Re: [ACL] Knowing the rights we have

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

There is no standard LDAP, nor no OpenLDAP-specific,
get-effective-rights mechanism.

Kurt

At 02:39 AM 9/9/2004, David Ammouial wrote:
>Hello,
>
>I'm writing a web-based application (Perl CGI) which allows my company's 
>users to modify some of their information, such as password, telephone 
>number, and so on.
>
>So I generate a web page which contains a form with all the attributes I 
>want to show the user (name, groups she's a member of, mail address, 
>telephone number...).
>Depending on the rights on the server, the user can read/write some 
>attributes, or only read.
>
>I'd like to draw a text-edit box for the fields that the user has write 
>access to, and a normal readonly text for the other ones. This way, the 
>users wouldn't waste time trying to modify what they can't. Moreover, this 
>would allow to instantly view what it is possible to do.
>
>I've been looking for a way to do that in many places (IRC, mailing-list 
>archives, Google, etc.), but I couldn't find anything about it. The LDAP 
>APIs in common languages don't seem to provide ACL-related functions, 
>neither.
>
>A workaround would be trying to update the attribute's value with the same 
>value it already has, but I tend to find it a little ugly. I would also 
>have to handle some special cases, for example when the value is empty, 
>etc.
>
>Did I miss anything ? Any suggestion will be welcome.
>Thanks.
>
>-- 
>David Ammouial.
>http://davux.asocial.info/
>xmpp:davux@amessage.info