This may also be prevented in the DeafultAuthorizationService for those who do not use ACI based Authorization.


On 10/2/07, Emmanuel Lecharny <> wrote:
Yes, this is not an issue, as stated in the JIRA, it's pretty much
more a feature we don't have natively, as we don't have the ACI in the
core server.

The idea is to write this ACI, and to deliver it as a defautt. We also
need some documentation about it.

This is the reason it's in our roadmap.

On 10/2/07, Ersin Er <> wrote:
> Hi all,
> There is an issue in the roadmap with the explanation "make sure
> userPassword cannot be searched". As far as I know this is a bug
> ( ) and
> is also special case of another bug
> ( AS
> soon as we fix DIRSERVER-955 this problem will also be gone. However, if
> we're talking controlling this in the DefaultAuthorizationService then it's
> ok as a new issue and it's easy to fix.
> Anything else I am missing?
> Thanks.
> --
> Ersin Er

Emmanuel L├ęcharny

Ersin Er