We are using com.novell.ldap.extensions.GetEffectivePrivilegesR esponse
class from jldap-4.3.jar.

Through this method we can read ACL on UserApp ressources and know if a
user gets rigths on a ressource.

Using this method returns values differents from a direct read to ldap
tree through a ldap browser.

*On one way* we use the class GetEffectivePrivilegesResponse to read the
ACL based on sample here :http://tinyurl.com/lnnawf8

And we get a message back :
Login succeeded
"cn=cgcharge1001,ou=identites,o=cg44" has the following rights on
"cn=SCGCharge31,cn=ResourceDefs,cn=RoleConfig,cn=A ppConfig,cn=UserApplication,cn=DriverSet,ou=DirXML ,o=CG44"
CompareAttributes: false; ReadAttributes: false;
Write/Add/DeleteAttributes: false; Add/DeleteSelf: false; Supervisor:

Get Effective Privileges succeeded

*On the other way* we connect with cgcharge1001 account to Apache
Directory Studio and browse
"cn=SCGCharge31,cn=ResourceDefs,cn=RoleConfig,cn=A ppConfig,cn=UserApplication,cn=DriverSet,ou=DirXML ,o=CG44"

If the ACL has just changed then the jldap library will return wrong ACL
while direct access to the tree returns the good ones.

Is there any caching machanism in this library ?

sfreard's Profile: https://forums.netiq.com/member.php?userid=3632
View this thread: https://forums.netiq.com/showthread.php?t=49128