HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

Example 8 Checking personal rights (User A to User A)

l: Santa Clara

manager:rsc, roomNumber:rscwo, mail:rscwo, facsimileTelephoneNumber:rscwo,

Ted Morris may, for example, be a manager or work in a department where he has to edit other

user's entries, such as IT or human resources. In this case, he may want to check what rights he

has to another user's entry, as in Example 9 “Personally checking the rights of one user over another

(User A to User B)”, where Ted (-D) checks his rights (-J) to Dave Miller's entry (-b):

Example 9 Personally checking the rights of one user over another (User A to User B)

ldapsearch -p 389 -h localhost -D "uid=tmorris,ou=people,dc=example,dc=com"

-w secret -b "uid=dmiller,ou=people,dc=example,dc=com" -J

"1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=tmorris,ou=people,dc=example,dc=com"

"(objectClass=*)"

For all attributes, Ted Morris has read, search, compare, modify, and delete permissions to Dave

Miller's entry. These results are different than the ones returned in checking Ted Morris's access to

his own entry, because he personally had only read, search, and compare rights to most of these

attributes.

The Directory Manager has the ability to check the rights that one user has over another user's

entry. In Example 10 “The directory manager's checking the rights of one user over another (User

A to User B)”, the Directory Manager is checking the rights that a manager, Jane Smith (-J), has

over her subordinate, Ted Morris (-b):