[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4757) Support for RFC 3045: Storing Vendor Information in the LDAP root DSE

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4757) Support for RFC 3045: Storing Vendor Information in the LDAP root DSE
From: michael@stroeder.com
Date: Mon, 20 Nov 2006 08:36:49 GMT

Kurt D. Zeilenga wrote:
> At 01:37 AM 11/19/2006, michael@stroeder.com wrote:
>>
>>I'd like to see support for RFC 3045 in slapd.
> 
> The only reasonably decent use of such attributes is for
> administrators to determine whether they need to upgrade
> some software or not

Yes, that's what I'm after.

> We provide cn=monitor for this purpose.

This is proprietary. Think of vendor-independent management/monitoring
software which just gives an terse overview.

> While it certainly is possible for a client to abuse
> cn=monitor version information, the very fact that the
> version information is in cn=monitor, which generally
> requires special authorization to read, instead of
> the root dse, which generally is readable by most
> every client, is effective in discouraging this abuse.

The server admin can easily define access control for vendor information
in root DSE. The sample slapd.conf could endorse this. Or another value
for configuration directive 'allow'.

Ciao, Michael.

Prev by Date: Re: (ITS#4757) Support for RFC 3045: Storing Vendor Information in the LDAP root DSE
Next by Date: Re: (ITS#4757) Support for RFC 3045: Storing Vendor Information in the LDAP root DSE
Index(es):
- Chronological
- Thread