Free busy & resource web-admin.
Jeroen van Meeuwen (Kolab Systems)
vanmeeuwen at kolabsys.com
Fri Jan 25 20:39:03 CET 2013
On 2013-01-24 16:43, Dieter Klünter wrote:
> Am Wed, 23 Jan 2013 11:35:58 +0000
> schrieb "Jeroen van Meeuwen (Kolab Systems)"
> <vanmeeuwen at kolabsys.com>:
>> So there's no reason (yet) to give out too broad read access to this
>> tree.
>
> It has allways been good practice that the root directory special
> entry
> and the subschema entry can be read anonymously, otherwise clients may
> fail. Searching for appropriate SASL Mechanisms for example, or
> searching for appropriate namingContexts.
>
Sure - I certainly do not object against giving out broader read access
to this tree, but it sounded like the setup that we were working with
did not allow anonymous read access, and so following that, I'm
suggesting that the minimal next equivalent that enables the
functionality required is to give only the service account read access.
Kind regards,
Jeroen van Meeuwen
--
Systems Architect, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com
pgp: 9342 BF08
More information about the users
mailing list