[Date Prev][Date Next] [Chronological] [Thread] [Top]

untoward change to ACL behavior (ITS#1921)



Full_Name: Richard L. Goerwitz
Version: 2.1.2
OS: Linux (RedHat 7.3)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (137.22.128.66)


It used to be (in 2.0.x) that one could create a mostly private/restricted LDAP
service that, nevertheless, allowed anonymous schema discovery (e.g., of
cn=Schema
or whatever).  One did this by using rules like

defaultaccess none
access to dn.base="" by * read

Unfortunately, in 2.1.2, the last rule above seems to open up general read
access
to the directory tree.

I'm just starting to work with 2.1.2, so please bear with me.  At the very
least
this is a change in behavior that's confusing.