[Date Prev][Date Next] [Chronological] [Thread] [Top]

How can one see access rights before trying an action?

To: openldap-general@OpenLDAP.org
Subject: How can one see access rights before trying an action?
From: David Bartle <captin@apu.edu>
Date: Wed, 12 Apr 2000 17:32:20 -0700 (PDT)

The project:
  
  A co-worker and I decided that we want to create a web interface that
  pre-emptively restricts actions (for example editing a specific record or
  attribute) performed to the ldap database.  The idea behind this is to make
  a "pretty" interface that quickly shows the end user that they can not, for
  example, modify a specific attribute even though they can in fact read it.
  
The dilemma:
 
  It is very easy to attempt an action on an entry and get server responses
  that indicate that the bound DN is allowed or not allowed to perform the
  requested action.  However, for purposes of the GUI, we would like to have
  ACL information on the entry/attributes to remove certain options from
  displaying to the end user.

The question:

  Is there any way to request all access information for a particular entry
  without:

    1)  parsing the slapd.conf and checking by hand
    2)  trying every possible action on every attribute ;)

  Parsing the ACL's by hand and storing the information in a data structure
  seems to be the best method but I just wanted to make sure that there is not
  some feature that I have missed in the documentation

A pre-empive thanks to you all!


--      
David Bartle
Directory Services and Database Administrator
Azusa Pacific University
captin@apu.edu
--

Prev by Date: Re: Netscape-LDAP URL problems
Next by Date: Re: manipulate LDIF
Index(es):
- Chronological
- Thread