You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Ersin Er <er...@gmail.com> on 2007/04/20 21:54:55 UTC
[ApacheDS][Access Control] Effective Rights Request and Information
Hi,
SunDS and FedoraDS have a nice extended operation called
getEffectiveRights. This control returns the effective rights of the
user on an entry. The returned data is a formatted string, which can
be thought like the Unix file permission specifiers.
Here is a reference for that feature:
http://docs.sun.com/source/816-6700-10/aci.html#15411
Any ideas on how we can implement this for ApacheDS?
--
Ersin
Re: [ApacheDS][Access Control] Effective Rights Request and Information
Posted by Ersin Er <er...@gmail.com>.
On 4/20/07, Alex Karasulu <ak...@apache.org> wrote:
>
>
>
> On 4/20/07, Ersin Er <er...@gmail.com> wrote:
> > Hi,
> >
> > SunDS and FedoraDS have a nice extended operation called
> > getEffectiveRights. This control returns the effective rights of the
> > user on an entry. The returned data is a formatted string, which can
> > be thought like the Unix file permission specifiers.
> >
> > Here is a reference for that feature:
> > http://docs.sun.com/source/816-6700-10/aci.html#15411
> >
> > Any ideas on how we can implement this for ApacheDS?
>
> Well this would be pretty easy to do I think. We can expose a special
> operation on the AuthorizationService
> query this information by pulling up the entry in question and calculating
> the set of ACIItem Tuples on it.
>
> These tuples contain the elements needed. Then we could write the ASN for
> the ext request and have a ext
> req handler that queries this info for the target entry. The handler will
> then translate the set of aci tuples
> into the format of this string.
>
> Sound viable?
Yep, quite clear. I think it won't be too hard to implement. Let me
add this to Jira and let's give it a try soon.
> Alex
>
>
--
Ersin
Re: [ApacheDS][Access Control] Effective Rights Request and Information
Posted by Alex Karasulu <ak...@apache.org>.
On 4/20/07, Ersin Er <er...@gmail.com> wrote:
>
> Hi,
>
> SunDS and FedoraDS have a nice extended operation called
> getEffectiveRights. This control returns the effective rights of the
> user on an entry. The returned data is a formatted string, which can
> be thought like the Unix file permission specifiers.
>
> Here is a reference for that feature:
> http://docs.sun.com/source/816-6700-10/aci.html#15411
>
> Any ideas on how we can implement this for ApacheDS?
Well this would be pretty easy to do I think. We can expose a special
operation on the AuthorizationService
query this information by pulling up the entry in question and calculating
the set of ACIItem Tuples on it.
These tuples contain the elements needed. Then we could write the ASN for
the ext request and have a ext
req handler that queries this info for the target entry. The handler will
then translate the set of aci tuples
into the format of this string.
Sound viable?
Alex