i'm using perl scripts for this since openldap client does not support this control "out of box":
Here is a typical script :
#!/usr/bin/perl
use strict;
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_NO_SUCH_ATTRIBUTE LDAP_NO_SUCH_OBJECT LDAP_PROTOCOL_ERROR LDAP_COMPARE_TRUE LDAP_COMPARE_FALSE
LDAP_TYPE_OR_VALUE_EXISTS);
use Net::LDAP::Util qw(escape_filter_value);
use Net::LDAP::Search;
use Net::LDAP::Control;
use Authen::SASL;
use Unicode::Normalize;
use Data::Dumper;
require Encode;
# Connection to LDAP by SASL, you can change it to simple bind
my $ldap = Net::LDAP -> new ("ldap.example.com", port => 389, version => 3 ) or die $!;
my $sasl = Authen::SASL -> new( 'GSSAPI');
my $result = $ldap -> bind( "", sasl => $sasl, version => 3 );
my $user = "uid=<who's rights we are testing>,ou=Users,dc=example,dc=com";
my $control = Net::LDAP::Control -> new( type => "1.3.6.1.4.1.42.2.27.9.5.2", value => "dn:".$user, critical => 1);
my $ldap_filter = "(objectClass=*)";
my $result_search = $ldap -> search (
base => "uid=<on who's entry we test the rights>,ou=Users,dc=example,dc=com",
scope => "base",
filter => $ldap_filter,
control => [ $control ]
);
foreach my $ldap_entry ($result_search -> entries())
{
print Dumper (\$ldap_entry);
}
@+
2012/5/29 Josh Ellsworth <jellsworth@xxxxxxxxxxxxxxxxxxxxxx>
So, I’m trying to debug some ACLs and need to use the Get Effective Rights search control. My issue is that my centos 6 box does not have the Mozilla LDAP packages and I can’t see how to install them. I read somewhere that they are deprecated – are there any plans to support the Get Effective Rights in the future?
Josh
--
Joshua Ellsworth
System Administrator, Primatics Financial
Phone: 571.765.7528
jellsworth@xxxxxxxxxxxxxxxxxxxxxx
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
