Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
App server: Tomcat application server 5.5.15
JDK: Sun 1.5.0_10
LDAP server: SunOne Directory server 5.2
OS: Redhat Enterprise Server 3
Description
Use Case: Add Page : Restrictions : Choose Users
Issue: UUIDs display instead of username (reported in CONF-8662)
Impact: Exposure of group membership to end users violates our information security policy. This is a show stopper. Confluence will not be used in production at Brown University if this issue is not corrected.
Analysis:
Although it may be convenient in some organizations to be able to select individuals from a group membership list, this violates our information security policy. We need the ability to disable the Group Membership option on the User Search form when restricting access to a wiki page.
There is a separate issue on this screen that is described in CONF-8662, that prevents the display of members' username, full name, and email address. While this doesn't matter to us if we can disable this form, it should be corrected for the sake of users who want to use this feature, but don't use an AD-type DN format.
Attachments
Issue Links
- relates to
-
CONFSERVER-8662 LDAP group membership lists parse DN and assume login username is in DN
- Closed