You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Kiran Ayyagari (JIRA)" <ji...@apache.org> on 2010/08/19 20:13:18 UTC

[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import entries with a non clear text password

    [ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12900382#action_12900382 ] 

Kiran Ayyagari commented on DIRSERVER-1543:
-------------------------------------------

The attribute 'pwdCheckQuality' when set to '2' (this is the default in our default ppolicy) refuses to accept any non-clear text passwords. 
Setting this value to 1 will accept the hashed passwords.

> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
>                 Key: DIRSERVER-1543
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-RC1
>            Reporter: Emmanuel Lecharny
>            Priority: Critical
>             Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for     Add Request : Entry     dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com     objectClass: organizationalPerson     objectClass: person     objectClass: inetOrgPerson     objectClass: top     uid: elecharny     mail: elecharny@apache.org     sn: Lecharny     userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...'     cn: Emmanuel Lecharny     givenName: Emmanuel    : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.