[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP_STRONG_REQUIRED unconditionally

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: LDAP_STRONG_REQUIRED unconditionally
From: Marian Eichholz <marian.eichholz@freenet-ag.de>
Date: 22 Oct 2002 17:03:36 +0200
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <5.1.0.14.0.20021022073156.03be1e48@127.0.0.1>
References: <5.1.0.14.0.20021022073156.03be1e48@127.0.0.1>

Am Die, 2002-10-22 um 16.53 schrieb Kurt D. Zeilenga:

> >and as *default* (for production environment compatibility) to
> >allow for modifications without any authentication.
> 
> I would have significant problem with this.  The default should
> be safe and consistent with the LDAP technical specifications.
> RFC 2829:
>    Servers are encouraged to prevent modifications by anonymous users.
> 
> >I see no reason to completely disable non-authenticated modification of
> >the database. Commenting out the condition easily brought us back into
> >production.

Well, "encouraged" is not the keyword MUST, and the changed default
behaviour deliberately breaks (at least some) productive openldap
deployments without warning. Big changes for minor release number
changes (2.1.3 to 2.1.5)

No more, no less.

With a "require authgenticated_updates" (defaulted in the slapd.conf)
You can accomplish both goals, probably a perfect "encouraging".

- Marian

Follow-Ups:
- Re: LDAP_STRONG_REQUIRED unconditionally
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: LDAP_STRONG_REQUIRED unconditionally
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: LDAP_STRONG_REQUIRED unconditionally
Next by Date: Re: LDAP_STRONG_REQUIRED unconditionally
Index(es):
- Chronological
- Thread