[Date Prev][Date Next]
On Mon, 20 Feb 2006, Jon Roberts wrote:
> > (a) The ability to modify ACL's on the fly, without restarting the server
> This is the same reason I'm not quite so enthusiastic about cn=config,
> ie. it could allow a non-root entity to remotely compromise my security,
> configuration, or data. I'm not saying a system couldn't be configured
> to safeguard against this, but there are no guarantees with most slapd
> defaults. At the very least, I hope cn=config continues to be optional.
> Ditto for acis.
Remote compromises are always a possibility; this just provides one more
vector, and so should be equally well-guarded.
> > (d) The ability to add new backends and overlays on the fly
> I admit straight up I have no idea how valuable this would be. I can't
> see myself wanting it ever.
That would be a plus for us, whenever we buy out another company (and yes,
I'll see about having us contribute back somehow, given that OpenLDAP is
now essential to our operations).
> > (b) Deleting schema elements
> That would likely be never, I'd think.
I've done it a few times; fortunately the elements weren't actually used
(hence the reason for their deletion).
Dave Horsfall DTM VK2KFU email@example.com Ph: +61 2 9552-5509 (d) -5500 (sw)
Corinthian Engrng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU