[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Limits on anonymous binds
I'd prefer we use allow
limits {anonymous,users,dn[.{regex,base,one,subtree,exact}]=...}
(ala ACL dn fields) where each backend maintained a list of these,
first match wins.
At 10:41 AM 2001-11-21, Pierangelo Masarati wrote:
>Mark Adamson wrote:
>>
>> > > limits dn.exact=anonymous <limit>
>> > >
>> > > -or-
>> > >
>> > > limits dn.anonymous <limit>
>>
>> > The proposed change would alter what is the usual behavior, in
>> > that default limits would apply to everybody not explicitly
>> > limited, except for anonymous.
>> >
>> > What should happen if no anonymous limits are set? use default?
>>
>> The proposed change wouldn't affect existing installations. You would have
>> to add in a "limits dn.anonymous" directive to your slapd.conf to get
>> anonymous binds to be limited differently than default limits. It is that
>> way now with non-anon binds: they get set to default unless you add a
>> "limits dn.[exact|regex]" directive. I'd list this proposal under "new
>> feature which people can turn on with slapd.conf"
>>
>> If no anon limits are set, the defaults apply, just like with exact and
>> regex limits.
>
>That's right. Then if there's no adverse ideas, I'll prefer to
>code it as dn.anonymous.
>
>Pierangelo.
>
>--
>Dr. Pierangelo Masarati | voice: +39 02 2399 8309
>Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
>Politecnico di Milano | mailto:masarati@aero.polimi.it
>via La Masa 34, 20156 Milano, Italy |
>http://www.aero.polimi.it/~masarati