[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A question on syncrepl

> Dear OpenLDAP developers,
> As far as I can understand, there is no check on the length of bi_psearch_list. If a
> malicious use keeps establishing persistant searches, could the master server be

Yes, this is in fact one of the high priority TODO items.

In addition to the size issue, an access control mechanism for the persistent
search should be implemented. Whereas the access control for the content
determination for a psearch is achieved by the current access control mechanism,
the creation of the persistent searches should be restricted only to the allowed users.

The maximum size of the psearches can be specified per database definition.
For the access control specification, I'm wondering whether I can add a new
<access> directive (sth like "psearch") to the current set...

> Thanks!
> Xingyuan