On 4/20/07, Ersin Er <ersin.er@gmail.com> wrote:

SunDS and FedoraDS have a nice extended operation called
getEffectiveRights. This control returns the effective rights of the
user on an entry. The returned data is a formatted string, which can
be thought like the Unix file permission specifiers.

Here is a reference for that feature:

Any ideas on how we can implement this for ApacheDS?

Well this would be pretty easy to do I think.  We can expose a special operation on the AuthorizationService
query this information by pulling up the entry in question and calculating the set of ACIItem Tuples on it.

These tuples contain the elements needed.  Then we could write the ASN for the ext request and have a ext
req handler that queries this info for the target entry.  The handler will then translate the set of aci tuples
into the format of this string.

Sound viable?