Hi Josh,

i'm using perl scripts for this since openldap client does not support this control "out of box":
Here is a typical script :

#!/usr/bin/perl
use strict;
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_NO_SUCH_ATTRIBUTE LDAP_NO_SUCH_OBJECT LDAP_PROTOCOL_ERROR LDAP_COMPARE_TRUE LDAP_COMPARE_FALSE
 LDAP_TYPE_OR_VALUE_EXISTS);
use Net::LDAP::Util qw(escape_filter_value);
use Net::LDAP::Search;
use Net::LDAP::Control;
use Authen::SASL;
use Unicode::Normalize;
use Data::Dumper;
require Encode;


# Connection to LDAP by SASL, you can change it to simple bind
my $ldap = Net::LDAP -> new ("ldap.example.com", port => 389, version => 3 ) or die $!;
my $sasl = Authen::SASL -> new( 'GSSAPI');
my $result = $ldap -> bind( "", sasl => $sasl, version => 3 );

my $user = "uid=<who's rights we are testing>,ou=Users,dc=example,dc=com";

my $control = Net::LDAP::Control -> new( type => "1.3.6.1.4.1.42.2.27.9.5.2", value => "dn:".$user, critical => 1);

my $ldap_filter = "(objectClass=*)";
my $result_search = $ldap -> search (
                                base    => "uid=<on who's entry we test the rights>,ou=Users,dc=example,dc=com",
                                scope   => "base",
                                filter  => $ldap_filter,
                                control => [ $control ]
                                );


foreach my $ldap_entry ($result_search -> entries())
{
        print Dumper (\$ldap_entry);
}



@+


2012/5/29 Josh Ellsworth <jellsworth@primaticsfinancial.com>

So, I’m trying to debug some ACLs and need to use the Get Effective Rights search control. My issue is that my centos 6 box does not have the Mozilla LDAP packages and I can’t see how to install them. I read somewhere that they are deprecated – are there any plans to support the Get Effective Rights in the future?

 

Josh

--

Joshua Ellsworth

System Administrator, Primatics Financial

Phone: 571.765.7528

jellsworth@primaticsfinancial.com

 

 


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users