Using Get Effective Rights from the Command-Line
181
Permission
Description
d
Delete.
n
Rename the DN.
v
View the entry.
Table 6.6. Permissions That Can Be Set on Entries
Permission
Description
r
Read.
s
Search.
w
Write (
mod-add
).
o
Obliterate(
mod-del
). Analogous to delete.
c
Compare.
W
Self-write.
O
Self-delete.
Table 6.7. Permissions That Can Be Set on Attributes
6.7.1. Using Get Effective Rights from the Command-Line
To retrieve the effective rights with
ldapsearch
, you must pass the control information with the
ldapsearch
utility's
-J
option, as follows:
ldapsearch -p
port
-h
host
-D
bindDN
-w
bindPassword
-b
search_base
-J
control OID
:
boolean criticality
:dn:
AuthId
•
search_base
specifies the entry or entries being checked, while
AuthId
checks the rights of the
AuthId
entry over the
search_base
entry.
•
control OID
is the OID for the get effective rights control,
1.3.6.1.4.1.42.2.27.9.5.2
.
•
boolean criticality
specifies whether the search operation should return an error if the server
does not support this control (
true
) or if it should be ignored and let the search return as normal
(
false
).
•
AuthId
is the DN of the entry whose rights over the
user
account are being checked. If the
AuthId
is
left blank (
dn:
), than the rights of an anonymous user are returned.
A user, such as Ted Morris, can use this
ldapsearch
option to retrieve the rights he has to his
personal entry, as shown below. Along with returning the effective rights information, the
ldapsearch
returns the regular entry information:
ldapsearch -p 389 -h localhost -D "uid=tmorris,ou=people,dc=example,dc=com" -w password
-b "uid=tmorris,ou=people,dc=example,dc=com" -J "1.3.6.1.4.1.42.2.27.9.5.2:true:
dn:uid=tmorris,ou=people,dc=example,dc=com" "(objectClass=*)"
version: 1
dn: uid=tmorris, ou=People, dc=example,dc=com
givenName: Ted
sn: Morris
ou: Accounting
ou: People
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...