From: Chris R. <chr...@me...> - 2000-09-20 10:22:56
|
spencer <sp...@co...> wrote: > Hi, > Does anyonne know if perl-ldap has any function call which allows for > manipulation of Access Control of directory tree? I don't remember seeing > this topic being discussed before. Please kindly point out. > > Many thanks. > > spencer > Specification of access controls is not defined by any LDAP RFCs, so each server will handle them in an effectively proprietary way. Many servers store access controls in attributes of entries in the directory, so you can use the existing Net::LDAP methods (eg modify) to change access controls. The syntax used by access controls is also not well defined. RFC 2252 assigns an OID to a syntax called ACIitem, which is how you define access controls in an X.500 directory server. No string form of this syntax is defined (ie you can only use ;binary to manipulate the values) and it is not likely to be the same as the LDAP-specific access control syntax which is being approximately defined in an Internet Draft. So you can probably already do it with Net::LDAP, but you are pretty much on your own regarding the form of the values holding the access controls. Cheers, Chris |