We are not setting LDAP anonymous access limits correctly. This is an excerpt of ipaupgrade.log:
2012-02-27T15:59:56Z DEBUG add: 'dc=com' to nsslapd-anonlimitsdn, current value ['dc=com', u'cn=anonymous-limits', u'cn=etc', u'dc=idm', u'dc=lab', u'dc=bos', u'dc=redhat'] 2012-02-27T15:59:56Z DEBUG add: updated value [u'cn=anonymous-limits', u'cn=etc', u'dc=idm', u'dc=lab', u'dc=bos', u'dc=redhat', u'dc=com']
cn=anonymous-limits,cn=etc,SUFFIX also does not contain the limits. Anonymous connections thus are not as restricted as they ought to be.
cn=anonymous-limits,cn=etc,SUFFIX
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=798361
attachment freeipa-rcrit-984-anonlimits.patch
master: f5e5bf8[[BR]] ipa-2-2: 54ab3e1
Metadata Update from @mkosek: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.