Returns the effective rights of the specified entry to the specified attribute.
#include <ldapx.h> int ldap_get_effective_privileges ( LDAP *ld, char *dn, char *trusteeDN, char *attrName, int *privileges);
(IN) Points to the handle for the LDAP session.
(IN) Points to the distinguished name, in LDAP format, of the entry that contains the attribute in question.
(IN) Points to the distinguished name, in LDAP format, of the trustee whose rights are being returned, or you can specify [Public] or [Self].
(IN) Points to attribute whose rights are being returned or you can specify [Entry Rights] or [All Attribute Rights].
(OUT) Points to bitmask of the trustee's effective rights (see Section 6.1, Object Access Control Rights and Section 6.2, Attribute Access Control Rights).
0x00 |
LDAP_SUCCESS |
0x01 |
LDAP_OPERATIONS_ERROR: A string is returned with this error code that indicates the source of the error. |
0x53 |
LDAP_ENCODING_ERROR |
0x5A |
LDAP_NO_MEMORY |
0x5C |
LDAP_NOT_SUPPORTED |
Non-zero |
Non-zero values indicate errors. See |
To understand the difference between the dn and the trusteeDN arguments, suppose that an entry named Kim has a telephone number attribute, and a client named Tom wants to know if he has rights to the attribue. In this case,
dn points to the distinguished name of Kim
trusteeDN points to the distinguished name of Tom
attrName points to Telephone Number
privileges points to the rights Tom has to Kim's Telephone Number attribute
For sample code, see getpriv.c.
The requestName is set to the OID (2.16.840.1.113719.1.27.100.33) and the requestValue is a BER encoding of the following:
RequestBer dn LDAPDN trusteeDN LDAPDN attrName OCTET STRING
The responseName is set to the OID (2.16.840.1.113719.1.27.100.34) and the responseValue is a BER encoding of the following:
ResponseBer privileges INTEGER