Cisco DCNM Web Services API Guide, Release 4.1
NacLpIpApp Service
Downloads: This chapterpdf (PDF - 182.0KB) The complete bookPDF (PDF - 7.86MB) | Feedback

NacLpIpApp Service

Table Of Contents

NacLpIpApp Service

Information About NacLpIpApp Service

addExceptionListHostsToIdentityProfile

bindAccessListToIdentityPolicies

bindEapOverUdpValidationToNetworkInterfaces

bindIdentityPolicyToExceptionListHosts

bindIdentityPolicyToExceptionListHostsByName

bindIpAdmissionControlRulesToNetworkInterfaces

clearIpAdmissionControlRuleFromInterfaces

createIdentityPoliciesInNetworkElement

createIdentityProfile

createIpAdmissionControlRulesInNetworkElement

deleteAllAdmissionControlRulesInNetworkElement

deleteAllIdentityPoliciesInNetworkElement

deleteIdentityPolicies

deleteIdentityProfileFromNetworkElement

deleteIpAdmissionControlRules

disableClientlessAuthenticationInNetworkElements

disableIpDeviceTrackingInNetworkElements

disableNacService

enableClientlessAuthenticationInNetworkElements

enableIpDeviceTrackingInNetworkElements

enableNacService

getAdmissionControlRulesInNetworkElement

getAllNacHostSessionInNetworkElement

getClientlessAuthenticationInNetworkElements

getEapOudpValidationSettingInInterfaces

getExceptionListHostsInIdentityProfile

getIdentityPoliciesInNetworkElement

getIdentityPolicyForExceptionListHost

getIdentityProfilesInNetworkElement

getInterfacesUsingIpAdmissionControlRule

getIpAdmissionControlRuleAppliedOnInterfaces

getIpDeviceTrackingInNetworkElements

getLpIpGlobalSettingsInNetworkElements

getLpIpTrackedDevicesInNetworkElement

getLpIpTrackedDevicesInSwitchedNetworkInterface

getNacHostSessionInSwitchedNetworkInterface

modifyClientlessAuthentication

modifyExceptionListHostsInIdentityProfile

modifyIdentityPolicies

modifyIdentityProfiles

modifyIpAdmissionControlRules

modifyIpDeviceTracking

modifyLpIpGlobalSettingsInNetworkElements

removeExceptionListHostsFromIdentityProfile

unbindIdentityPolicyFromExceptionListHosts


NacLpIpApp Service


This chapter describes the DCNM web services' API methods for the NacLpIpApp service.

Information About NacLpIpApp Service

NacLpIpApp allows a host that is seeking network access to have an up-to-date virus signature set, the most current operating system patches, and to be free from infection. This enforcement, called posture validation, limits damage to the network from viruses, worms, and spyware.

Hosts that pass posture validation will be granted access to the network. Hosts that fail posture validation will be either denied access or provided restricted access that is sufficient for remediation. The remediation server has a repository of updates for antivirus software and security patches. Hosts that fail posture validation are forwarded to this remediation server to enable them to download or upgrade antivirus software and operating system security patches.

NAC APIs are defined with the following categories:

1. Query and Get APIs—Used to query data from the persisted database.

2. Create APIs—Used to create a new Policy, Profile, or ExemptedHost.

3. Modify APIs—Used to modify a Policy, Profile, or ExemptedHost.

4. Delete APIs—Used to delete a Policy or Profile.

5. Bind and Unbind APIs—Used to bind or unbind the association between two features.

6. Add and Remove APIs—Used to add or remove the association between two features.

addExceptionListHostsToIdentityProfile

Adds Exception List hosts to identity policy.

ValidationException is thrown if any of the following situation occurs:

If exceptionListHostCol collection is null or it is empty.

If exceptionListHostCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

If identityProfileId is null or it is empty.

If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId.

If identityProfileId contains a IdentityProfile that does not exist in the database.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of IdentityProfile object

exceptionListHostCol—a collection of ExceptionListHost objects

Return Value

void

bindAccessListToIdentityPolicies

Assigns an access list to a collection of identity policies. For an access list to be bound to an identity policy, name of the list is sufficient. The access list need not have been configured in the device. This API addresses this pre-provisioning configuration. Network element InstanceNameId can be obtained from identityPolicyIds.

ValidationException is thrown if any of the following situation occurs:

If identityPolicyIdCol collection is null or it is empty.

If identityPolicyIdCol collection contains an element that is not of type IdentityPolicy InstanceNameId.

If identityPolicyIdCol collection contains a IdentityPolicy that does not exist in the database.

If aclName is null or it is empty.

