You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2019/06/28 05:45:00 UTC
[jira] [Updated] (DIRSERVER-2202) pwdHistory not getting maintained
when doing modify password with ldaptive client
[ https://issues.apache.org/jira/browse/DIRSERVER-2202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-2202:
-----------------------------------------
Component/s: ppolicy
> pwdHistory not getting maintained when doing modify password with ldaptive client
> ---------------------------------------------------------------------------------
>
> Key: DIRSERVER-2202
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2202
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ppolicy
> Affects Versions: 2.0.0-M23
> Environment: windows, ldaptive latest, java 8
> Reporter: Hal Deadman
> Priority: Major
>
> If I connect as a non admin user and modify my own password with directory studio, a new pwdHistory is added.
> If I modify the password programatically, using the old/new password modifyPassword extended operation that should respect history, it is deleting all my history (and leaving a single pwdHistory entry). The code looks like this:
> {noformat}
> // connecting as user that is trying to change their password
> org.ldaptive.Credential cred = new org.ldaptive.Credential(oldPassword);
> org.ldaptive.BindConnectionInitializer bindConnectionInit = new org.ldaptive.BindConnectionInitializer(userDn,cred);
> org.ldaptive.ConnectionConfig connectionConfig = new org.ldaptive.ConnectionConfig(ldapUrl);
> connectionConfig.setUseStartTLS(false);
> connectionConfig.setConnectionInitializer(bindConnectionInit);
> DefaultConnectionFactory userLdapConnectionFactory = new DefaultConnectionFactory(connectionConfig);
> try (Connection conn = userLdapConnectionFactory.getConnection()) {
> conn.open();
> PasswordModifyOperation modify = new PasswordModifyOperation(conn);
> Response<Credential> response = modify.execute(new PasswordModifyRequest(userDn, new Credential(oldPassword), new Credential(plaintextPassword)));
> }
> {noformat}
> Isn't the pwdHistory being maintained by the server? Why does a different client determine whether pwdHistory entries are added or not? (In this case they are not only not added but multiple entries are replaced by a single one).
> Ldaptive doesn't implement ldap protocol, in this case it is using JNDI as the provider of ldap protocol.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org