[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
proxy auth and userpassword access
Hi,
when using proxy authentication with strong bind, the attribute
userPassword has to have read access, that is, auth access is not
sufficient Is there any particular reason for this potential security
hole?
slapd[7028]: => acl_mask: access to entry "cn=Dieter Kluenter,ou=Partner,o=avci,c=de", attr "userPassword" requested
slapd[7028]: => acl_mask: to value by "cn=admanager,o=avci,c=de", (=0)
slapd[7028]: <= check a_dn_pat: self
slapd[7028]: <= check a_dn_pat: *
slapd[7028]: <= acl_mask: [2] applying auth(=xd) (stop)
slapd[7028]: <= acl_mask: [2] mask: auth(=xd)
slapd[7028]: => slap_access_allowed: read access denied by auth(=xd)
slapd[7028]: => access_allowed: no more rules
slapd[7028]: send_search_entry: conn 3 access to attribute userPassword, value #0 not allowed
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6