Bug 11210 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210) is a security problem which could have serious effects for people using JNDIRealm with the Netscape/iPlanet JNDI LDAP provider (com.netscape.jndi.ldap.LdapContextFactory). The default provider (com.sun.jndi.ldap.LdapCtxFactory) works OK.
I believe the problem is due to a failure of the Netscape/iPlanet provider to conform to the JNDI 1.2 specification - see the bugzilla report for details. However, getting that fixed is likely to take a while. The bug report includes a patch to JNDIRealm which avoids the problem. Could someone please have a look at it and hopefully commit it? (Remy has been committing my JNDIRealm patches but now that he's on holiday/has left Sun I'm not sure how things stand). Thanks, John -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>