[jira] [Updated] (DIRSERVER-1795) Add an ACI to RootDSE

Sat, 02 Mar 2013 21:51:19 -0800 

     [ 
https://issues.apache.org/jira/browse/DIRSERVER-1795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-1795:
-----------------------------------------

    Fix Version/s:     (was: 2.0.0-M11)
                   2.0.0-M12
    
> Add an ACI to RootDSE
> ---------------------
>
>                 Key: DIRSERVER-1795
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1795
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>    Affects Versions: 2.0.0-M10
>            Reporter: Kiran Ayyagari
>            Assignee: Kiran Ayyagari
>             Fix For: 2.0.0-M12
>
>
> We might want to have this ACI stored and updated in configuration partition 
> cause RootDSE is a virtual entry.
> The discussion that sparked this idea is given below.
>  Is there a way to disable anonymous access to rootDSE
> 3 messages
> Hammond, Steven <[email protected]>  Sat, Feb 2, 2013 at 3:22 AM
> Reply-To: [email protected]
> To: "[email protected]" <[email protected]>
> We need to satisfy a requirement that takes issue with being able to see who 
> the vendor of the directory server is without authenticating first.  I think 
> it will be a problem since authenticating uses SASL and rootDSE shows the 
> SASLmechanisms allowed, but maybe someone knows a way.
> Requirement is related to this page.  http://www.stigviewer.com/check/V-14797
> Thank you.
> Kiran Ayyagari <[email protected]>         Sat, Feb 2, 2013 at 10:33 AM
> To: [email protected]
> no, this is not currently possible
> [Quoted text hidden]
> -- 
> Kiran Ayyagari
> http://keydap.com
> Emmanuel Lécharny <[email protected]>       Sat, Feb 2, 2013 at 11:45 AM
> Reply-To: [email protected], [email protected]
> To: [email protected]
> Le 2/2/13 6:03 AM, Kiran Ayyagari a écrit :
> > no, this is not currently possible
> We may need to implement an ACI authz on the rootDSE, something we don't
> currently support.
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to