On Wed, Oct 28, 2009 at 10:28 AM, Stefan Seelmann <[email protected]> wrote: > Hi, > > I think I made some critical investigations. > > 1st: > In ApacheDS 1.5.5 anonymous access is enabled by default. In server.xml > we have two flags: > > <defaultDirectoryService id="directoryService" instanceId="default" > allowAnonymousAccess="true" > ...> > > <ldapServer id="ldapServer" > allowAnonymousAccess="false" > ...> > > Although the flag in <ldapServer> is set to "false" anonymous access > works. In fact, changing this flag has no effect.
AFAIR, only one of the two flags is useful. We must remove the other one. > 2nd: > When binding as anonymous one could make modifications to the server > (add, modify, delete)! Is this intended? Well, why not ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
