Lee Jensen wrote:
Is there a way that the client accessing the LDAP server can determine
what permissions it has on a given object? Is there a hidden system
attribute I can request or something?
No.
It's much more complicated than that, you don't just have write access to "entries" - ACLs define control down to individual attributes and individual values of those attributes. As such, the access in effect for a given write operation depends on the specifics of that write operation.So for instance I bind to the server with a given dn and password and then do a search request that returns several entries. How can I know which if any of these entries I have say write access to without attempting a write operation.
-- -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc Symas: Premier OpenSource Development and Support