Emmanuel Dreyfus wrote:
Pierangelo Masarati ando@sys-net.it wrote:
In any case, I note that fixing this issue broke test006 (at least).
I think this is going to break many setups that had a security hole but nobody was aware of it.
I mean: test006 is broken now, we can no longer make test. You should check why the test is broken and try to fix it :) Probably, according to the old access rule, a user with "add" permission for entries is adding an entry without having "add" permission on all the attributes.
A database option can make everyone happy, but is there anyone complaining?
I'm not particularly in favor of a config option as soon as we're happy with the fix.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------