Comment 2 for bug 427842
Revision history for this message
| Andreas Hasenack (ahasenack) wrote Re: [karmic] frontend DB needs ACLs for base="" and cn=schema | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
IIRC that's the way it is by default with slapd.conf, so we are keeping the same privileges in cn=config.
The base "" was meant to be readable by everyone because it advertises the capabilities of the server. Without it, for example, a client can't know if the server supports START TLS or not. And this discovery has implications in the authentication mechanism the client will decide to use next, so clients may not even be able to authenticated without having this information beforehand. Chicken and egg.
If the schema is not public, it will break many clients doing anonymous browsing of the server. So if the intent of the admin is to allow as little as possible anonymous connections, this acls could be changed to read "by users read". But I still think some random client might break. For example, if it tries to check for the schema before being authenticated.