Hi all
I'm developing a web-based app in perl which will front-end an
OpenLDAP server. I want to have the user authenticate before
allowing them to make changes, however, in I also want to create ACLs
on the server side which only allow certain accounts to edit certain
attributes. Is there a way I can get a list of attributes a given cn
is allowed to edit from the server so I know whether or not to
display them as editable fields on the web page?
For example, I want to only allow the 'manager' attribute to be
edited by someone in the 'management' group, so a given user can't
edit their own manager. So this field should not be displayed as
editable to 'uid=juser' but should be editable to 'uid=jmanager'.
Also, my LDAP server is authenticating against SASL/Kerberos 5.
Since there are no entries in the LDAP password fields, how will
authentication be handled? When I do a bind and pass the server the
credentials, will it in turn get authentication against SASL/Kerb5,
or will it try and use the password field?
Thanks,
--
Seeya,
Paul
GPG Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
If you're not having fun, you're not doing it right!
