[jira] [Created] (DIRSERVER-2366) "ads-pwdMustChange: TRUE" returns INSUFFICIENT_ACCESS_RIGHTS using ApacheDS 2.0.0-M26

["Michael (Jira)" <ji...@apache.org>]

Michael created DIRSERVER-2366:
----------------------------------

             Summary: "ads-pwdMustChange: TRUE" returns INSUFFICIENT_ACCESS_RIGHTS using ApacheDS 2.0.0-M26
                 Key: DIRSERVER-2366
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2366
             Project: Directory ApacheDS
          Issue Type: Bug
            Reporter: Michael


After upgrading to ApacheDS 2.0.0-M26 from ApacheDS2.0.0-M17, this attribute "ads-pwdMustChange: TRUE" behaves differently in 2.0.0-M26. We have a password policy to change the password on the first time login.

Before upgrade, we're able to change the password on the first time login to our application using the older version of ApacheDS 2.0.0-M17.

With the new version ApacheDS2.0.0-M26, the LDAP search result returns an error "Insufficient_Access_Rights". 

Any idea what could be the problem here?

[MessageType : SEARCH_RESULT_DONE
Message ID : 2
Search Result Done
Ldap Result
Result code : (INSUFFICIENT_ACCESS_RIGHTS) insufficientAccessRights
Matched Dn : ''
Diagnostic message : 'INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : SEARCH_REQUEST
Message ID : 2
SearchRequest
baseDn : 'uid=admin,ou=Users,ou=Management,ou=Foo,dc=Local,dc=Site,o=Company'
filter : '(objectClass=*)'
scope : base object
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@a3ef3537: password needs to be reset before performing this operation:
org.apache.directory.api.ldap.model.exception.LdapNoPermissionException: password needs to be reset before performing this operation
at org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1716)
at org.apache.directory.server.core.authn.AuthenticationInterceptor.search(AuthenticationInterceptor.java:1388)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:596)
at org.apache.directory.server.core.normalization.NormalizationInterceptor.search(NormalizationInterceptor.java:414)
at org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1831)
at org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1219)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:797)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1147)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1245)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:211)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:94)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:209)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:57)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243)
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:224)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1015)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:106)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:89)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:541)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:493)
at java.base/java.lang.Thread.run(Thread.java:834)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org