directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: DS M16 and Studio M2
Date Tue, 25 Mar 2014 18:56:02 GMT
Le 3/25/14 5:35 PM, Jim Willeke a écrit :
> Does not say anything about "Admins" being the only ones to be able to
> retrieve the values.

This is not how I read the RFC.

"These attributes are retrievable, subject to access control and other restrictions, if a
client performs a Search operation" 

Here, 'user' is not specifically an admin.

> Only that they should be returned only as operational attributes would be.
> How else would a client know the capabilities of the server?
I think that's not the point here.

The question was : "can we block non-admin to fetch info from the
RootDSE" and the response is clearly yes, assuming that the right ACI is
set at the right place.

Emmanuel Lécharny 

View raw message