[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allow anonymous_update (ITS#2155)



A patch based upon your submission has been committed to HEAD.
Thanks, Kurt

At 08:22 AM 2002-10-25, marian@freenet-ag.de wrote:
>Full_Name: Marian Eichholz
>Version: 2.1.8
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/marian-eichholz-021025.patch
>Submission from: (NULL) (194.97.7.65)
>
>
>Up to 2.1.3 it was possible to modify entries without authentication
>(anonymous).
>With 2.1.5 it is mandatory to authenticate for backend data modification.
>There is no warning, that the default behaviour has changed so drastically and -
>worse - no way to configure anonymous updates (without patching the backend
>server code).
>
>Brobably this is lethally bad for some production environments.
>
>With the patch at the URL, You have a new "allow" keyword "anonymous_update" to
>allow the old behaviour, if You need it (as we do).
>
>IMHO, hard coded credentials in tools are not necessaryly better than anonymous
>binds and updates.
>
>It approach in the patch is minimalistic. The backend directy checks the
>"global_allows" variable. Probably You want it more fine tuned (or a nicer
>keyword).
>
>The default behaviour does not change (relative to 2.1.8).
>
>- Marian
>