Michael Ströder wrote:
On 6/14/19 5:15 PM, Quanah Gibson-Mount wrote:
> Thanks to Ondrej, this list is a bit shorter now. :)
But one more I'd love to see in 2.4.48:
ITS#8866: RFE: slapo-constraint to return filter used in diagnostic message
https://www.openldap.org/its/index.cgi?findid=8866
I don't believe the information disclosure issues have been sufficiently answered
there.
Overall it's a bad idea and goes against our standing policy of minimal disclosure.
At most you would expect something relevant in syslog. The actual rules in play are
only the sysadmin's business, not any end user's.
I have a back-port patch for this in my own 2.4.47 packages because
it
is very useful.
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/