Re: Solved: Re: Possible ACL Issue while try to read Root DSE

Axel Birndt wrote:

{0}to dn.base="" by * read {1}to dn.base="cn=schema,cn=config" by * read {2}to dn.base="cn=Subschema" by * read

But, does the first rule meaning, that everone could read all in this frontend??

dn.base="" limits the ACL to the root DSE which does not contain confidential information.

Is this security conform? Or it is better to allow only authenticated Users to read this?

Some security auditors recommend to limit access to rootDSE to authenticated users. Your mileage may vary.

Ciao, Michael.