Hi all,

There is an issue in the roadmap with the explanation "make sure userPassword cannot be searched". As far as I know this is a bug (https://issues.apache.org/jira/browse/DIRSERVER-997 ) and is also special case of another bug (https://issues.apache.org/jira/browse/DIRSERVER-955). AS soon as we fix DIRSERVER-955 this problem will also be gone. However, if we're talking controlling this in the DefaultAuthorizationService then it's ok as a new issue and it's easy to fix.

Anything else I am missing?

Thanks.

--
Ersin Er
http://www.ersin-er.name