Re: Please review text for security warning
Thanks for your earlier feedback, and I'm sorry it's taken me so long to
follow up on this.
On 14-10-04 04:26 PM, Justin B Rye wrote:
That's an alarmingly fragile-looking procedure...
It is. I did spend some time on a scripted solution, but at this point
it's extremely late to introduce a change that risks breaking slapd if I
got it wrong; so back to the original plan.
Please find below the complete set of added or modified debconf
templates that I intend to post for translation, in case you have any
Once again, my sincere apologies for having these unfinished changes so
close to the freeze.
Choices: BDB, HDB, MDB
_Description: Database backend to use:
HDB and BDB use similar storage formats, but HDB adds support for
subtree renames. Both support the same configuration options.
The MDB backend is recommended. MDB uses a new storage format and
requires less configuration than BDB or HDB.
In any case, you should review the resulting database configuration for
your needs. See /usr/share/doc/slapd/README.Debian.gz for more details.
# Translators: keep "by self write" and "to *" unchanged. These are
# part of the slapd configuration and are not translatable.
_Description: Access rules permit self-modification by users
One or more of the configured databases has an access control rule
that allows users to modify most of their own attributes. This may be
unsafe, depending on how the database is used.
It is recommended to remove "by self write" from access rules
beginning with "to *", so that users are only able to modify
specifically allowed attributes.
See /usr/share/doc/slapd/README.Debian.gz for more details.