[Date Prev][Date Next] [Chronological] [Thread] [Top]

more access permission

To: openldap-software@OpenLDAP.org
Subject: more access permission
From: "Douglas B. Jones" <douglas@gpc.edu>
Date: Thu, 29 Jan 2004 12:17:19 -0500
Cc: Douglas B Jones <douglas@gpc.edu>
Importance: Normal

We have a wireless solution here called Blue Socket. The current
version requires a bind by an id with no anon. bind allowed. My
question is, that it uses a filer (say to look up a uid):

(&(uid=john)(objectClass=person))

where as a client such as outlook, appears to just use:

(uid=john)

Now, is are there any security concerns about putting in the
access rules read to 'objectClass', such as:

access  to attrs=entry,uid,sn,mail,ou,cn,givenname,objectClass
        by users read
        by anonymous read

I will probably drop the last anon line, but my question is in
having 'objectClass' in there, is this opening up things that
I am not expressing in the rule?

Thanks!
Douglas

Follow-Ups:
- Re: more access permission
  - From: Frank Swasey <Frank.Swasey@uvm.edu>

Prev by Date: Re: SSL/TLS - Help Please
Next by Date: Re: SLAPD stop working.
Index(es):
- Chronological
- Thread