LDAP: Determine access control rights to attributes and entries

Posted on November 23, 2011 by

A frequently asked question about LDAP is how to determine what attributes can be modified in an entry in a directory server for a given authorization state. For example, for a given bind DN, does that bind DN have the authority to delete an entry, or delete, add, or modify an attribute in a specific entry? LDAP access controls are implementation specific, therefore the vendor should supply a way to determine access rights for an authorization state. This task can be accomplished with the GetEffectiveRightsRequestControl request control which is available in the commercial edition of the UnboundID LDAP SDK.

This post is also available at ldapguru.info (which will be updated, this article might not be).

About Terry Gardner

Terry Gardner is a leading directory services architect with experience with many large scale directory services installations and messaging server installations, and is a Subject Matter Expert in the field of Directory Services and Solaris (operating system) performance. Mr. Gardner also participates in the open-source software community.
This entry was posted in computing, Java, LDAP, UnboundID, UnboundID LDAP SDK and tagged , , , , . Bookmark the permalink.

One Response to LDAP: Determine access control rights to attributes and entries

  1. Pingback: LDAP: Programming Practices « Diaries, Triumphs, Failures, and Rants

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s