[Date Prev][Date Next] [Chronological] [Thread] [Top]

more access permission



We have a wireless solution here called Blue Socket. The current
version requires a bind by an id with no anon. bind allowed. My
question is, that it uses a filer (say to look up a uid):

(&(uid=john)(objectClass=person))

where as a client such as outlook, appears to just use:

(uid=john)

Now, is are there any security concerns about putting in the
access rules read to 'objectClass', such as:

access  to attrs=entry,uid,sn,mail,ou,cn,givenname,objectClass
        by users read
        by anonymous read

I will probably drop the last anon line, but my question is in
having 'objectClass' in there, is this opening up things that
I am not expressing in the rule?

Thanks!
Douglas