directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Smits <pierre.sm...@gmail.com>
Subject Re: DS M16 and Studio M2
Date Tue, 25 Mar 2014 20:49:15 GMT
I would say that any user without the appropriate rights should not see the
partition details (nameContext and supportedSASLMechanisms) of the
partitions he doesn't belong to.

Regards,

Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com


On Tue, Mar 25, 2014 at 7:56 PM, Emmanuel Lécharny <elecharny@gmail.com>wrote:

> Le 3/25/14 5:35 PM, Jim Willeke a écrit :
> > Does not say anything about "Admins" being the only ones to be able to
> > retrieve the values.
>
> This is not how I read the RFC.
>
> "These attributes are retrievable, subject to access control and other
> restrictions, if a client performs a Search operation"
>
> Here, 'user' is not specifically an admin.
>
>
> >
> > Only that they should be returned only as operational attributes would
> be.
> >
> > How else would a client know the capabilities of the server?
> I think that's not the point here.
>
> The question was : "can we block non-admin to fetch info from the
> RootDSE" and the response is clearly yes, assuming that the right ACI is
> set at the right place.
>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message