)#An entitlement is granted to and revoked from an eDirectory entry via the addition a value for the DirXML-EntitlementRef attribute which is associated with the auxiliary class DirXML-EntitlementRecipient on an eDirectory entry.
Volume Element#The "volume" (or DN) portion of the path syntax value refers to the DirXML-Entitlement object. Because the attribute is write-managed, the agent setting the DirXML-EntitlementRef attribute value on an eDirectory object must have write access to the DirXML-EntitlementRef attribute on the object that is being written to and must also have write access to the ACL attribute on the DirXML-Entitlement object that is referred to by the DN portion of the DirXML-EntitlementRef value.
Path Element#The "path" (or string) portion of the DirXML-EntitlementRef attribute contains an XML document whose root element is <ref>.
namespace Element#The "namespace" (or integer) portion of the DirXML-EntitlementRef attribute is used as a bitmask to hold a set of flags. Bit 0 of the 32-bit integer is used for this flag value and is known as the state bit where:
- 0 means revoked
- 1 means granted
Bit 1 is used to flag a granted entitlement that is the result of the upgrade process and is known as the upgrade bit where:
- 1 means that the entitlement was previously granted in the legacy format and is therefore not a change in the entitlement state.
Bits 2-31 are reserved for future use.
DirXML-EntitlementResult attribute#After the entitlement action (grant or revocation) has been completed (successfully or not) by the DirXML driver configuration, a result is written to the eDirectory object using the DirXML-EntitlementResult attribute. DirXML-EntitlementResult is a multi-valued SYN_OCTET_STRING containing an XML document whose root element is <result>. Implementing Novell Entitlements in a Driver "revoke" all granted" entitlements when various events took place on a user.
Entitlements and romResources#DirXML Entitlements are often encapsulates within a romResource for convenience.
More Information#There might be more information for this subject on one of the following:
- Description of Attribute Usage For 2.16.840.1.1137220.127.116.11.1.2088
- DirXML Entitlements
- Entitlement Granting Agent Types
- Implementing Novell Entitlements in a Driver
- Provisioning Request Definitions
- Removing Novell Granted Entitlements