The server provides an access control model with strong validation to help ensure that invalid access control instructions (ACIs) are not allowed into the server.
The server ensures that all access control rules (ACRs) added over LDAP are valid and can
be fully parsed. The server rejects any operation that attempts to store one or more
invalid ACIs. It also validates ACIs contained in data imported from an LDIF file. The
server rejects any entry containing a malformed aci
value.
As an additional level of security, the server examines and validates all ACIs stored in
the data whenever a backend is brought online. If the server finds any malformed ACIs in
the backend, it generates an administrative alert to notify administrators of the problem
and places itself in lockdown mode. While in lockdown mode, the server only allows requests
from users who have the lockdown-mode
privilege. This action allows
administrators to correct the malformed ACI while ensuring that no sensitive data is
inadvertently exposed because of an ACI not being enforced. When the problem has been
corrected, the administrator can use the leave-lockdown-mode tool or
restart the server to allow it to resume normal operation.