Re: [Slightly OT] Checking access rights

[Chris R. <chr...@me...>]

Sim...@wi... wrote:
> 
> Hi all,
> 
>       This may not be strictly on topic but as I'm doing it with
>        Net::LDAP.......
> 
>       I am running Net::LDAP 0.19 on RedHat Linux 6.2 against a Novell
>        eDirectory for Linux.
> 
>       I am working on a self-service application to allow our users to
>       update their directory information via a web form.
> 
>       Some users have more rights than other users & what I want to do
>       check their rights when building the form and only give them
>        text-boxes for the attributes that they can change.
> 
>       Does anyone know how I can get either:
> 
>       a)  A list of attribute => access level pairs; or
> 
>       b)  Check an individual attribute right ?
> 
>       which I can then use to build the form.
> 
>       All guidance & URL's & leads greatly accepted !
> 
>       Regards,
> 
>       Simon Wilcox
>       Intranet Development Manager
>       Williams Lea Group
>       sim...@wi...

In general this is not possible.

DAP (the X.500 access protocol which LDAP is a lightweight version of) has
a feature called modifyRightsRequest (in the Read operation) which will
make the server return information about what may be changed in the entry.
This does not give information about what may be read, searched, compared,
etc, but nevertheless it is useful.

You could ask your vendor if they support access to this feature of DAP,
over LDAP. Since Novell has been known to claim their directory is X.500
compliant (cough) you might hope for a positive response :-)

Cheers,

Chris