On 14/3/06 11:09, Gergely Sánta <[EMAIL PROTECTED]> wrote:
> Hi!
>
> I'm working on a method, which should get access rights for users on
> defined dn (Sun Directory Server 5.2).
> I found, that the next command returns to me the access rights to an entry:
> ldapsearch -D <binddn> -b <basedn> -c "dn:<userdn>" <filter> aclrights
> I need this form, because I need to bind to LDAP as admin (<binddn>),
> and need to get rights on an entry (<basedn>) for a user (<userdn>).
> This command should be the same, as
> ldapsearch -D <binddn> -b <basedn> -J
> "1.3.6.1.4.1.42.2.27.9.5.2:true:dn:<userdn>" <filter> aclrights
> which should be fit for me, as it's the same, as perl ldap search with
> control hash:
> { type => "1.3.6.1.4.1.42.2.27.9.5.2", critical => true, value =>
> "dn:<userdn> }
>
> My problem is, that the second one do not works (with attribute -J). I
> examined the packet, which is sent in both cases, and it seems,
> ldapsearch with switch -c prepends some hexa info to it's value, but I
> can't figure it out, what this data is. This is not done, when -J is
> used. As perl support for control getEffectiveRights is the same, as -J
> switch, it returns an error to me.
>
> Is there some way for gaining effective rights, as does ldapsearch with
> argument "-c"?
Whose version of ldapsearch is this? It isn't the one supplied with Solaris
10, and it isn't the OpenLDAP one...
My guess is that whatever-it-is is using the ProxyAuth control, but that's
just a wild guess...
Cheers,
Chris
