Michael Ströder wrote: > On 6/14/19 5:15 PM, Quanah Gibson-Mount wrote: >> Thanks to Ondrej, this list is a bit shorter now. :) > > But one more I'd love to see in 2.4.48: > > ITS#8866: RFE: slapo-constraint to return filter used in diagnostic message > > https://www.openldap.org/its/index.cgi?findid=8866
I don't believe the information disclosure issues have been sufficiently answered there. Overall it's a bad idea and goes against our standing policy of minimal disclosure. At most you would expect something relevant in syslog. The actual rules in play are only the sysadmin's business, not any end user's. > I have a back-port patch for this in my own 2.4.47 packages because it > is very useful. > > Ciao, Michael. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/