<snip> > > I would like to note that all those acis where defined by default > during installation and initial configuration of 389, I didn't added > anything manually. > I understand now that is lot better to have an explicit list of > allowed attributes than negative blacklist. > If I get it correctly this is a huge security problem and I've seen > lot of ldap servers configured this way. Yes - you will notice that the 1.4.x servers completely change the default ACI's to no longer have this vulnerability :) I rewrote our 1.4.x ACI's to be a guide on secure ACI practices, that also have useful features like delegation of permissions and more. In general I am personally very excited for 1.4.x because it comes with many changes that will improve the administrator experience and safety by default, Thanks! > > thanks again for your time, william. > > > abosch > > > > > > -- Thanks, William Brown _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
