[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Retrieving permissions from server

To: Lee Jensen <lee_jensen@sento.com>
Subject: Re: Retrieving permissions from server
From: Howard Chu <hyc@symas.com>
Date: Tue, 01 Mar 2005 11:23:46 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1109700184.79187.74.camel@localhost>
References: <1109700184.79187.74.camel@localhost>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111

Lee Jensen wrote:

Is there a way that the client accessing the LDAP server can determine what permissions it has on a given object? Is there a hidden system attribute I can request or something?

No.

So for instance I bind to the server with a given dn and password and
then do a search request that returns several entries. How can I know
which if any of these entries I have say write access to without
attempting a write operation.

It's much more complicated than that, you don't just have write access to "entries" - ACLs define control down to individual attributes and individual values of those attributes. As such, the access in effect for a given write operation depends on the specifics of that write operation.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

References:
- Retrieving permissions from server
  - From: Lee Jensen <lee_jensen@sento.com>

Prev by Date: Re: OL 2.2.23 extensible matching on dn components
Next by Date: Re: SyncRepl provider failure, ITS 3534 and 3546
Index(es):
- Chronological
- Thread