ACI'S SET FOR CALENDAR 7 WITHIN THE DIRECTORY SERVER SHOULD BE MORE RESTRICTIVE
Last updated on SEPTEMBER 14, 2016
Applies to:Oracle Communications Calendar Server - Version 7.0 (JCS 7) and later
Information in this document applies to any platform.
The following document gives an example of a caldav "user-to-user read any attribute" aci:
Adding LDAP Access Control for Calendar Server Features
By following this example, it is noted that it is not only revealing social information such as department and memberships, but also password information in a simple, non-encrypted format (base64) in sunUCExternalMailProfile, if the user has external pop accounts configured with 'store password' enabled.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms