This may also be prevented in the DeafultAuthorizationService for those who do not use ACI based Authorization.
Yes, this is not an issue, as stated in the JIRA, it's pretty much
more a feature we don't have natively, as we don't have the ACI in the
The idea is to write this ACI, and to deliver it as a defautt. We also
need some documentation about it.
This is the reason it's in our roadmap.
On 10/2/07, Ersin Er <email@example.com> wrote:
> Hi all,
> There is an issue in the roadmap with the explanation "make sure
> userPassword cannot be searched". As far as I know this is a bug
> (https://issues.apache.org/jira/browse/DIRSERVER-997 ) and
> is also special case of another bug
> (https://issues.apache.org/jira/browse/DIRSERVER-955). AS
> soon as we fix DIRSERVER-955 this problem will also be gone. However, if
> we're talking controlling this in the DefaultAuthorizationService then it's
> ok as a new issue and it's easy to fix.
> Anything else I am missing?
> Ersin Er