Return-Path: 
 <dev-return-31743-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: (qmail 65595 invoked from network); 28 Oct 2009 19:43:50 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 28 Oct 2009 19:43:50 -0000
Received: (qmail 62340 invoked by uid 500); 28 Oct 2009 19:43:50 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 62261 invoked by uid 500); 28 Oct 2009 19:43:50 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 62248 invoked by uid 99); 28 Oct 2009 19:43:50 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Oct 2009 19:43:50 +0000
X-ASF-Spam-Status: No, hits=-7.8 required=5.0
	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI
X-Spam-Check-By: apache.org
Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with SMTP; Wed, 28 Oct 2009 19:43:47 +0000
Received: (qmail 65554 invoked from network); 28 Oct 2009 19:43:27 -0000
Received: from localhost (HELO ?127.0.0.1?) (127.0.0.1)
  by localhost with SMTP; 28 Oct 2009 19:43:27 -0000
Message-ID: <4AE89EDE.5090601@apache.org>
Date: Wed, 28 Oct 2009 20:43:26 +0100
From: Stefan Seelmann <seelmann@apache.org>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Apache Directory Developers List <dev@directory.apache.org>
Subject: Re: ApacheDS 1.5.5 anonymous access
References: <4AE87F42.3070800@apache.org>
 <d45b08f00910281043h3d841923k8c061ab1c8ebf66e@mail.gmail.com>
In-Reply-To: <d45b08f00910281043h3d841923k8c061ab1c8ebf66e@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi Emmanuel,

Emmanuel Lecharny wrote:
>>
>> Although the flag in <ldapServer> is set to "false" anonymous access
>> works. In fact, changing this flag has no effect.
> 
> AFAIR, only one of the two flags is useful. We must remove the other one.

OK.

But what about the default? Should anonymous access be enabled or
disabled by default? IMO it should be disabled.

>> 2nd:
>> When binding as anonymous one could make modifications to the server
>> (add, modify, delete)! Is this intended?
> 
> Well, why not ?

Ok, you are right. Why not. I think I was a bit surprised because other
servers don't allow write access for anonymous (at least by default).

Kind Regards,
Stefan