This is another idea. At least, this woould be faster than leveraging some ACI, but I think that ACI is a better idea (you may authorize some admin to search for password, for instance).
On 10/2/07, Ersin Er <[EMAIL PROTECTED]> wrote: > This may also be prevented in the DeafultAuthorizationService for those who > do not use ACI based Authorization. > > WDYT? > > > On 10/2/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote: > > Yes, this is not an issue, as stated in the JIRA, it's pretty much > > more a feature we don't have natively, as we don't have the ACI in the > > core server. > > > > The idea is to write this ACI, and to deliver it as a defautt. We also > > need some documentation about it. > > > > This is the reason it's in our roadmap. > > > > On 10/2/07, Ersin Er <[EMAIL PROTECTED]> wrote: > > > Hi all, > > > > > > There is an issue in the roadmap with the explanation "make sure > > > userPassword cannot be searched". As far as I know this is a bug > > > (https://issues.apache.org/jira/browse/DIRSERVER-997 ) > and > > > is also special case of another bug > > > (https://issues.apache.org/jira/browse/DIRSERVER-955). > AS > > > soon as we fix DIRSERVER-955 this problem will also be gone. However, if > > > we're talking controlling this in the DefaultAuthorizationService then > it's > > > ok as a new issue and it's easy to fix. > > > > > > Anything else I am missing? > > > > > > Thanks. > > > > > > -- > > > Ersin Er > > > http://www.ersin-er.name > > > > > > -- > > Regards, > > Cordialement, > > Emmanuel Lécharny > > www.iktek.com > > > > > > -- > > Ersin Er > http://www.ersin-er.name -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
