Axel Birndt wrote:
> {0}to dn.base="" by * read
> {1}to dn.base="cn=schema,cn=config" by * read
> {2}to dn.base="cn=Subschema" by * read
>
> But, does the first rule meaning, that everone could read all in this
> frontend??
dn.base="" limits the ACL to the root DSE which does not contain confidential
information.
> Is this security conform? Or it is better to allow only authenticated Users to
> read this?
Some security auditors recommend to limit access to rootDSE to authenticated
users. Your mileage may vary.
Ciao, Michael.
