directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <>
Subject [jira] Commented: (DIRSERVER-606) ou=users, ou=system - user cannot see their own entry
Date Mon, 24 Apr 2006 11:56:06 GMT
    [ ] 

Stefan Zoerner commented on DIRSERVER-606:


currently (1.0 RC1), the OldAuthorizationService is enabled in the configuration by default.
I think we have therefore two options:

a) keep it enabled
In this case we should fix the bugs within the service (like this one), and try to have it
work as described in the documentation (or update the documentation)
In these docs the OldAuthorizationService is interpreted as "minimal built-in rules", not
How about renaming OldAuthorizationService to MinimalAuthorizationService (or something like
that), if we decide to keep it?

b) disable or (even better) remove the service
In this case, we have to update the docs, and to ensure that the default ACI configuration
is reasonable secure. 

Password thing: I think it should be possible to allow users to read passwords. In some occasions
someone may need it (if s/he wishes to write his/her own replication, for instance). I prefer
to forbid it by default via ACIs (and allow users to change this behavior).

> ou=users, ou=system - user cannot see their own entry
> -----------------------------------------------------
>          Key: DIRSERVER-606
>          URL:
>      Project: Directory ApacheDS
>         Type: Bug

>     Versions: 1.0-RC1
>  Environment: JDK 1.4.1
> Tried both JXplorer, and from ACEGI security
>     Reporter: Marc Batchelor
>     Assignee: Stefan Zoerner
>     Priority: Critical
>  Attachments: patch.txt, patch_DIRSERVER-606_2.txt
> User binds to ApacheDS as a user under ou=users, ou=system. The user cannot see their
own entry to get their own attributes.
> Documentation states: Users cannot see other user entries under the 'ou=users,ou=system'
> Agreed and understood. But, the user, after binding with the directory, cannot even find
their own entry to get their own attributes. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message