LDAP: Determine access control rights to attributes and entries


A frequently asked question about LDAP is how to determine what attributes can be modified in an entry in a directory server for a given authorization state. For example, for a given bind DN, does that bind DN have the authority to delete an entry, or delete, add, or modify an attribute in a specific entry? LDAP access controls are implementation specific, therefore the vendor should supply a way to determine access rights for an authorization state. This task can be accomplished with the GetEffectiveRightsRequestControl request control which is available in the commercial edition of the UnboundID LDAP SDK.

This post is also available at ldapguru.info (which will be updated, this article might not be).

About Terry Gardner

Terry Gardner was a leading directory services architect with experience with many large scale directory services installations and messaging server installations, and was a Subject Matter Expert in the field of Directory Services and Solaris (operating system) performance. Mr. Gardner also participated in the open-source software community. Mr. Gardner passed away in December, 2013.
This entry was posted in computing, Java, LDAP, UnboundID, UnboundID LDAP SDK and tagged , , , , . Bookmark the permalink.

One Response to LDAP: Determine access control rights to attributes and entries

  1. Pingback: LDAP: Programming Practices « Diaries, Triumphs, Failures, and Rants

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s