[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
allow anonymous_update (ITS#2155)
Full_Name: Marian Eichholz
Version: 2.1.8
OS: Linux
URL: ftp://ftp.openldap.org/incoming/marian-eichholz-021025.patch
Submission from: (NULL) (194.97.7.65)
Up to 2.1.3 it was possible to modify entries without authentication
(anonymous).
With 2.1.5 it is mandatory to authenticate for backend data modification.
There is no warning, that the default behaviour has changed so drastically and -
worse - no way to configure anonymous updates (without patching the backend
server code).
Brobably this is lethally bad for some production environments.
With the patch at the URL, You have a new "allow" keyword "anonymous_update" to
allow the old behaviour, if You need it (as we do).
IMHO, hard coded credentials in tools are not necessaryly better than anonymous
binds and updates.
It approach in the patch is minimalistic. The backend directy checks the
"global_allows" variable. Probably You want it more fine tuned (or a nicer
keyword).
The default behaviour does not change (relative to 2.1.8).
- Marian