Sun Java System Directory Server Enterprise Edition 6.3 Developer's Guide


Determines if the user requesting the current operation has the access rights to perform an operation on a given entry, attribute, or value.


#include "slapi-plugin.h"
int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e,
     char *attr, struct berval *val, int access );


This function takes the following parameters:


Parameter block passed into this function.


Entry for which you want to check the access rights.


Attribute for which you want to check the access rights.


Pointer to the berval structure containing the value for which you want to check the access rights.


Type of access rights that you want to check. For example, to check for write access, pass SLAPI_ACL_WRITE as the value of this argument.

The value of the access argument can be one of the following:


Permission to add a specified entry.


Permission to compare the specified values of an attribute in an entry.


Permission to delete a specified entry.


Permission to read a specified attribute.


Permission to search on a specified attribute or value.


Permission to write a specified attribute or value or permission to rename a specified entry.


This function returns one of the following values:


An error occurred while executing the operation.

This error can occur if, for example, the type of access rights specified are not recognized by the server. In other words, you did not pass a value from the previous table.


Invalid syntax was specified.

This error can occur if the ACL associated with an entry, attribute, or value uses the wrong syntax.


The DSA (this Directory Server instance) is unable to perform the specified operation.

This error can occur if, for example, you are requesting write access to a read-only database.


Call this function to determine if a user has access rights to a specified entry, attribute, or value. The function performs this check for users who request the operation that invokes this plug-in.

For example, suppose you are writing a preoperation plug-in for the add operation. You can call this function to determine if users have the proper access rights before they can add an entry to the directory.

As part of the process of determining if the user has access rights, this function does the following: