** Description changed:
The current installation of slapd doesn't allow for searches in the empty
base (dn="") and the schema entries. These are needed by several client tools
to, among other things:
- check what the server schema is (luma, apache directory studio)
- discover what the serv
FWIW, I tried Luma and Apache Directory Studio and both first
authenticate and then check for the schema, so their search for the
schema is an authenticated one.
--
[karmic] frontend DB needs ACLs for base="" and cn=schema
https://bugs.launchpad.net/bugs/427842
You received this bug notification
On Fri, Sep 11, 2009 at 02:20:29PM -, Andreas Hasenack wrote:
> IIRC that's the way it is by default with slapd.conf, so we are keeping
> the same privileges in cn=config.
>
Well - IIRC the default slapd.conf was 'access to * by * read' for the
default database:
access to *
by dn="@AD
IIRC that's the way it is by default with slapd.conf, so we are keeping
the same privileges in cn=config.
The base "" was meant to be readable by everyone because it advertises
the capabilities of the server. Without it, for example, a client can't
know if the server supports START TLS or not. And
What would be the security implication of opening read access to anyone
(by *)?
** Changed in: openldap (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: openldap (Ubuntu)
Status: New => Triaged
--
[karmic] frontend DB needs ACLs for base="" and cn=schema
https://bugs.launchp