[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: pre-evaluating write ACL
Some LDAP clients will allow you to list the attribute ACL and what that
bound user is allowed to do. I don't know of any free ones. Querying the
subschema does not interpret the ACL.
Mitch, does not the CA JXexplorer provide this capability ?
-----Original Message-----
From: OpenLDAP Mailing List [mailto:openldap@kogz.com]
Sent: 19 October 2001 16:21
To: Rozonkiewiecz, Mitchell
Cc: openldap-software@OpenLDAP.org
Subject: RE: pre-evaluating write ACL
I mean an attribute that is writable to someone but not others,
depending on access control lists.I don't think querying cn=subschema
interprets ACL's does it?
-----Original Message-----
From: Rozonkiewiecz, Mitchell
Sent: Fri 10/19/2001 10:07 AM
To: OpenLDAP Mailing List
Cc:
Subject: RE: pre-evaluating write ACL
query the schema in the server
all attributes definitions that are read only will have a
"NO-USER-MODIFICATION" as shown below.
attributetype ( 1.3.6.1.4.x.y.z
NAME 'Sample'
DESC 'Sample'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE userApplications
)
Mitch
-----Original Message-----
From: OpenLDAP Mailing List [mailto:openldap@kogz.com]
Sent: Friday, October 19, 2001 9:57 AM
To: openldap-software@OpenLDAP.org
Subject: pre-evaluating write ACL
Is there any way to test whether an attribute COULD be modified
(by the
bound user) without actually changing any information?
On a UI, I'd like read-only attributes to be text and writeable
attributes to be input widgets.