Re: 2.4.6 ACLs and Extented Operations

1 Nov 2007


      Gavin Henry escreveu:
...
Dear All,
It this a bad ACL?:
access to dn="ou=Users,dc=suretecsystems,dc=com"
        by self write
        by users read
        by anonymous auth
If a .subtree match is implied, this could be bad from a security point 
of view, perhaps. It allows an authenticated user to change any aspect 
of his/her own entry. Depending on what you have there, an user could 
make him/herself root for example.
Perhaps previously an unqualified "to dn" would be equal to "to dn.sub", 
while now it is equal to "to dn.exact"?

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: 2.4.6 ACLs and Extented Operations