Gavin Henry escreveu:
It this a bad ACL?:
access to dn="ou=Users,dc=suretecsystems,dc=com"
by self write
by users read
by anonymous auth
If a .subtree match is implied, this could be bad from a security point
of view, perhaps. It allows an authenticated user to change any aspect
of his/her own entry. Depending on what you have there, an user could
make him/herself root for example.
Perhaps previously an unqualified "to dn" would be equal to "to
while now it is equal to "to dn.exact"?