[Date Prev][Date Next]
Re: readonly lets ldappasswd change a password
Thierry Lacoste wrote:
> When I put my server in readonly mode I still
> can change passwords with ldappasswd.
> Is this expected?
Hmm, personally I wouldn't expect this since I'd assume the "Password
Modify Extended Operation" is a write operation. So you should file an
ITS for that particular case.
This raises an interesting question on what read-only mode really means.
There are other situations where LDAP operations which are not
considered write operations cause attribute values to be changed, e.g.
when having password policy with a retry counter and the client sends a
wrong password in a bind request.
Seems to me one should really carefully consider when and why to use
read-only mode of slapd.