Re: [Freeipa-devel] [PATCH] 683 block anonymous access to hbac info

Simo Sorce Wed, 19 Jan 2011 15:29:34 -0800

On Wed, 19 Jan 2011 17:51:56 -0500
Rob Crittenden <[email protected]> wrote:


> +aci: (targetattr = "member || memberOf || memberHost ||
> memberUser")(version 3.0; acl "No anonymous access to member
> information"; deny (read,search,compare) userdn != "ldap:///all";;)

Nack, without 'member', nss_ldap will have no way to determine
posixAccount group memberships using anonymous access (the default).

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 683 block anonymous access to hbac info

Reply via email to