1 Nov
2007
1 Nov
'07
4:08 p.m.
Gavin Henry escreveu:
Dear All,
It this a bad ACL?:
access to dn="ou=Users,dc=suretecsystems,dc=com" by self write by users read by anonymous auth
If a .subtree match is implied, this could be bad from a security point of view, perhaps. It allows an authenticated user to change any aspect of his/her own entry. Depending on what you have there, an user could make him/herself root for example.
Perhaps previously an unqualified "to dn" would be equal to "to dn.sub", while now it is equal to "to dn.exact"?