Hi,
I've tried to figure out how to know in advance whether the
authentified user has the right to write into a certain attribute of
another user (without being directory manager).
That is, for example, i am authentified as a user
uid=ai,ou=users,dc=example,dc=com and i want to know whether i have
the write privilege on the attribute 'description' of the entry
uid=toto,ou=users,dc=example,dc=com. The only way to find it out is to
ACTUALLY WRITE to that attribute (and delete this written value
afterwards) and see whether i suceed.
I've read the documentation about the "get effective rights" extension
and it turns out that it permits only to find the rights of the OTHER
users on YOUR attributes (if i take the example of the previous
paragraph, the user uid=ai can only find out what other users can do
with his attributes).
So the question is whether there is a way for a simple user (not
directory manager) to see his rights on other entries' attributes
(much like, for example, aclRights attribute in SunONE) without
actually reading/writing to that attributes?
Andrey Ivanov
tel +33-(0)1-69-33-99-24
fax +33-(0)1-69-33-99-55
Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France
----------------------------------------------------------------
This message was sent using X-WebMail
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
