Announcement Announcement Module
No announcement yet.
CRUD -ing ACLs Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • CRUD -ing ACLs

    Hi all,

    I was wondering, has anyone had the need to modify LDAP ACLs via spring-ldap?
    I need to create a "accessGroup" object and then create an ACL so that members of that group have certain permission on certain branches...
    Is it even remotely possible?

    Thanks in advance,


  • #2
    This is actually not something I've done myself, but I'll try an answer anyway.

    If I'm not mistaken the ACI is just an attribute on the entry or tree you want to control. There should be no problem altering the ACI attribute using Spring LDAP. Also, I think that the syntax of the ACI is somewhat like a search filter so you might be able to use the support.filter classes to help you build valid ACIs (don't take my word for it on the last part, but it might be worth a try). Also, note that you'll probably need to ask for the ACI attribute explicitly in order for it to be returned, since I think it's an operational attribute.


    • #3
      Thanks for the reply rasky!

      I've managed to get the acl attributes ("aclEntry" and "aclPropagate") by explicitly asking for them. Since i do not need (at this point) to create dynamic values for the "aclEntry" attribute, i just store the needed format as a template and add users or groups as needed. Altering these attributes may be vendor specific (i'm not sure if OpenLdap supports it, IBM TDS does), if i get the time, will try it out.

      Thanks for the tips..