You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2013/03/03 06:51:13 UTC

[jira] [Updated] (DIRSERVER-1795) Add an ACI to RootDSE

     [ https://issues.apache.org/jira/browse/DIRSERVER-1795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny updated DIRSERVER-1795:
-----------------------------------------

    Fix Version/s:     (was: 2.0.0-M11)
                   2.0.0-M12
    
> Add an ACI to RootDSE
> ---------------------
>
>                 Key: DIRSERVER-1795
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1795
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>    Affects Versions: 2.0.0-M10
>            Reporter: Kiran Ayyagari
>            Assignee: Kiran Ayyagari
>             Fix For: 2.0.0-M12
>
>
> We might want to have this ACI stored and updated in configuration partition cause RootDSE is a virtual entry.
> The discussion that sparked this idea is given below.
>  Is there a way to disable anonymous access to rootDSE
> 3 messages
> Hammond, Steven <St...@polycom.com> 	Sat, Feb 2, 2013 at 3:22 AM
> Reply-To: users@directory.apache.org
> To: "users@directory.apache.org" <us...@directory.apache.org>
> We need to satisfy a requirement that takes issue with being able to see who the vendor of the directory server is without authenticating first.  I think it will be a problem since authenticating uses SASL and rootDSE shows the SASLmechanisms allowed, but maybe someone knows a way.
> Requirement is related to this page.  http://www.stigviewer.com/check/V-14797
> Thank you.
> Kiran Ayyagari <ka...@apache.org> 	Sat, Feb 2, 2013 at 10:33 AM
> To: users@directory.apache.org
> no, this is not currently possible
> [Quoted text hidden]
> -- 
> Kiran Ayyagari
> http://keydap.com
> Emmanuel Lécharny <el...@gmail.com> 	Sat, Feb 2, 2013 at 11:45 AM
> Reply-To: users@directory.apache.org, elecharny@apache.org
> To: users@directory.apache.org
> Le 2/2/13 6:03 AM, Kiran Ayyagari a écrit :
> > no, this is not currently possible
> We may need to implement an ACI authz on the rootDSE, something we don't
> currently support.
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira