Re: Limits on anonymous binds

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

I'd prefer we use allow
        limits {anonymous,users,dn[.{regex,base,one,subtree,exact}]=...}

(ala ACL dn fields) where each backend maintained a list of these,
first match wins.

At 10:41 AM 2001-11-21, Pierangelo Masarati wrote:
>Mark Adamson wrote:
>> 
>> > > limits dn.exact=anonymous <limit>
>> > >
>> > >   -or-
>> > >
>> > > limits dn.anonymous  <limit>
>> 
>> > The proposed change would alter what is the usual behavior, in
>> > that default limits would apply to everybody not explicitly
>> > limited, except for anonymous.
>> >
>> > What should happen if no anonymous limits are set? use default?
>> 
>> The proposed change wouldn't affect existing installations. You would have
>> to add in a  "limits dn.anonymous" directive to your slapd.conf to get
>> anonymous binds to be limited differently than default limits. It is that
>> way now with non-anon binds: they get set to default unless you add a
>> "limits dn.[exact|regex]" directive.   I'd list this proposal under "new
>> feature which people can turn on with slapd.conf"
>> 
>> If no anon limits are set, the defaults apply, just like with exact and
>> regex limits.
>
>That's right. Then if there's no adverse ideas, I'll prefer to 
>code it as dn.anonymous.
>
>Pierangelo.
>
>-- 
>Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
>Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
>Politecnico di Milano                 | mailto:masarati@aero.polimi.it
>via La Masa 34, 20156 Milano, Italy   |
>http://www.aero.polimi.it/~masarati