On 09/24/2014 01:11 AM, Tommy McNeely wrote:
> Hi all,
> I have seen the documentation on how to disable anonymous access
> *completely* at
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/disabling-anon-binds.html
> However, I think that those base rootdse queries are probably important. I
> originally thought they only happened when running "ipa-client-install" but
> some quick tailing of the access log indicates to me that they happen a lot.
> So, instead of flipping the big switch in cn=config, has anyone considered
> just removing anonymous access to the *directory* data like:

Oh yes, "somebody" indeed considered another way! This was one of the core
feature of FreeIPA 4.0 which removed ACI you mentioned and replaced it with set
of very targeted Read ACIs so that admin will get a fine grained control who
can read what.

This is the feature page:

This is where you can try the new version:


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to