directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject ApacheDS 1.5.5 anonymous access
Date Wed, 28 Oct 2009 17:28:34 GMT
Hi,

I think I made some critical investigations.

1st:
In ApacheDS 1.5.5 anonymous access is enabled by default. In server.xml
we have two flags:

  <defaultDirectoryService id="directoryService" instanceId="default"
                           allowAnonymousAccess="true"
                           ...>
 
  <ldapServer id="ldapServer"
            allowAnonymousAccess="false"
            ...>

Although the flag in <ldapServer> is set to "false" anonymous access
works. In fact, changing this flag has no effect.

However changing the flag in <defaultDirectoryService> disables
anonymous access.


2nd:
When binding as anonymous one could make modifications to the server
(add, modify, delete)! Is this intended?

Kind Regards,
Stefan



Mime
View raw message