[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: effective rights, was: Determine current access level

----- "Michael StrÃder" <michael@stroeder.com> wrote:

> Simon Victor wrote:
> > 
> >> What about trying to modify/delete it with the noop control?
> > 
> > that is a good tip, thank you at all.
> While using the noop control may be helpful for checking whether an 
> entry could be deleted (or another all-or-nothing operation) it's not
> helpful to determine which attributes may be modified.

Why not?  Yes, it's going to tell whether a full set of modifications will either succeed or fail, but nothing prevents you from performing repeated modifications.  Yet you might fall into the perverse situation where subsequent modifications are conditioned on attribute values that previous modifications would have altered.  That's one of the reasons predicting access privileges is not possible, unless access to the rules is given.

> I'm really curious to know what you really want to achieve.

Me too, moderately.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it