This may also be prevented in the DeafultAuthorizationService for those who do not use ACI based Authorization.

WDYT?

On 10/2/07, Emmanuel Lecharny <elecharny@gmail.com> wrote:
Yes, this is not an issue, as stated in the JIRA, it's pretty much
more a feature we don't have natively, as we don't have the ACI in the
core server.

The idea is to write this ACI, and to deliver it as a defautt. We also
need some documentation about it.

This is the reason it's in our roadmap.

On 10/2/07, Ersin Er <ersin.er@gmail.com> wrote:
> Hi all,
>
> There is an issue in the roadmap with the explanation "make sure
> userPassword cannot be searched". As far as I know this is a bug
> (https://issues.apache.org/jira/browse/DIRSERVER-997 ) and
> is also special case of another bug
> (https://issues.apache.org/jira/browse/DIRSERVER-955). AS
> soon as we fix DIRSERVER-955 this problem will also be gone. However, if
> we're talking controlling this in the DefaultAuthorizationService then it's
> ok as a new issue and it's easy to fix.
>
> Anything else I am missing?
>
> Thanks.
>
> --
> Ersin Er
> http://www.ersin-er.name


--
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com



--
Ersin Er
http://www.ersin-er.name