[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unique overlay not working, where is the misconfiguration ? [Debian 7 - 2.4.31]

Quanah Gibson-Mount wrote:
> --On Tuesday, November 05, 2013 5:42 PM +0100 Hans Freitag <zem@fnordpol.de>
> wrote:
>> Not to use an evil client is no option to me.
> Don't give the user manage privileges...

Doesn't that affect rather the use of Relax Rules control (formerly known as
Manage DIT control)?

I think the (ab)use of Manage DSA IT control to circumvent constraint(s) is
somewhat historic because at that time in the past [1] was not available yet.
This resulted in a control-against-constraint mess.

It should be consequently replaced by applying Relax Rules control including
properly checking the manage privilege.

BTW: Still the OID of the Relax Rules control contains this experimental OID
*.666.* cruft. Maybe it's the time to proceed with the draft and define a
proper OID.

How about discussing this at LDAPcon in Paris?
(might also fit in my presentation...)

Ciao, Michael.

[1] http://tools.ietf.org/html/draft-zeilenga-ldap-relax

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature