While you can do this by issuing requests against the server to ensure that operations are permitted and rejected as appropriate, the PingDirectory server also provides support for a get effective rights request control that can be used to determine what access a given user has to a specified entry.

This control can be used programmatically through the UnboundID LDAP SDK for Java, but it can also be done from the command line using the ldapsearch tool. The tool provides the following arguments pertaining this feature:

Identifies the user whose access control rights should be examined. This should be an authorization ID that either identifies the user by distinguished name (DN) (prefixed by dn:) or username (prefixed by u:).
Specifies the name of an attribute for which you wish to obtain the specified user’s effective rights. This argument can be used multiple times to provide multiple attribute names.

For example:

$ bin/ldapsearch --hostname ds.example.com \
     --port 636 \
     --useSSL \
     --bindDN "cn=Directory Manager" \
     --baseDN dc=example,dc=com \
     --scope base \
     --getEffectiveRightsAuthzID dn:uid=test.user,ou=People,dc=example,dc=com \
     --getEffectiveRightsAttribute objectClass \
     --getEffectiveRightsAttribute dc \
     "(objectClass=*)" \
Enter the bind password:
dn: dc=example,dc=com
aclRights;attributeLevel;dc: search:1,read:1,compare:1,write:0,
aclRights;entryLevel: add:0,delete:0,read:1,write:0,proxy:0
# Result Code:  0 (success)
# Number of Entries Returned:  1

Each search result entry that is returned includes an aclRights attribute that indicates what rights the target user has when interacting with that entry. If you do not use the --getEffectiveRightsAttribute argument to specify any attribute names, then only the aclRights;entryLevel attribute is used to show the rights the user has when interacting with the entry itself will be returned. Otherwise, there is an additional aclRights;attributeLevel value for each requested attribute showing the rights for that attribute.