The DCE ACL model supports extended naming so that ACL managers can separately protect objects that are not registered in the cell namespace. This provides an alternative to registering all the server's objects with CDS. The server alone is registered, and it contains code to identify its own objects by name. To achieve ACL protection for these objects, the ACL manager must be able to identify the ACLs in the same way the server identifies the objects. A resolution routine provides this ability.
The following figure shows the example of a printer server that is registered with CDS, with printers that are not. The ACL manager for the printer server uses the dce_acl_resolve_by_name( ) resolution routine to obtain the UUIDs of the several printers that are supported. The administrator in charge of the printers can change the printers, their names, and their ACLs without concern for registering them with CDS.
Protection with Extended Naming
When the dce_acl_register_object_type( ) routine registers an object type, it associates a resolution routine with the object type. The ACL library provides two resolution routines: dce_acl_resolve_by_name( ) and dce_acl_resolve_by_uuid(~). Other resolution routines can be easily written, as required.
To take advantage of extended naming, an ACL manager must register the server name, object UUID, and rdaclif.idl interface with the CDS. (Refer to the OSF DCE Application Guide - Directory Services for more information). In addition, the ACL manager must register the object UUID and rdaclif.idl interface with the RPC endpoint mapper (refer to the chapters concerning RPC in Part 3 of this guide).
More: