[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL, slapd internal searches

To: <openldap-devel@OpenLDAP.org>
Subject: SASL, slapd internal searches
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sat, 8 Mar 2003 01:13:40 -0800
Importance: Normal

A little while back I committed some changes to the sasl/saslauthz code to
make sure that it enforced ACLs on all the internal searches it performs. I
think some of these changes are wrong/unnecessary. Really, the point of an
ACL is to control what an external user can see/touch. When slapd is
performing a search to map an authID to a DN, I think this should be treated
as a root-privileged operation, ignoring access controls. Aside from the DN
itself, nothing about the entry is ever exposed to any external user.
Comments?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: SASL, slapd internal searches
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: FW: Adding an LDIF entry to openldap
Next by Date: Re: SASL, slapd internal searches
Index(es):
- Chronological
- Thread