[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Retrieving permissions from server



Lee Jensen wrote:

Is there a way that the client accessing the LDAP server can determine
what permissions it has on a given object? Is there a hidden system
attribute I can request or something?


No.

So for instance I bind to the server with a given dn and password and
then do a search request that returns several entries. How can I know
which if any of these entries I have say write access to without
attempting a write operation.

It's much more complicated than that, you don't just have write access to "entries" - ACLs define control down to individual attributes and individual values of those attributes. As such, the access in effect for a given write operation depends on the specifics of that write operation.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support