Re: Extra output from ldap_search ?

[Ace Suares <ace@suares.nl>]

Hi Peter,
this is hardly the solution I am looking for.
I am not using ACI's at the moment and I don't see the need, really. Your 
solution might work but... well. Not elegant.

How do others do that ?

I am sure you have webinterfaces to your directory. How do you make sure that 
you display 'the right thing' to users? Is it hardcoded in your app ?

_Ace


> Hi,
>
> On Tuesday 21 October 2003 10:44, Ace Suares wrote:
> > I was wondering if it is very difficult to extend the results that
> > ldap_search gives with an extra item per attribute: the access rights.
> >
> > I am building a webinterface and depending on who is logged in, some
> > attributes might be read-only.
> >
> > Of course, attributes that are off-limits entirely (no access) won't even
> > show up. But how do I distinguish when userA is accessing the
> > webinterface, he has rights to modify, let's say, userPassword ?
>
> Simply use in-directory ACIs and request these together with the other
> attributes.
> That should solve the problem. Of course you need to interpret the ACIs
> in your program.
>
> Peter

-- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl