[Date Prev][Date Next]
Re: Querying ACL: is it possible ?
Walter Vendraminetto wrote:
My question is: is it possible, starting from user's credentials, to know
what s/he can do BEFORE s/he try to do anything ?
In general: Nope.
The problem arises because i need to generate interfaces that allow the user
to perform exactly the actions s/he is allowed to do.
IMHO not possible in a generic way.
I know that i could do the job by looking for the group the user belongs to,
but accessing the ACLs would be a more straight way.
I wouldn't recommend doing that in a generic LDAP client. BTW: There's
no standard for defining ACLs yet and ACLs stored in the directory are
considered to be confidential.
Either write (or use) a generic LDAP client or write an application
which exactly fulfills your needs for a certain task.
(You wouldn't write a generic SQL application for end-users, would you?)