Hi all,
After adding the Get Effective Rights control to some java code as follows, everything is
worked as before, except neither the entryLevelRights nor the attributeLevelRights
attributes are returned to me.
389-ds-base-1.2.11.15-97.el6_10.x86_64 is logging the following, which looks hopeful:
[18/Nov/2019:00:41:16 +0200] conn=1567060 op=5 SRCH base="dc=x,dc=x,dc=x"
scope=2 filter="(&(objectClass=mailRec
ipient)(mail=mail(a)example.com))" attrs="* entrylevelrights attributelevelrights
aci" authzid="mail=minfrin(a)example.com,ou=
external,dc=x,dc=x,dc=x"
[18/Nov/2019:00:41:16 +0200] conn=1567060 op=5 RESULT err=0 tag=101 nentries=1 etime=0 -
entryLevelRights: vadn
However neither the entrylevelrights nor the attributelevelrights attributes are being
returned in the response, and I have run out of ideas - what am I missing?
The java code to add the control is as follows:
BerByteArrayOutputStream berStream = new BerByteArrayOutputStream(
dn.length() + 50, true);
BerOctetString berString = new BerOctetString(
("dn:" + dn).getBytes());
berString.encode(berStream, true);
berStream.close();
List<Control> controls = new ArrayList<Control>(Arrays.asList(ctx
.getRequestControls()));
controls.add(new BasicControl("1.3.6.1.4.1.42.2.27.9.5.2", true,
berStream.getArray()));
ctx.setRequestControls(controls.toArray(new Control[controls.size()]));
Regards,
Graham
—
Attachments:
- smime.p7s
(application/pkcs7-signature — 3.2 KB)
Show replies by date