Hi, I've tried to figure out how to know in advance whether the authentified user has the right to write into a certain attribute of another user (without being directory manager). That is, for example, i am authentified as a user uid=ai,ou=users,dc=example,dc=com and i want to know whether i have the write privilege on the attribute 'description' of the entry uid=toto,ou=users,dc=example,dc=com. The only way to find it out is to ACTUALLY WRITE to that attribute (and delete this written value afterwards) and see whether i suceed. I've read the documentation about the "get effective rights" extension and it turns out that it permits only to find the rights of the OTHER users on YOUR attributes (if i take the example of the previous paragraph, the user uid=ai can only find out what other users can do with his attributes). So the question is whether there is a way for a simple user (not directory manager) to see his rights on other entries' attributes (much like, for example, aclRights attribute in SunONE) without actually reading/writing to that attributes? Andrey Ivanov tel +33-(0)1-69-33-99-24 fax +33-(0)1-69-33-99-55 Direction des Systemes d'Information Ecole Polytechnique 91128 Palaiseau CEDEX France ---------------------------------------------------------------- This message was sent using X-WebMail
