The control's value must be ASN.1. There's an ASN.1 definition of a
"getEffectiveRights" control in section 9.1 of:
<http://www3.ietf.org/proceedings/01aug/I-D/draft-ietf-ldapext-acl-model-08.
txt>
Finally, I've got it, thanks for the tip Chris!
Maybe I didn't catch, but I didn't see anything mentioning about ASN
control value on documentations (or maybe it's just because I'm just too
tired of this four-day-seeking problem solving)...
Still there is not clear for me, what attributes want to parse server
from ASN value, but if it's not present in $evalue, Sun LDAP server
throws an error on that request..
EdE
For these, which needs to gain accessrights on Sun's Directory Server
too, there is a code, which now does the thing:
use Net::LDAP;
use Data::Dumper;
use Net::LDAP::Control;
use Convert::ASN1;
my $ldap = Net::LDAP->new(<hostname>);
my $mesg = $ldap->bind(
"uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot",
password => <adminpass>);
my $asn = Convert::ASN1->new();
$asn->prepare(q<
SEQUENCE {
dn OCTET STRING,
attrlist OCTET STRING
}
>);
my $evalue = $asn->encode( dn => <userdn>, # DN of user, for
which we are seeking access rights
attrlist => '' );
if (not defined $evalue) {
print STDERR "Convert::ASN ERROR: ".$asn->error."\n";
exit 1;
}
my $auth = Net::LDAP::Control->new( critical=> 1,
type => "1.3.6.1.4.1.42.2.27.9.5.2",
value => $evalue,
);
$mesg = $ldap->search( base => <basedb>, # DN, on which we are
seeking access rights
scope => "base",
filter => "(objectClass=*)",
control => [ $auth ],
attrs => [ "aclrights" ], # entry
level access rights
# attrs => [ "aclrights", "*" ], # entry and
attribute level access rights
);
if ($mesg->code) {
print STDERR "LDAP error: ".$mesg->error."\n";
exit 1;
}
foreach my $entry (@{$mesg->{entries}}) {
print Data::Dumper->Dump([$entry])."\n";
}
$mesg = $ldap->unbind;
