[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP_STRONG_REQUIRED unconditionally
Hello!
In the last sub-releases (at least 2.1.5-2.1.8) *all* modifications are
forced to be done in conjunction with strong authentication.
See servers/slapd/backend.c:913-915:
if( op->o_ndn.bv_len == 0 ) {
*text = "modifications require authentication";
return LDAP_STRONG_AUTH_REQUIRED;
IMHO the directory administrator should be granted - as possible in the
past - and as *default* (for production environment compatibility) to
allow for modifications without any authentication.
I see no reason to completely disable non-authenticated modification of
the database. Commenting out the condition easily brought us back into
production.
Such a default policy would make sense, because the admin may require
Authentication through the "ssf" structure for security reasons. This
could be easily applied to the condition in line 911. If it should
become default beahaviour, You could make the "require"-clause default
in the slapd.conf example.
What do You think about this suggestion? It may prevent *much* bad
experience (and confusion) with directories and toolsets deployed with
not-too-old openldap releases.
--
Mit freundlichen Gruessen / Yours sincerely
Marian Eichholz
Postmaster
freenet.de AG Vorsitzender des Aufsichtsrates: Gerhard Schmid
Deelbögenkamp 4c Vorstand: Eckhard Spoerr (Vors.), Axel Krieger
22297 Hamburg Amtsgericht Hamburg, HRB 74048