[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ACL] Knowing the rights we have
There is no standard LDAP, nor no OpenLDAP-specific,
get-effective-rights mechanism.
Kurt
At 02:39 AM 9/9/2004, David Ammouial wrote:
>Hello,
>
>I'm writing a web-based application (Perl CGI) which allows my company's
>users to modify some of their information, such as password, telephone
>number, and so on.
>
>So I generate a web page which contains a form with all the attributes I
>want to show the user (name, groups she's a member of, mail address,
>telephone number...).
>Depending on the rights on the server, the user can read/write some
>attributes, or only read.
>
>I'd like to draw a text-edit box for the fields that the user has write
>access to, and a normal readonly text for the other ones. This way, the
>users wouldn't waste time trying to modify what they can't. Moreover, this
>would allow to instantly view what it is possible to do.
>
>I've been looking for a way to do that in many places (IRC, mailing-list
>archives, Google, etc.), but I couldn't find anything about it. The LDAP
>APIs in common languages don't seem to provide ACL-related functions,
>neither.
>
>A workaround would be trying to update the attribute's value with the same
>value it already has, but I tend to find it a little ugly. I would also
>have to handle some special cases, for example when the value is empty,
>etc.
>
>Did I miss anything ? Any suggestion will be welcome.
>Thanks.
>
>--
>David Ammouial.
>http://davux.asocial.info/
>xmpp:davux@amessage.info