[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Querying ACL: is it possible ?

To: Walter Vendraminetto <lists@zonatex.net>
Subject: Re: Querying ACL: is it possible ?
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 17 Sep 2002 11:04:54 +0200
Cc: openldap-software@OpenLDAP.org
References: <3D86DC51.000003.01396@CDC04>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826

Walter Vendraminetto wrote:


My question is: is it possible, starting from user's credentials, to know
what s/he can do BEFORE s/he try to do anything ?


In general: Nope.

The problem arises because i need to generate interfaces that allow the user
to perform exactly the actions s/he is allowed to do.


IMHO not possible in a generic way.

I know that i could do the job by looking for the group the user belongs to,
but accessing the ACLs would be a more straight way.

I wouldn't recommend doing that in a generic LDAP client. BTW: There's no standard for defining ACLs yet and ACLs stored in the directory are considered to be confidential.

Either write (or use) a generic LDAP client or write an application which exactly fulfills your needs for a certain task. (You wouldn't write a generic SQL application for end-users, would you?)

Ciao, Michael.

References:
- Querying ACL: is it possible ?
  - From: "Walter Vendraminetto" <lists@zonatex.net>

Prev by Date: RE: Nothing but problems...
Next by Date: Re: convert sql where to ldap filter?
Index(es):
- Chronological
- Thread