[Date Prev][Date Next]
Re: Get Effective Rights
Ed Frey wrote:
Has openLDAP implemented the Get Effective Rights control extension? I
tried using "2.16.840.1.1137126.96.36.199.33"
(getEffectivePrivilegesRequest); however, got a "not implemented" result.
That's because it is not implemented. Funny how sometimes things mean
what they say...
I searched around google and the list archives and saw some references
to it, but never a reference to whether it was implemented or not.
I'm trying to move an application that was running against novell's
eDirectory to openLDAP and it makes heavy use of this control. That OID
may be novell specific, but i didn't see anything in ldap.h with that
It's part of an old draft spec for an LDAP Access Control standard. I
haven't seen it make any progress since 2001 though. An old copy of the
spec is included with the OpenLDAP source distro, and has been for
Any insight would be appreciated
The abovementioned spec does too little, tries to solve the problems
from the wrong direction, and is pretty much inadequate overall. That
may be one reason it never progressed any further. Another reason may
just be the problem space was larger than the folks working on that spec
could tackle. Dunno.
I guess that's kind of a hallmark for LDAP's history - a bunch of people
look at a problem, decide that the extant solution is too complicated,
so they try to come up with a "simpler" "easier to use" model, which in
its simplicity fails to solve the original problem. That's pretty much
why we have LDAP in the first place, instead of just DAP. And why there
are still so many gaping holes in the LDAP specs...
That's my personal view of things. (Not that X.500 is perfect, of
course, but at least it showed that careful thinking went into it
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/