[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unique contraint bypassed by java modify (and correctly enforced by pytho/ldapmodify)
- To: openldap-technical@openldap.org
- Subject: Re: unique contraint bypassed by java modify (and correctly enforced by pytho/ldapmodify)
- From: Geert Hendrickx <geert@hendrickx.be>
- Date: Mon, 28 Sep 2015 09:05:19 +0200
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hendrickx.be; s=geert; t=1443423919; bh=DKUEK7ymC0O/ty/kW8Vg6hko/xGFlpHFr4KD42gz9CM=; h=Date:From:To:Subject:References:In-Reply-To; b=utAtPBZ+Up5zG/iS+Tp/fv5ohlUwJQJMUhVmY8AIWIF0XQFCvxyfqVO/OTS+TcGyd 6fPp6o3x+Vy32xbO3I3TjelpsI5UBLV21HrqeY6f1HyRAgWZLy4FXLTHGdcyZpX9A/ Cxe9A2fqeSF4x/IJrfh9HgVkCR4J/LPcDfZBKjiYzyBp3CaVLt3jSUFdGV3wJKpoQV 9wkQ+LzrGFeIGNbmUdmajboOCq36TadKwIAkgcAM/IzXInHJPFB9TqvtFsI5twayOe lw/lYBec5kQSaBKKW6KUPCxYPsdRXyt7tCH+uWdsJmj+eG9mkAVELDwO7UokZ0awP9 fWjFQHodH24TQ==
- In-reply-to: <20150925075159.GA20415@localhost>
- References: <20150923230824.GA3015@localhost> <3C6158706E9B7BA5AFF5E99D@[192.168.1.9]> <20150925075159.GA20415@localhost>
- User-agent: Mutt/1.5.24 (2015-08-30)
On Fri, Sep 25, 2015 at 09:51:59 +0200, Alessandro Dentella wrote:
> On Thu, Sep 24, 2015 at 04:34:13PM -0700, Quanah Gibson-Mount wrote:
> > I'd guess that java is using the manageDSAit control to bypass
> > slapo-unique, and your other programs aren't.
>
> Honestly I didn't even know about this possibility. Can I see that
> from the logs? They're not currently aware of using it unless is a
> default. What check can I ask them to perform?
>
> Is there a way to inhibit this kind of access?
It should not be allowed if your client has only "write" access but
no "manage" access. Are you using the rootdn?
Geert
--
geert.hendrickx.be :: geert@hendrickx.be :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!