Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
231232233234235236237238239240
search_base specifies the entry or entries being checked, while AuthId checks the rights of
the AuthId entry over the search_base entry.
control OID is the OID for the get effective rights control, 1.3.6.1.4.1.42.2.27.9.5.2.
boolean criticality specifies whether the search operation should return an error if the server
does not support this control (true) or if it should be ignored and let the search return as
normal (false).
AuthId is the DN of the entry whose rights over the user account are being checked. If the
AuthId is left blank (dn:), than the rights of an anonymous user are returned.
A user, such as Ted Morris, can use this ldapsearch option to retrieve the rights he has to his
personal entry, as shown below. Along with returning the effective rights information, the
ldapsearch returns the regular entry information:
ldapsearch -p 389 -h localhost -D "uid=tmorris,ou=people,dc=example,dc=com"
-w password
-b "uid=tmorris,ou=people,dc=example,dc=com" -J
"1.3.6.1.4.1.42.2.27.9.5.2:true:
dn:uid=tmorris,ou=people,dc=example,dc=com" "(objectClass=*)"
version: 1
dn: uid=tmorris, ou=People, dc=example,dc=com
givenName: Ted
sn: Morris
ou: Accounting
ou: People
l: Santa Clara
manager: uid=dmiller, ou=People, dc=example,dc=com
roomNumber: 4117
mail: tmorris@example.com
facsimileTelephoneNumber: +1 408 555 5409
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: tmorris
cn: Ted Morris
userPassword: {SSHA}bz0uCmHZM5b357zwrCUCJs1IOHtMD6yqPyhxBA==
entryLevelRights: v
attributeLevelRights: givenName:rsc, sn:rsc, ou:rsc, l:rsc,
manager:rsc, roomNumber:rscwo, mail:rscwo,
facsimileTelephoneNumber:rscwo, objectClass:rsc, uid:rsc,
cn:rsc, userPassword:wo
An administrative user, such as Directory Manager, can use the get effective rights operation to
determine what rights are granted between users. The following is a sample ldapsearch to
retrieve effective rights that a manager, Dave Miller (shown in the dn:user part of the -J value),
has over the entry of one of his subordinates, Ted Morris (shown in the -b value):
Using Get Effective Rights from the
213