Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7863

Consider granting access to subSchemaSubentry when user can read entry

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.0.0
    • None
    • access control, ease of use
    • None

    Description

      It's a best practice to validate entries against the LDAP schema. Applications can read the subSchemaSubEntry attribute to find the entry that holds schema definitions.

      It would be nice if, by default, DS granted applications access to read subSchemaSubEntry on any entry they have access to read, even if the directory admin has not "opted in" to this best practice by manually adding an ACI for it.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              Mark Mark Craig
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: