[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Querying ACL: is it possible ?

Walter Vendraminetto wrote:

My question is: is it possible, starting from user's credentials, to know what s/he can do BEFORE s/he try to do anything ?

In general: Nope.

The problem arises because i need to generate interfaces that allow the user
to perform exactly the actions s/he is allowed to do.

IMHO not possible in a generic way.

I know that i could do the job by looking for the group the user belongs to,
but accessing the ACLs would be a more straight way.

I wouldn't recommend doing that in a generic LDAP client. BTW: There's no standard for defining ACLs yet and ACLs stored in the directory are considered to be confidential.

Either write (or use) a generic LDAP client or write an application which exactly fulfills your needs for a certain task.
(You wouldn't write a generic SQL application for end-users, would you?)

Ciao, Michael.