[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: The admin guide needs to suggest more secure ACLs. (ITS#3165)



At 03:58 AM 5/30/2004, tarjei@nu.no wrote:
>Full_Name: Tarjei Huse
>Version: 2.x.x
>OS: Linux :-)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (80.111.145.198)
>
>
>The Administrationguide has a weakness in the ACL section.
>
>It needs a suggested set of base acls for normal ldapusers that is more strict
>than the one in the adminguide today. 

I don't think we should suggest any particular set of ACLs.
We should just detail to administrators how ACLs may be used
to implement various access control policies.  What policy
the administrator should choose is their choice (a choice
which is dependent on numerous factors).

>LDAP-usage seems to me to reach
>wider and wider audiences and the example in the adminguide makes it
>easy for users to change attributes such as gid and uid that makes it
>possible to get higher privileges. 

The existing examples demonstrate how to implement some basic
policies.  These examples are intended to aid the reader in
understanding the syntax and semantics of ACLs.  They are
not intended to suggest appropriateness of these policies for
any particular purpose.  (Maybe this should be clarified.)

>Here's a suggestion. It might need to be tweaked a bit still, bit I think it is
>quite secure:

Way too complicated for educational purposes... and too dependent
on non-standard schema elements (for non-standard applications).
(This is not to say that more complex examples wouldn't be useful
here, but the documentation would have build up to them.)

Thanks, Kurt