Table of Contents
Advertisement
Functions for Access Control
Description
Call this function to determine if a user has access rights to a specified entry,
attribute, or value. The function performs this check for users who request the
operation that invokes this plug-in.
For example, suppose you are writing a pre-operation plug-in for the add
operation. You can call this function to determine if users have the proper access
rights before they can add an entry to the directory.
As part of the process of determining if the user has access rights, the function
does the following:
•
Checks to see if the user requesting the operation is the root DN.
If so, the function returns
perform any operation.)
•
Gets information about the operation being requested, the connection to the
client, and the backend database where directory information is stored.
•
Determines if the user requesting the operation is attempting to modify his or
her own entry.
ACLs can be set up to allow users the rights to modify their own entries. The
slapi_access_allowed()
The caller must ensure that the backend specified in the
calling this function. For example:
be = slapi_be_select( slapi_entry_get_sdn_const( seObjectEntry
));
230
Netscape Directory Server Plug-in Programmer's Guide • October 2004
If for some reason the function cannot determine which operation is being
requested, the function returns
If no connection to a client exists (in other words, if the request for the
operation was made by the server or its backend), the function returns
. (The server and its backend are not restricted by access
LDAP_SUCCESS
control lists.)
If the backend database is read-only and the request is checking for write
access (
SLAPI_ACL_WRITE
LDAP_UNWILLING_TO_PERFORM
if ( NULL == be ) {
cleanup("backend selection failed for entry: \"%s\"\n",
szObjectDN);
slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL,
" Object could not be found", 0, NULL );
return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
. (The root DN has permission to
LDAP_SUCCESS
LDAP_OPERATIONS_ERROR
), the function returns
.
function checks for this condition.
.
is set prior to
pblock
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN
Related Products for Netscape NETSCAPE DIRECTORY SERVER 7.0 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.0
- Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 7.0 - GATEWAY CUSTOMIZATION
- Netscape ENTERPRISE SERVER 6.0