[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
more access permission
We have a wireless solution here called Blue Socket. The current
version requires a bind by an id with no anon. bind allowed. My
question is, that it uses a filer (say to look up a uid):
(&(uid=john)(objectClass=person))
where as a client such as outlook, appears to just use:
(uid=john)
Now, is are there any security concerns about putting in the
access rules read to 'objectClass', such as:
access to attrs=entry,uid,sn,mail,ou,cn,givenname,objectClass
by users read
by anonymous read
I will probably drop the last anon line, but my question is in
having 'objectClass' in there, is this opening up things that
I am not expressing in the rule?
Thanks!
Douglas