[Date Prev][Date Next] [Chronological] [Thread] [Top]

Solved: Re: Possible ACL Issue while try to read Root DSE

To: openldap-technical@openldap.org
Subject: Solved: Re: Possible ACL Issue while try to read Root DSE
From: Axel Birndt <towerlexa@gmx.de>
Date: Wed, 30 Nov 2011 22:05:24 +0100
In-reply-to: <4ED4C1D4.5030702@gmx.de>
References: <4ED3F04D.8060404@gmx.de> <4ED48BC2.6000804@acision.com> <4ED49410.1040903@gmx.de> <4ED4A18C.6060403@acision.com> <4ED4C1D4.5030702@gmx.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110921 Lightning/1.0b2 Mnenhy/0.8.3 Thunderbird/3.1.15

Hi @all & thanks for your help!

Am 29.11.2011 12:28, schrieb Axel Birndt:



Am 29.11.2011 10:10, schrieb Ondrej Kuznik:

On 11/29/2011 09:13 AM, Axel Birndt wrote:
You should expect a response exactly like this (unless your database
suffix is set to ""):

ldapsearch -x -D "" -s base -b "" -h localhost


ldapsearch -x -D "" -s base -b "" -h localhost


Now its working for me. I added the following ACL's in

olcDatabase={-1}frontend,cn=config

{0}to dn.base="" by * read
{1}to dn.base="cn=schema,cn=config" by * read
{2}to dn.base="cn=Subschema" by * read

But, does the first rule meaning, that everone could read all in thisfrontend??

Is this security conform? Or it is better to allow only authenticatedUsers to read this?


Are there any best practices for this?

--


Gruß Axel

------------------------------

References:
- Possible ACL Issue while try to read Root DSE
  - From: Axel Birndt <towerlexa@gmx.de>
- Re: Possible ACL Issue while try to read Root DSE
  - From: Ondrej Kuznik <ondrej.kuznik@acision.com>
- Re: Possible ACL Issue while try to read Root DSE
  - From: Axel Birndt <towerlexa@gmx.de>
- Re: Possible ACL Issue while try to read Root DSE
  - From: Ondrej Kuznik <ondrej.kuznik@acision.com>
- Re: Possible ACL Issue while try to read Root DSE
  - From: Axel Birndt <towerlexa@gmx.de>

Prev by Date: Re: memberof overlay deployment
Index(es):
- Chronological
- Thread