Quanah Gibson-Mount wrote:
--On Monday, July 20, 2009 9:50 PM -0400 Alex Karasulu
<[email protected]> wrote:
Ahhh okie you're right on. My bad.
This is quite correct. There are even some (stupid) security programs
that will say being able to read the rootDSE is a vulnerability. OTOH,
I've always left it read to the world, most clients prefer it. :P
There are also tests within the Open Group LDAP certification suite
which check whether the Root DSE is readable anonymously. But it is OK,
if we are able to configure a server to behave like that for a test run.
No need to make that the default.
Greetings from Hamburg,
Stefan
