[Date Prev][Date Next]
Re: slapd.conf - acl question
On Thursday 18 September 2003 19:31, Douglas B. Jones wrote:
> My main concerns here are:
> 1) why is the key word 'entry' not mentioned in the doc?
slapd.acess (5) is the man page that explains the access controls
statements in slapd.conf in detail.
> 2) what is its' significance?
"access to the entry itself"
Other directory servers call this kind of access "Browse Rights"
> 3) should I not be using it and doing this another way?
Why ? It is a documented part of the access control system.
> 4) the fact that it does return a dn, is that a security problem?
It allows browsing the DIT where you allow it.
If the DNs in parts of your DIT contain confidential information you should
restrict access to this part of the DIT (including the entry pseudo
attributes) to truested users