[Freeipa-devel] [PATCHES] 0552-0554 Upgrading write permissions

[Simo Sorce]

On Wed, 2014-05-28 at 16:27 +0200, Petr Viktorin wrote:
> Simo, I hazily remember discussing that we should only allow specific 
> attributes on add, otherwise users can add entries with any extra 
> objectclasses and attributes. Did we come to a conclusion?
> I might have confused targetattr with targetattrfilter in my notes; 
> since I see targetarr is ineffective.
> 
Yes we need to restrict at least the allowed objectclasses I think.

Simo.