Red Hat Bugzilla – Bug 444117
end-user DB searching should not run as Directory Admin
Last modified: 2015-01-04 19:08:13 EST
Description of problem:
There is a web form on the CA subsystem that allows end users to search the CA's
database for other users, certificate, and other information. Some users who
have not been trained to properly user the web form may request an LDAP query
that will take a very long time to complete and will consume CA resources.
Users are able to tax the CA because the web-form searches using privileges of
the administrator. If that function ran as a different user, it would be
possible to put timeout limits on searches to prevent intentional or
unintentional draining of CA resources.
Is performance issue 8.0?
This may require some heavy lifting. Putting it on the 8.1 radar.