Using Get Effective Rights from the Command-Line
181
Permission
Description
d
Delete.
n
Rename the DN.
v
View the entry.
Table 6.6. Permissions That Can Be Set on Entries
Permission
Description
r
Read.
s
Search.
w
Write (
mod-add
).
o
Obliterate(
mod-del
). Analogous to delete.
c
Compare.
W
Self-write.
O
Self-delete.
Table 6.7. Permissions That Can Be Set on Attributes
6.7.1. Using Get Effective Rights from the Command-Line
To retrieve the effective rights with
ldapsearch
, you must pass the control information with the
ldapsearch
utility's
-J
option, as follows:
ldapsearch -p
port
-h
host
-D
bindDN
-w
bindPassword
-b
search_base
-J
control OID
:
boolean criticality
:dn:
AuthId
•
search_base
specifies the entry or entries being checked, while
AuthId
checks the rights of the
AuthId
entry over the
search_base
entry.
•
control OID
is the OID for the get effective rights control,
1.3.6.1.4.1.42.2.27.9.5.2
.
•
boolean criticality
specifies whether the search operation should return an error if the server
does not support this control (
true
) or if it should be ignored and let the search return as normal
(
false
).
•
AuthId
is the DN of the entry whose rights over the
user
account are being checked. If the
AuthId
is
left blank (
dn:
), than the rights of an anonymous user are returned.
A user, such as Ted Morris, can use this
ldapsearch
option to retrieve the rights he has to his
personal entry, as shown below. Along with returning the effective rights information, the
ldapsearch
returns the regular entry information:
ldapsearch -p 389 -h localhost -D "uid=tmorris,ou=people,dc=example,dc=com" -w password
-b "uid=tmorris,ou=people,dc=example,dc=com" -J "1.3.6.1.4.1.42.2.27.9.5.2:true:
dn:uid=tmorris,ou=people,dc=example,dc=com" "(objectClass=*)"
version: 1
dn: uid=tmorris, ou=People, dc=example,dc=com
givenName: Ted
sn: Morris
ou: Accounting
ou: People
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...