Bug 444117 - end-user DB searching should not run as Directory Admin
end-user DB searching should not run as Directory Admin
Status: NEW
Product: Dogtag Certificate System
Classification: Community
Component: CA (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Christina Fu
Ben Levenson
Depends On:
Blocks: 530474
  Show dependency treegraph
Reported: 2008-04-25 01:01 EDT by Bob Lord
Modified: 2015-01-04 19:08 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bob Lord 2008-04-25 01:01:04 EDT
Description of problem:
There is a web form on the CA subsystem that allows end users to search the CA's
database for other users, certificate, and other information. Some users who
have not been trained to properly user the web form may request an LDAP query
that will take a very long time to complete and will consume CA resources.

Users are able to tax the CA because the web-form searches using privileges of
the administrator. If that function ran as a different user, it would be
possible to put timeout limits on searches to prevent intentional or
unintentional draining of CA resources.
Comment 1 Christina Fu 2008-05-06 14:52:11 EDT
Is performance issue 8.0?
Comment 2 Bob Lord 2008-05-06 16:14:08 EDT
This may require some heavy lifting.  Putting it on the 8.1 radar.

Note You need to log in before you can comment on or make changes to this bug.