Parameters

opContext—Operational context

aclName—Name of the IP Access List

identityPolicyIdCol—a collection of InstanceNameId of identity policies

Return Value

void

bindEapOverUdpValidationToNetworkInterfaces

Applies the given EapOUdpValidation object to a given set of interfaces. *

ValidationException is thrown if any of the following situation occurs:

If interfaceNameIdCol collection is null or it is empty.

If interfaceNameIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

If interfaceNameIdCol collection contains a SwitchedNetworkInterface that does not exist in the database.

If eapOudpValidation is null or it is empty.

Parameters

opContext—Operational context

eapOudpValidation—EapOudpValidation object to be applied to a collection of interfaces.

interfaceNameIdCol—InstanceNameId of the interfaces to which the EapOudpValidation have to be applied.

Return Value

void

bindIdentityPolicyToExceptionListHosts

Assigns a given identity poilcy to a given collection of statically configured exception list hosts.

ValidationException is thrown if any of the following situation occurs:

If exceptionLishHostIdCol collection is null or it is empty.

If exceptionLishHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

If exceptionLishHostIdCol collection contains a ExceptionListHost that does not exist in the database.

If identityPolicyId is null or it is empty.

If identityPolicyId contains an element that is not of type IdentityPolicy InstanceNameId.

If identityPolicyId contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

identityPolicyId—InstanceNameId of IdentityPolicy

exceptionLishHostIdCol—a collection of InstanceNameId of ExceptionListHost

Return Value

void

bindIdentityPolicyToExceptionListHostsByName

Assigns pre-provisioned identity policy to a collection of exception list hosts. For Identity policy to be bound to a collection of exception list hosts, identity policy need not have been configured in the device. This API addresses this pre-provisioning configuration.

ValidationException is thrown if any of the following situation occurs:

If exceptionListHostIdCol collection is null or it is empty.

If exceptionListHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

If exceptionListHostIdCol collection contains a ExceptionListHost that does not exist in the database.

If policyName is null or it is empty.

Parameters

opContext—Operational context

policyName—Name of the IdentityPolicy. This policy need not have been configured in the device.

exceptionListHostIdCol—a collection of InstanceNameId of ExceptionListHost

Return Value

void

bindIpAdmissionControlRulesToNetworkInterfaces

Applies an IP admission control rule on a collection of Switched Network interfaces.

ValidationException is thrown if any of the following situation occurs:

If interfaceNameIdCol collection is null or it is empty.

If interfaceNameIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

If interfaceNameIdCol collection contains a IpAdmissionControlRule that does not exist in the database.

If ipAdmissionControlRuleId is null or it is empty.

If ipAdmissionControlRuleId contains an element that is not of type IpAdmissionControlRule InstanceNameId.

If ipAdmissionControlRuleId contains a IpAdmissionControlRule that does not exist in the database.

Parameters

opContext—Operational context

ipAdmissionControlRuleId—InstanceNameId of the IpAdmissionControlRule to be applied on a set of interfaces

interfaceNameIdCol—a collection of InstanceNameId of interfaces on which the given IP admission control rule has to be applied.

Return Value

void

clearIpAdmissionControlRuleFromInterfaces

Clears the given IP admission control rule applied on a collection of interfaces.

ValidationException is thrown if any of the following situation occurs:

If interfaceNameIdCol is null or it is empty.

If interfaceNameIdCol contains invalid Switched Network Interface InstanceNameId or null value.

If there is no equivalent Switched Network Interfaces object with the given InstanceNameId in the interfaceNameIdCol.

Parameters

opContext—Operational context

interfaceNameIdCol—a collection of InstanceNameIds of interfaces from which the given IP admission control rule has to be cleared

Return Value

void

createIdentityPoliciesInNetworkElement

Creates a collection of identity policies in a network element.

ValidationException is thrown if any of the following situation occurs:

If the networkElementId is null or it is not a valid network element InstanceNameId.

If identityPoliciyCol collection is null or empty.

If identityPoliciyCol collection has the existing identity policy name

Parameters

opContext—Operational context

networkElementId—InstanceNameId of network element in which the identity policies have to be created.

identityPoliciyCol—a collection of IdentityPolicy to be created.

Return Value

void

createIdentityProfile

Creates an identity profile in a network element.

ValidationException is thrown if any of the following situation occurs:

If the argument passed is null or it is not a valid network element InstanceNameId.

If identityProfile is null or empty.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element

identityProfile—IdentityProfile object

Return Value

InstanceNameId of the created identity profile

createIpAdmissionControlRulesInNetworkElement

Creates the given IP Admssion Control Rules in a Network Element.

