Paul B. Henson wrote:
From: Quanah Gibson-Mount [mailto:qua...@zimbra.com]
I'd also note http://www.openldap.org/its/index.cgi/?findid=7710
I saw the contextCSN issue float by on the list, but I didn't run into that
problem, or at least my monitoring system that verifies replication
Mark Dieterich wrote:
by ssf=128 self write
I don't think this works. Probably should be just
It works just fine with the ssf=128 in there if I drop the val.type
statement.
by self write
Regardless, I dropped it and still ended up with the same insufficient
access error.
Then
devzero2000 wrote:
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
Michael Ströder wrote:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
Howard Chu wrote:
Look at the volume of messages on this list related to ACLs - clearly, most
OpenLDAP admins are both conscious of and conscientious about using effective
ACLs.
But unfortunately the majority of web app deployments with some sort of LDAP
server as backend use a *single* quite
Howard Chu wrote:
I suppose in a poorly designed app this is possible.
I think what's the paper is about: There are indeed many poorly designed apps
out there.
Reading access control
data from wrong LDAP entries is also wrong design. There is no reason for an
app to ever read access control
On Sat, Oct 12, 2013 at 10:45:30AM +0200, Michael Ströder wrote:
If you enable slapo-memberof on all your replicas you will see it.
I did have it enabled on everything for about a day and a half without
noticing it. But it looks like the fix for that inconsistency will
hopefully come along with
On Sat, Oct 12, 2013 at 12:34 PM, Howard Chu h...@symas.com wrote:
devzero2000 wrote:
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
Michael Ströder wrote:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4