3.2.1.1 Policy Setting State

The persistent state configured by the CSE of this protocol is specified herein. The location for storing this state is implementation-specific. 

Note  The abstract interface notation (Public) for an ADM element indicates that the data element can be directly accessed from outside this protocol.

CentralAccessPolicyDNList: A persistent list of string-valued data elements. The string value of each element is the LDAP distinguished name of an existing CAP object.

CentralAccessPoliciesList (Public): A persistent list of CentralAccessPolicy objects.

CentralAccessPolicy: A structure data type that contains the following fields.

Field name	Description
CAPID	A security identifier (SID), as specified in [MS-DTYP] section 2.4.2, that identifies the CentralAccessPolicy object.
CentralAccessPolicyDN	The LDAP distinguished name of the CentralAccessPolicy object.
CentralAccessPolicyRulesList	A list of CentralAccessPolicyRule objects.

CentralAccessPolicyRule: A structure data type that contains the following fields.

Field name	Description
EffectiveCentralAccessPolicy	A data element of type CentralAccessPolicyCondition containing the effective access policy for the CentralAccessPolicyRule. The schema class for a CentralAccessPolicyRule is defined in [MS-ADSC] section 2.98.
StagedCentralAccessPolicy	A data element of type CentralAccessPolicyCondition containing the staged access policy for the CentralAccessPolicyRule. The schema class for a CentralAccessPolicyRule is defined in [MS-ADSC] section 2.98.

CentralAccessPolicyCondition: A structure data type that contains the following fields.

Field name	Description
AppliesToPredicate	An ACCESS_ALLOWED_CALLBACK_ACE value ([MS-DTYP] section 2.4.4.6) that contains the condition that defines the scope of the resources to which the CentralAccessPolicyEntry data element applies.
AccessCondition	A security descriptor value ([MS-DTYP] section 2.4.6) that contains the access condition for the CentralAccessPolicyEntry data element.