The Directory Server provides an access control model with strong validation to help ensure that invalid access control instructions (ACIs) are not allowed into the server.
The Directory Server ensures that all access control rules (ACRs) added over
LDAP are valid and can be fully parsed. The Directory Server rejects any
operation that attempts to store one or more invalid ACIs. It also validates ACIs contained
in data imported from an LDIF file. The Directory Server rejects any entry
containing a malformed aci
value.
As an additional level of security, the Directory Server examines and
validates all ACIs stored in the data whenever a backend is brought online. If the server
finds any malformed ACIs in the backend, it generates an administrative alert to notify
administrators of the problem and places itself in lockdown mode. While in lockdown mode,
the server only allows requests from users who have the lockdown-mode
privilege. This action allows administrators to correct the malformed ACI while ensuring
that no sensitive data is inadvertently exposed because of an ACI not being enforced. When
the problem has been corrected, the administrator can use the
leave-lockdown-mode tool or restart the server to allow it to resume
normal operation.