[Date Prev][Date Next]
untoward change to ACL behavior (ITS#1921)
Full_Name: Richard L. Goerwitz
OS: Linux (RedHat 7.3)
Submission from: (NULL) (188.8.131.52)
It used to be (in 2.0.x) that one could create a mostly private/restricted LDAP
service that, nevertheless, allowed anonymous schema discovery (e.g., of
or whatever). One did this by using rules like
access to dn.base="" by * read
Unfortunately, in 2.1.2, the last rule above seems to open up general read
to the directory tree.
I'm just starting to work with 2.1.2, so please bear with me. At the very
this is a change in behavior that's confusing.