Re: schema definition precedence

[Michael Ströder <michael@stroeder.com>]

Frank Swasey wrote:
> Today at 1:22pm, Michael Ströder wrote:
>
> > Frank Swasey wrote:
> >
> > > Another example is uid, which is a security hole the size of Texas -- 
> > > allowing substring matches so spammers can grab all your addresses!  If 
> > > you want to use uid (and not have to redefine [like I am about to] every 
> > > objectClass that uses uid), you HAVE to modify it to remove substring 
> > > searches or you become a spam magnet.
> >
> > Nope. That's a matter of proper access control and indexing/limit settings, 
> > hence a matter of server configuration not schema design.
>
> Right... so I'm to provide a public directory that must allow search for 
> uid by anonymous bind

If you don't have any possibility to limit access by ACLs then don't publish 
all the e-mail addresses or you have to live with e-mail addresses being public.

> But thanks for playing....  

You definitely overread the term 'access control'.

I also can't see how removing SUBSTR matching gives you more access control. 
Either your directory is public or not. Well, thank *you* for playing...

Ciao, Michael.