[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ACL] Knowing the rights we have

There is no standard LDAP, nor no OpenLDAP-specific,
get-effective-rights mechanism.


At 02:39 AM 9/9/2004, David Ammouial wrote:
>I'm writing a web-based application (Perl CGI) which allows my company's 
>users to modify some of their information, such as password, telephone 
>number, and so on.
>So I generate a web page which contains a form with all the attributes I 
>want to show the user (name, groups she's a member of, mail address, 
>telephone number...).
>Depending on the rights on the server, the user can read/write some 
>attributes, or only read.
>I'd like to draw a text-edit box for the fields that the user has write 
>access to, and a normal readonly text for the other ones. This way, the 
>users wouldn't waste time trying to modify what they can't. Moreover, this 
>would allow to instantly view what it is possible to do.
>I've been looking for a way to do that in many places (IRC, mailing-list 
>archives, Google, etc.), but I couldn't find anything about it. The LDAP 
>APIs in common languages don't seem to provide ACL-related functions, 
>A workaround would be trying to update the attribute's value with the same 
>value it already has, but I tend to find it a little ugly. I would also 
>have to handle some special cases, for example when the value is empty, 
>Did I miss anything ? Any suggestion will be welcome.
>David Ammouial.