[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Advertising configcontext in Root-DSE
Ralf Haferkamp wrote:
On Thursday 16 February 2006 16:41, Pierangelo Masarati wrote:
Ralf Haferkamp wrote:
Hi,
I just recognized that current slapd advertises the config-context
in root-dse, even if back-config is not used (e.g. no config
directory exists). To me it seems useful to hide the
"configContext" Attribute in such cases and deny searches below
cn=config with "no such object".
No. The cn=config tree is always present; just that any changes
made when no backing directory exists will not persist.
but if no "database config" directive is present, it's not
accessible. I think this is what Ralf meant.
Yes. It's just confusing that you see "configContext" in the Root-DSE
but can't access it in any way.
I don't consider this a condition worth testing for. You could have a
sasl-regexp that maps some other identity to the cn=config DN. (And I
don't consider that worth explicitly testing for either...) Feel free to
code it up if you feel strongly about it.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/