Date: 2004-12-06T20:20:08 Editor: AlexKarasulu <[EMAIL PROTECTED]> Wiki: Apache Directory Project Wiki Page: EveGeneral URL: http://wiki.apache.org/directory/EveGeneral
no comment Change Log: ------------------------------------------------------------------------------ @@ -8,9 +8,9 @@ * Another test user account uid=akarasulu,ou=users,ou=system is created on first startup and has password "test". Use it to play. - * Any user entry that has the userPassword attribute set can be authenticated. The user need not be under ou=users, ou=system. + * Any entry with a userPassword attribute containing a plain text password can be authenticated. The user need not be under ou=users, ou=system. - * There are advantages to creating users under ou=users, ou=system. First the user is available regardless of the context partitions that are created. The user also is protected by some hardcoded authorization rules within the system. Namely only self read is possible for all users on their own accounts. Users cannot see the credentials of others minus the super-user of course. This is an intermediate hardcoded authorization rule set until the authorization subsystem matures. + * There are advantages to creating entries with userPassword fields under ou=users, ou=system. First the entry is available regardless of the context partitions that are created. The entry is also protected by some hardcoded authorization rules within the system. Namely only self read is possible for all non-admin principals on their own accounts. Standard principals cannot see the credentials of others minus the super-user of course. This is an intermediate hardcoded authorization rule set until the authorization subsystem matures. * By default, anonymous binds are allowed both via JNDI interfaces and via LDAP based network clients. So the server will start and work without any initial configuration. The presence of the ""eve.disable.anonymous"" property key disables anonymous user access on both interfaces (JNDI and LDAP).