ValidationException is thrown if any of the following situation occurs:

If the argument passed is null or it is not a valid network element InstanceNameId.

If ipAdmissionControlRules collection is null or empty.

If ipAdmissionControlRules collection has the existing ip admission control name

If ip admission control name length is more than 128 characters.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element in which rules will be created.

ipAdmissionControlRules—a collection of IpAdmssion Control Rules

Return Value

A collection of InstanceNameIds of the created rules.

deleteAllAdmissionControlRulesInNetworkElement

Deletes all the IP admission control rules configured in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element

Return Value

void

deleteAllIdentityPoliciesInNetworkElement

Deletes all the Identity policies in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element in which identity policies have to be deleted.

Return Value

void

deleteIdentityPolicies

Deletes a given collection of Identity policies.

ValidationException is thrown if any of the following situation occurs:

If identityPolicyIdCol collection is null or it is empty.

If identityPolicyIdCol collection contains an element that is not of type IdentityPolicy InstanceNameId.

If identityPolicyIdCol collection contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

identityPolicyIdCol—InstanceNameIds of identity policies to be deleted.

Return Value

void

deleteIdentityProfileFromNetworkElement

Deletes an identity profile configured in a given network element.

ValidationException is thrown if any of the following situation occurs:

If identityProfileId is null or it is empty.

If identityProfileId contains an element that is not of type IpAdmissionControlRule InstanceNameId.

If identityProfileId contains a IpAdmissionControlRule that does not exist in the database.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of the identity profile to be deleted

Return Value

void

deleteIpAdmissionControlRules

Deletes the given collection of IP Admission Control Rules.

ValidationException is thrown if any of the following situation occurs:

If ipAdmissionControlRuleIdCol collection is null or it is empty.

If ipAdmissionControlRuleIdCol collection contains an element that is not of type IpAdmissionControlRule InstanceNameId.

If ipAdmissionControlRuleIdCol collection contains a IpAdmissionControlRule that does not exist in the database.

Parameters

opContext—Operational context

ipAdmissionControlRuleIdCol—a collection of InstanceNameId of IpAdmissionControlRule to be deleted.

Return Value

void

disableClientlessAuthenticationInNetworkElements

Disable clientless authentication feature in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIds—a collection of InstanceNameId of network elements in which ClientlessAuthentication has to be disabled.

Return Value

void

disableIpDeviceTrackingInNetworkElements

Disables IP device tracking features in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameIds of network elements in which device tracking feature has to be disabled.

Return Value

void

disableNacService

Disables Nac Service in a InstanceNameId network element. Service Enabling/Disabling is supported in DC OS platform. If this API is called with the network elements of Cat6k platform then FeatureException will be thrown.

ValidationException is thrown if any of the following situation occurs:

1. If neInstanceNameIdCol is null.

2. If neInstanceNameIdCol does not contain a valid network element InstanceNameId.

3. If the network element does not exist in the database.

Parameters

opContext—TODO

neInstanceNameIdCol—- A collection of InstanceNameId of the network elements.

Return Value

void

enableClientlessAuthenticationInNetworkElements

Enables clientless authentication feature in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements in which ClientlessAuthentication has to be enabled.

Return Value

void

enableIpDeviceTrackingInNetworkElements

Enables IP device tracking feature in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements in which device tracking feature has to be enabled.

Return Value

void

enableNacService

Enables Nac Service in a InstanceNameId network element. Service Enabling/Disabling is supported in DC OS platform. If this API is called with the network elements of Cat6k platform then FeatureException will be thrown.

ValidationException is thrown if any of the following situation occurs:

1. If neInstanceNameIdCol is null.

2. If neInstanceNameIdCol does not contain a valid network element InstanceNameId.

3. If the network element does not exist in the database.

Parameters

opContext—TODO

neInstanceNameIdCol—- A collection of InstanceNameId of the network elements.

Return Value

void

getAdmissionControlRulesInNetworkElement

Returns all the IP admission control rules configured in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—instance id of the given network element.

Return Value

A collection of IP Admission Control Rules. This collection will hold objects on type IpAdmissionControlRule

getAllNacHostSessionInNetworkElement

Returns the list of NAC host sessions in the network element.

Parameters

opContext—Operational context

networkElementId—a network element.

Return Value

void

getClientlessAuthenticationInNetworkElements

Returns the clientless authentication configurations done in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements.

Return Value

A collection of ClientlessAuthentication objects representing the clientless authentication feature configured in network element.

getEapOudpValidationSettingInInterfaces

Returns the EAPoUDP protocol parameters configured in a given collection of interfaces.

ValidationException is thrown if any of the following situation occurs:

If interfaceNameIds is null or it is empty.

