Return-Path: 
 <api-return-243-apmail-directory-api-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-api-archive@minotaur.apache.org
Received: (qmail 76099 invoked from network); 22 Sep 2010 22:03:34 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 22 Sep 2010 22:03:34 -0000
Received: (qmail 33186 invoked by uid 500); 22 Sep 2010 22:03:34 -0000
Delivered-To: apmail-directory-api-archive@directory.apache.org
Received: (qmail 33140 invoked by uid 500); 22 Sep 2010 22:03:33 -0000
Mailing-List: contact api-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:api-help@directory.apache.org>
List-Unsubscribe: <mailto:api-unsubscribe@directory.apache.org>
List-Post: <mailto:api@directory.apache.org>
List-Id: <api.directory.apache.org>
Reply-To: api@directory.apache.org
Delivered-To: mailing list api@directory.apache.org
Received: (qmail 33125 invoked by uid 99); 22 Sep 2010 22:03:33 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Sep 2010 22:03:33 +0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of rms.listen@gmail.com designates
 209.85.210.50 as permitted sender)
Received: from [209.85.210.50] (HELO mail-pz0-f50.google.com) (209.85.210.50)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Sep 2010 22:03:24 +0000
Received: by pzk3 with SMTP id 3so150775pzk.37
        for <api@directory.apache.org>; Wed, 22 Sep 2010 15:03:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=1FX06UeQ3zWdm8YcODGaeG6miUdpyLOLEVV++iOWRVI=;
        b=qvrvdZNb+gI5PGnXAYaYvCIwH+WNVBDMPMPdET8hwYp5651XmIK1bIzzvFk86+e1Q5
         GgX4uTy5Mv0PmGVsxuybYhkdBNconfvDgsn8ZRMcF+oMAQ7IungX0+zfXj28LhWay6S+
         fqbSDTpmI06cl4ZiifaZmaGA579h/6xBaiIfw=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        b=RYM91zu+3SvEcmlu39543H1ITJIQ5HNRGokMdYtJFJpEbLVBzjY3jZiZ1bSL2dpyGy
         0J/3VM/26eS5Fvx2FWRYW3wLgDvehusRX3fwdJL72IY6rnIQa/nTuegOJhUU4f9pXv3U
         JWLyZ01BZMajIJV6i9JjamzZRA6sv4N3PJcxs=
Received: by 10.114.152.6 with SMTP id z6mr909424wad.151.1285192982602;
        Wed, 22 Sep 2010 15:03:02 -0700 (PDT)
Received: from [192.168.1.101] ([125.33.5.156])
        by mx.google.com with ESMTPS id k23sm55303waf.17.2010.09.22.15.03.00
        (version=SSLv3 cipher=RC4-MD5);
        Wed, 22 Sep 2010 15:03:01 -0700 (PDT)
Message-ID: <4C9A7D11.10600@gmail.com>
Date: Thu, 23 Sep 2010 06:02:57 +0800
From: rm <rms.listen@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
 rv:1.9.2.9) Gecko/20100915 Lightning/1.0b2 Thunderbird/3.1.4
MIME-Version: 1.0
To: api@directory.apache.org
Subject: Re: aci evaluation ...
References: <4C988B21.4010306@gmail.com> <4C98CEF2.5050801@gmail.com>
In-Reply-To: <4C98CEF2.5050801@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org


hi emmanuel,

thanks for your reply ... so, just to clarify ... the only 'standard' 
way to find out wether or not i can perform a certain action is to try 
it? otherwise, i'd be stuck with extended operation or with parsing 
serverimplementation- and/or configuration specific acl entries?

but the server should know! and it won't tell me? that is not a very 
polite thing to do ...

again, thanks

.rm


On 21/09/2010 23:27 , Emmanuel Lecharny wrote:
> On 9/21/10 12:38 PM, rm wrote:
>>
>>
>> hi,
>>
>> i am trying to get ACI information out of an ldap server i am
>> connecting to - the gui of the application i am working on should
>> change it's state depending on wether or not a user has certain
>> permissions (actually, it is as simple as wether or not to display an
>> "add" button).
>>
>> aside from launching an extended operation ... i should be possible to
>> get this information, right? so ... i am wondering why it's not
>> exposed in any of the APIs i looked at? the apache ldap libs have some
>> stuff in the "shared" portion, but i dont think it's a good idea to go
>> there ...
>>
>> being able to get the current state without having to parse all aci
>> atts myself seems to be such a straightforward thing - and i can't
>> find any hints as to how to do it ... i fear the worst: that i
>> completely misunderstood some ldap concepts.
>>
>> any help? please?
> There is nothing such as a common ACI syntax : each LDAP server uses its
> own. So this is quite normal that no API gives you the ACI information...
>
> However, you can grab it, if you know which server you are dealing with,
> but you will probably not be able to do anything with it unless you are
> able to evaluate this ACI.
>
> Sorry for that ...
>
>