[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP_STRONG_REQUIRED unconditionally



Am Die, 2002-10-22 um 16.53 schrieb Kurt D. Zeilenga:

> >and as *default* (for production environment compatibility) to
> >allow for modifications without any authentication.
> 
> I would have significant problem with this.  The default should
> be safe and consistent with the LDAP technical specifications.
> RFC 2829:
>    Servers are encouraged to prevent modifications by anonymous users.
> 
> >I see no reason to completely disable non-authenticated modification of
> >the database. Commenting out the condition easily brought us back into
> >production.

Well, "encouraged" is not the keyword MUST, and the changed default
behaviour deliberately breaks (at least some) productive openldap
deployments without warning. Big changes for minor release number
changes (2.1.3 to 2.1.5)

No more, no less.

With a "require authgenticated_updates" (defaulted in the slapd.conf)
You can accomplish both goals, probably a perfect "encouraging".

- Marian