[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: aci for anonymous (ITS#1508)

To: openldap-its@OpenLDAP.org
Subject: Re: aci for anonymous (ITS#1508)
From: Kurt@OpenLDAP.org
Date: Sat, 12 Jan 2002 20:54:35 GMT

This has been incorporated into HEAD.

At 01:42 AM 2001-12-28, npabis@astercity.net wrote:
>Full_Name: Norbert Pabis
>Version: 2.0.19
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/norbert-pabis-011228.patch
>Submission from: (NULL) (157.25.5.68)
>
>
>Problem:
>When using ldap compiled with --enable-aci, aci's do not work for anonymous.
>
>What I did:
>As wrote in http://www.OpenLDAP.org/lists/openldap-devel/200112/msg00150.html
>by Kurt D. Zeilenga we do not have to deal with ietf drafts so I did not
>introduced
>another dntype "public" as it was proposed in 
>http://www.openldap.org/lists/openldap-devel/200009/msg00005.html.
>Instead I considered empty dn as anonymous which is ok according to
>http://www.openldap.org/faq/index.cgi?_highlightWords=anonymous&file=318
>
>The simple patch I submitted removes stopper that made aci not processed while
>anonoymous bind.
>Right now aci: ...#access-id# corresponds to anonymous
>and aci: ...#access-id#* corresponds to all users and anonymous too.
>
>The only thing needed is to include a rule in slapd.conf
>access to attr=userPassword by anonymous compare 
>that enables user authorization.
>This is the only thing that bothers me whether this all is ok. But I hope that
>someone more competent will take a look at the patch.
>
>I did 'make test' and all gone ok, even acl test, so hopefully patch does not
>spoil anything but improves aci.

Prev by Date: RE: Modify performance improvement for back-ldbm and back-bdb (ITS#1526)
Next by Date: can't insert very large multivalued attribute (ITS#1531)
Index(es):
- Chronological
- Thread