directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry
Date Mon, 24 Apr 2006 12:30:06 GMT
    [ http://issues.apache.org/jira/browse/DIRSERVER-606?page=comments#action_12376017 ] 

Emmanuel Lecharny commented on DIRSERVER-606:
---------------------------------------------

regarding your proposal :

a) Yeah, we can do that. This is for RC2, and its better to have something that works, even
if you can read your password, than something that is badly broken.

a-2) I agree with "minimal built-in rules". I used legacy, because it was something which
will be removed soon. I don't know when, may be in 1.1 or in 1.0

b) Yes, we have to update the doc.  Feel free to ask Alex about the intricacy of ACI usage
with the newer AuthorizationService. As he wrote the code, he is the one who know it the best.
We sure need this doco if we want users not to be puzzled as we are...

Password things : I'm not very confortable with it. I don't like the fact for instance that
I can read my passwords in Firefox. The problem is if you can do that, then you will have
to be paranoïd  : each time you go to have a copy, lock  your computer... I don't see any
occasion where clear password need to be shown to the user, even if the files that contains
the entries is not crypted (eh eh, another improvment ...). Well, this is another problem,
and we can fill a JIRA for that, too :)

> ou=users, ou=system - user cannot see their own entry
> -----------------------------------------------------
>
>          Key: DIRSERVER-606
>          URL: http://issues.apache.org/jira/browse/DIRSERVER-606
>      Project: Directory ApacheDS
>         Type: Bug

>     Versions: 1.0-RC1
>  Environment: JDK 1.4.1
> Tried both JXplorer, and from ACEGI security
>     Reporter: Marc Batchelor
>     Assignee: Stefan Zoerner
>     Priority: Critical
>  Attachments: patch.txt, patch_DIRSERVER-606_2.txt
>
> User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their
own entry to get their own attributes.
> Documentation states: Users cannot see other user entries under the 'ou=users,ou=system'
entry.
> Agreed and understood. But, the user, after binding with the directory, cannot even find
their own entry to get their own attributes. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message