On Tue, Oct 12, 2010 at 10:33 AM, Kiran Ayyagari <kayyagari@apache.org> wrote:
On Tue, Oct 12, 2010 at 12:18 PM, Emmanuel Lecharny <elecharny@gmail.com> wrote:
>  On 10/12/10 8:36 AM, Pierre-Arnaud MARCELOT wrote:
>>
>> Hi,
>>
>> I agree that it could be interesting to have this kind of feature.
>>
>> Wouldn't it be more interesting to have the ability to give a list of
>> specific ATs that should be hidden instead.
>> We have that in Studio and it gives much more power and flexibility.
>
> That's a pretty good idea.
>
> However, I think that this kind of protection can be better handled by the
> ACI subsystem. Atm, as it's a bit broken, I'd like to keep this parameter
> along until we have a better way to manage ATs.
>
> That also means the move was not stupid, it's just that it's temporarily
> useful, and probably easier to manage than a global ACI.
before actually removing it I have checked for the references to the
isPasswordHidden()
method present in the DirectoryService but sadly I missed that the
SearchHandler uses it,
so it should be reverted (I ran the integ tests but without building
protocol-ldap so didn't find this issue) cause the build is broken
now, I should have checked by doing a full build, sorry for the
trouble if anyone had with a broken trunk.

OTOH, I think enforcing this feature with ACI seems to be the better way


+1 I fully agree. Also with a UI feature or wizard in Studio we can simplify the creation of the ACI to ask the user if they want userPassord or other such critical security elements hidden.

Such a wizard can compliment the full force direct manipulation of the ACIItem that might at first sight seem a bit complex for users who are not very educated about this subject. Your grandmother should be able to do this with the wizard while power users can dig deep to get better fine grained control.

WDYT?

 
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>



Kiran Ayyagari



--
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
To set up a meeting with me: http://tungle.me/AlexKarasulu