Re: ldap basic

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: ldap basic
From: Gordon Messmer <yinyang@xxxxxxxxx>
Date: Wed, 22 Feb 2006 13:21:02 -0800
In-reply-to: <1140639415.4986.12.camel@xxxxxxxxxxxxx>
References: <BAY115-F321AD8AF04144525A335EABAFD0@xxxxxxx> <1140639415.4986.12.camel@xxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)

Tony Heaton wrote:


access  to *
        by * read
        by dn.base="cn=Manager,dc=frop,dc=net" write
        by self write
        by anonymous auth

...

rootdn          "cn=Manager,dc=frop,dc=net"

Nitpicking: There's no real need to specify that the rootdn can write inyour ACIs. The rootdn can always write, regardless of ACIs.

Also, I'd avoid providing examples that would allow users to changetheir own uidNumber value, and thereby become root. ;)

References:
- ldap basic
  - From: azeem ahmad
- Re: ldap basic
  - From: Tony Heaton