[Fedora-directory-users] Get Effective Rights on other entries

Andrey Ivanov andrey.ivanov at polytechnique.fr
Sun Aug 12 12:32:14 UTC 2007


Hi,

I've tried to figure out how to know in advance whether the  
authentified user has the right to write into a certain attribute of  
another user (without being directory manager).

That is, for example, i am authentified as a user  
uid=ai,ou=users,dc=example,dc=com and i want to know whether i have  
the write privilege on the attribute 'description' of the entry  
uid=toto,ou=users,dc=example,dc=com. The only way to find it out is to  
ACTUALLY WRITE to that attribute (and delete this written value  
afterwards) and see whether i suceed.

I've read the documentation about the "get effective rights" extension  
and it turns out that it permits only to find the rights of the OTHER  
users on YOUR attributes (if i take the example of the previous  
paragraph, the user uid=ai can only find out what other users can do  
with his attributes).

So the question is whether there is a way for a simple user (not  
directory manager) to see his rights on other entries' attributes  
(much like, for example, aclRights attribute in SunONE) without  
actually reading/writing to that attributes?



Andrey Ivanov
tel +33-(0)1-69-33-99-24
fax +33-(0)1-69-33-99-55

Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France

----------------------------------------------------------------
This message was sent using X-WebMail





More information about the Fedora-directory-users mailing list