If interfaceNameIds contains invalid Switched Network Interface InstanceNameId or null value.

If there is no equivalent Switched Network Interfaces object with the given InstanceNameId in the interfaceNameIds.

Parameters

opContext—Operational context

interfaceNameIds—a collection of InstanceNameIds of switched network interfaces whose EAPoUDP parameters will be returned.

Return Value

A collection of EapOUdpValidation objects representing the EAPoUDP parameters configured.

getExceptionListHostsInIdentityProfile

Gets a collection of exempted hosts associated with a given identity profile.

ValidationException is thrown if any of the following situation occurs:

If identityProfileId is null or it is empty.

If identityProfileId contains invalid identity profile InstanceNameId or null value.

If there is no equivalent identity profile object with the given InstanceNameId in the identityProfileId.

Parameters

opContext—Operational context

identityProfile—InstanceNameId of identity profile

Return Value

A collection of exempted hosts associated with the identity profile. Returned collection will hold objects of type com.cisco.dcbu.dcm.model.nac.ExemptedHost

getIdentityPoliciesInNetworkElement

Returns a collection of identity policies configured in a given network element.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—instance id of network element

Return Value

A collection of identitiy policies configured in the network element. The returned collection will hold objects of type IdentityPolicy

getIdentityPolicyForExceptionListHost

Returns the identity policy assigned to a exempted list host.

ValidationException is thrown if any of the following situation occurs:

If exemptHostInstanceNameIdCol is null or it is empty.

If exemptHostInstanceNameIdCol contains invalid exempted list host InstanceNameId or null value.

If there is no equivalent exempted list host object with the given InstanceNameId in the exemptHostInstanceNameIdCol.

Parameters

opContext—* @param exemptHostInstanceNameIdCol instance id of ExemptedHost.

Return Value

Idnetity policy configured for the given exempted host IdentityPolicy

getIdentityProfilesInNetworkElement

Returns all the identity profiles configured in a network element. Returned list size will be one for DC3, since DCOS supports only EapoUdp.

ValidationException is thrown if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

networkElementId—InstanceNameId of network element

Return Value

A collection of identity profiles configured in the given network element. Collection returned will hold objects of type IdentityProfile

getInterfacesUsingIpAdmissionControlRule

Returns a collection of interfaces on which a given IP admission control rule is applied.

ValidationException is thrown if the argument passed is null or it is not a valid ip admission control rule InstanceNameId.

Parameters

opContext—Operational context

ipAdmissionControlRule—InstanceNameId of IP admission control rule

Return Value

A collection of interfaces on which the given IP admission control is applied. This collection will have objects of type SwitchedNetworkInterface

getIpAdmissionControlRuleAppliedOnInterfaces

Returns the collection of IP Admission Control Rule applied on interfaces. This API is applicable for Catalyst 6500 switch and is not applicable for DC3. For DC3, this API throws validation exception. If a particular interface does not have IP Admission control rule, the API populates NULL value in the returned collection for that interface.

ValidationException is thrown if the argument passed is null or it is not a valid switched network interface InstanceNameId.

Parameters

opContext—Operational context

interfaceInstanceIds—collection of InstanceNameId of interfaces

Return Value

A collection of IpAdmissionControlRule with one to one correspondence with the collection given as argument to this API.

getIpDeviceTrackingInNetworkElements

Returns the IP device tracking configurations done in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements

Return Value

A collection of IpDeviceTracking objects in network elements.

getLpIpGlobalSettingsInNetworkElements

Returns the LPIP Global Settings configured in a collection of network elements.

ValidationException is thrown if any of the following situation occurs:

If networkElementIdCol is null or it is empty.

If networkElementIdCol contains invalid Network Element InstanceNameId or null value.

If there is no equivalent Abstract Network Element object with the given InstanceNameId in the networkElementIdCol.

Parameters

opContext—Operational context

networkElementIdCol—a collection of InstanceNameId of network elements

Return Value

A collection of LpIpGlobalSetting objects representing the global LPIP settings configured in a network element.

getLpIpTrackedDevicesInNetworkElement

Returns a list of LPIP tracked devices.

Parameters

opContext—Operational context

networkElementId—a network element ID

Return Value

A list of LpIpTrackedDeviceStatus.

getLpIpTrackedDevicesInSwitchedNetworkInterface

Returns a list of LPIP tracked devices in the switched network interface.

Parameters

opContext—Operational context

networkElementId—a network element ID of a switched network interface

Return Value

A list of LpIpTrackedDeviceStatus.

getNacHostSessionInSwitchedNetworkInterface

Returns a list of LPIP tracked devices.

