[Date Prev][Date Next]
Re: overpowered rights for suffix when one suffix name contains another one's (ITS#2520)
This issue will be closed as not indicative of a bug in
OpenLDAP Software. Please direct questions about the
use of OpenLDAP Software to the openldap-software mailing
At 08:34 AM 5/15/2003, firstname.lastname@example.org wrote:
>Full_Name: Thomas Eskenazi
>OS: debian woody 6.3
>Submission from: (NULL) (126.96.36.199)
>I created the suffixes "dc=toto" and "dc=toto2".
>The corresponding bind DNs are "cn=admin,dc=toto" and "cn=admin,dc=toto2" and
>have different credentials.
>When I make a ldapadd or ldapdelete with the bind DN "cn=admin,dc=toto2" on the
>"dc=toto" suffix, it works (which, I think, is not good)!
>on the other hand, when I make a ldapadd or ldapdelete with the bindDN
>"cn=admin,dc=toto" on the "dc=toto2" suffix, it doesn't.
>I then created a "dc=toto23" with "cn=admin,dc=toto23" as bind DN.
>As I thought, When I make a ldapadd or ldapdelete with the bind DN
>"cn=admin,dc=toto23" on the "dc=toto" suffix or the "dc=toto2", it works.
>I have come to the conclusion that if a suffix name contains another existing
>suffix on your directory or if a bind DN name contains another existing bind DN
>name, then the first one have sufficent acces to both suffixes.
>I didn't see anything about this on the documentation, please inform me if I'm