[Date Prev][Date Next] [Chronological] [Thread] [Top]

allow anonymous_update (ITS#2155)

To: openldap-its@OpenLDAP.org
Subject: allow anonymous_update (ITS#2155)
From: marian@freenet-ag.de
Date: Fri, 25 Oct 2002 15:22:56 GMT

Full_Name: Marian Eichholz
Version: 2.1.8
OS: Linux
URL: ftp://ftp.openldap.org/incoming/marian-eichholz-021025.patch
Submission from: (NULL) (194.97.7.65)


Up to 2.1.3 it was possible to modify entries without authentication
(anonymous).
With 2.1.5 it is mandatory to authenticate for backend data modification.
There is no warning, that the default behaviour has changed so drastically and -
worse - no way to configure anonymous updates (without patching the backend
server code).

Brobably this is lethally bad for some production environments.

With the patch at the URL, You have a new "allow" keyword "anonymous_update" to
allow the old behaviour, if You need it (as we do).

IMHO, hard coded credentials in tools are not necessaryly better than anonymous
binds and updates.

It approach in the patch is minimalistic. The backend directy checks the
"global_allows" variable. Probably You want it more fine tuned (or a nicer
keyword).

The default behaviour does not change (relative to 2.1.8).

- Marian

Prev by Date: /usr/local/BerkeleyDB.4.1/lib: file not recognized: Is a directory (ITS#2154)
Next by Date: Re: JDNI allows non-schema changes (ITS#2151)
Index(es):
- Chronological
- Thread