Parameters

opContext—Operational context

networkElementId—a network element ID for a switched network interface.

Return Value

A list of NacHostSession for the switched network interface.

modifyClientlessAuthentication

Updates the server with modified clientless authentication configurations.

ValidationException is thrown if any of the following situation occurs:

If the networkElementId is null or it is not a valid network element InstanceNameId.

clientlessAuthentication object is null or empty

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element

clientlessAuthentication—Modified ClientlessAuthentication object ClientlessAuthentication

Return Value

void

modifyExceptionListHostsInIdentityProfile

Modifies a given collection collection of ExceptionListHosts configured in an identity profile.

ValidationException is thrown if any of the following situation occurs:

If identityProfileId is null or it is empty.

If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId.

If identityProfileId contains a IdentityProfile that does not exist in the database.

If exceptionListHostCol

is null or empty.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of Identity Profile.

exceptionListHostCol—a collection of ExceptionListHost objects that are modified

Return Value

void

modifyIdentityPolicies

Modifies a given collection of identity policies.

ValidationException is thrown if any of the following situation occurs:

If identityPolicyCol collection is null or it is empty.

If identityPolicyCol collection contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

identityPolicyCol—a collection of IdentityPolicy that are modified by the client.

Return Value

void

modifyIdentityProfiles

Modifies a collection of identity profiles. This modification will address addition, removal and modification of ExceptionListHosts bound to an identity profile. This modification will also address Identity Policy association to each ExceptionListHost. There will be only one IdentityProfile of type EAPoUDP in a network element. Each identity profile in the argument will be corresponding to a different network element.

ValidationException is thrown if any of the following situation occurs:

If identityProfileCol collection is null or it is empty.

If identityProfileCol collection contains a IdentityProfile that does not exist in the database.

Parameters

opContext—Operational context

identityProfileCol—a collection of IdentityProfile in a network element. Each identity profile corresponds to a different network element.

Return Value

void

modifyIpAdmissionControlRules

Modifies the given collection of IP Admission Control Rules.

ValidationException is thrown if any of the following situation occurs:

if the ipAdmissionControlRules Collection is null or empty

If identityPolicyCol collection contains a IdentityPolicy that does not exist in the database.

Parameters

opContext—Operational context

ipAdmissionControlRuleCol—a collection of IpAdmissionControlRule to be modified.

Return Value

void

modifyIpDeviceTracking

Updates the server with modified device tracking configurations.

ValidationException is thrown if any of the following situation occurs:

If the argument passed is null or it is not a valid network element InstanceNameId.

ipDeviceTracking object is null or empty

Parameters

opContext—Operational context

networkElementId—InstanceNameId of the network element.

ipDeviceTracking—Modified IpDeviceTracking object IpDeviceTracking

Return Value

void

modifyLpIpGlobalSettingsInNetworkElements

Modifies a given collection of LPIP global settings.

ValidationException is thrown if any of the following situation occurs:

If lpIpGlobalSettingCol collection is null or it is empty.

If lpIpGlobalSettingCol collection contains an object that is not of type LpIpGlobalSetting.

PropertiesException is thrown if any of the following situation occurs:

In the lpIpGlobalSettingCol collection, if any attribute in the LpIpGlobalSetting is not valid.

Parameters

opContext—Operational context

lpIpGlobalSettingCol—a collection of LpIpGlobalSetting objects modified

Return Value

void

removeExceptionListHostsFromIdentityProfile

Removes a Exception List host from an identity profile.

ValidationException is thrown if any of the following situation occurs:

If exemptListHostIdCol collection is null or it is empty.

If exemptListHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

If exemptListHostIdCol collection contains a ExceptionListHost that does not exist in the database.

If identityProfileId is null or it is empty.

If identityProfileId contains an element that is not of type IdentityProfile InstanceNameId.

If identityProfileId contains a IdentityProfile that does not exist in the database.

Parameters

opContext—Operational context

identityProfileId—InstanceNameId of IdentityProfile object

exceptionListHosts—a collection of InstanceNameId of ExceptionListHost objects

Return Value

void

unbindIdentityPolicyFromExceptionListHosts

Clears an identity policy assigned to a Exception List host.

ValidationException is thrown if any of the following situation occurs:

If exceptionLishHostIdCol collection is null or it is empty.

If exceptionLishHostIdCol collection contains an element that is not of type ExceptionListHost InstanceNameId.

If exceptionLishHostIdCol collection contains a ExceptionListHost that does not exist in the database.

Parameters

opContext—Operational context

exceptionListHostIdCol—InstanceNameId of the ExceptionListHost object

Return Value

void