HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

261

262

263

264

265

266

267

268

269

270

Using an asterisk (*) with the get effective rights search returns every attribute available for the

entry, including attributes not set on the entry. For example:

Example 12 Returning effective rights for non-existent attributes

ldapsearch -D "cn=directory manager" -w secret12 -b

"uid=scarter,ou=people,dc=example,dc=com" -J

1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=scarter,ou=people,dc=example,dc=com

"(objectclass=*)" "*"

dn: uid=scarter, ou=People, dc=redbudcomputer,dc=local

givenName: Sam

telephoneNumber: +1 408 555 4798

sn: Carter

ou: Accounting

ou: People

l: Sunnyvale

manager: uid=dmiller, ou=People, dc=redbudcomputer,dc=local

roomNumber: 4612

mail: scarter@example.com

facsimileTelephoneNumber: +1 408 555 9700

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

uid: scarter

cn: Sam Carter

userPassword: {SSHA}Xd9Jt8g1UsHC8enNDrEmxj3iJPKQLItlDYdD9A==

entryLevelRights: vadn

attributeLevelRights: objectClass:rscwo, aci:rscwo, sn:rscwo, cn:rscwo,

description:rscwo, seeAlso:rscwo, telephoneNumber:rscwo, userPass\

word:rscwo, destinationIndicator:rscwo, facsimileTelephoneNumber:rscwo,

internationaliSDNNumber:rscwo, l:rscwo, ou:rscwo, physicalDeliveryOffice\

Name:rscwo, postOfficeBox:rscwo, postalAddress:rscwo, postalCode:rscwo,

preferredDeliveryMethod:rscwo, registeredAddress:rscwo, st:rscwo,

street:rscwo, teletexTerminalIdentifier:rscwo, telexNumber:rscwo,

title:rscwo, x121Address:rscwo, audio:rscwo, businessCategory:rscwo, car\

License:rscwo, departmentNumber:rscwo, displayName:rscwo, employee\

Type:rscwo, employeeNumber:rscwo, givenName:rscwo, homePhone:rscwo,

homePostalAddress:rscwo, initials:rscwo, jpegPhoto:rscwo, labeled\

Uri:rscwo, manager:rscwo, mobile:rscwo, pager:rscwo, photo:rscwo, pre\

ferredLanguage:rscwo, mail:rscwo, o:rscwo, roomNumber:rscwo, secret\

ary:rscwo, uid:rscwo,x500UniqueIdentifier:rscwo, userCertificate:rscwo,

userSMIMECertificate:rscwo, userPKCS12:rscwo

All the attributes available for the entry, such as secretary, are listed, even though that attribute

is non-existent.

6.7.2.3 Examples of get effective rights searches for specific attributes or object classes

Taking the attribute-related GER searches further, it is possible to search for the rights to a specific

attribute and set of attributes and to list all the attributes available for one of the object classes set

on the entry.

One of the options listed in the formatting example in “The format of a get effective rights

search” (page 263) is attributeList. To return the effective rights for only specific attributes,

list the attributes, separated by spaces, at the end of the search command. For example:

6.7 Checking access rights on entries (get effective rights) 267