[1.0.0] Harden the default security posture of the server.#212
Merged
Conversation
Currently, a user is expected to set all their own ACLs and it isn't clear what should be set by default to not expose real issues. This fixes that by: * Using a secure by default ACL rule list, which restricts password attributes, restricts privileged operations, restricts privileged extended operations. * Exposes a "manager" DN, which is a super user defined by config. This is like a recovery account basically. * Exposes a "admin" subject that can be either that DN or a group granted extended rights (password reset / priveleged ops). The default secure rules are also composable onto a custom ACL ruleset for convenience (so you don't accidentally mess them up trying to define them).
…ded to correctly gate userPassword access and gives more fine grained control over attribute access in general.
… to explicitly opt-in to a more relaxed ACL.
…ds a bypass for attribute visibility, which is expected for sync. It's also why sync repl is a priveleged control.
…ers to explicitly construct using "fromEmpty" if they want their own. Document the hazards.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This makes several changes to the default ACL rules in place. Currently, a user is expected to set all their own ACLs and it isn't clear what should be set by default to not expose real issues. This fixes that by:
userPasswordin various contexts.The default secure rules are also composable onto a custom ACL ruleset for convenience (so you don't accidentally mess them up trying to define them). And these defaults are now covered via actual integration tests.
This will have some follow-ups related to the newly added manager user and also some subtle behavior with
userPasswordoutside of the normal password reset method for users.