Hi!
I'm working on a method, which should get access rights for users on
defined dn (Sun Directory Server 5.2).
I found, that the next command returns to me the access rights to an entry:
ldapsearch -D <binddn> -b <basedn> -c "dn:<userdn>" <filter> aclrights
I need this form, because I need to bind to LDAP as admin (<binddn>),
and need to get rights on an entry (<basedn>) for a user (<userdn>).
This command should be the same, as
ldapsearch -D <binddn> -b <basedn> -J
"1.3.6.1.4.1.42.2.27.9.5.2:true:dn:<userdn>" <filter> aclrights
which should be fit for me, as it's the same, as perl ldap search with
control hash:
{ type => "1.3.6.1.4.1.42.2.27.9.5.2", critical => true, value =>
"dn:<userdn> }
My problem is, that the second one do not works (with attribute -J). I
examined the packet, which is sent in both cases, and it seems,
ldapsearch with switch -c prepends some hexa info to it's value, but I
can't figure it out, what this data is. This is not done, when -J is
used. As perl support for control getEffectiveRights is the same, as -J
switch, it returns an error to me.
Is there some way for gaining effective rights, as does ldapsearch with
argument "-c"?
thx
EdE
