[Freeipa-devel] Reading Attributes from LDAP Client
Rob Crittenden
rcritten at redhat.com
Wed Dec 7 15:29:35 UTC 2016
Chad Cravens wrote:
> Hello:
>
> We are working with RedHat IDM and I'm trying to understand how
> Permissions and Roles are represented/stored in the LDAP Directory
> Server. What we would like to do is create roles in the web GUI and
> programmatically retrieve the Roles and Permissions, as well as who they
> are associated with, programmatically using an LDAP client (written in C).
>
> Any guidance on how to do such a thing would be greatly appreciated, thanks!
Retrieve the role and look at the member and memberof attributes.
A member is a direct member of the role and will be (from memory) only
user or group DNs.
To see what the role can do you'll need to examine the container of the
memberof DN to know why type of thing it is (privilege or permission).
rob
More information about the Freeipa-devel
mailing list