You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Peter Jamieson (JIRA)" <ji...@apache.org> on 2016/03/10 10:38:40 UTC
[jira] [Comment Edited] (DIRSERVER-2131) cannot log in with
ads-pwdmustchange true
[ https://issues.apache.org/jira/browse/DIRSERVER-2131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15188966#comment-15188966 ]
Peter Jamieson edited comment on DIRSERVER-2131 at 3/10/16 9:37 AM:
--------------------------------------------------------------------
Based on the stack trace, what seems to be happening is that the PwdModifyHandler.modifyUserPassword call does a lookup to ensure the user exists before changing the password. This lookup fails because the password needs to be reset.
This is the trace: -
{noformat}
INFO | jvm 1 | 2016/03/10 09:19:15 | "pool-7-thread-1" #29 prio=5 os_prio=0 tid=0x00007f1b3c065000 nid=0x1d17 at breakpoint[0x00007f1b518d9000]
INFO | jvm 1 | 2016/03/10 09:19:15 | java.lang.Thread.State: RUNNABLE
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1652)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.authn.AuthenticationInterceptor.lookup(AuthenticationInterceptor.java:850)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:483)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.normalization.NormalizationInterceptor.lookup(NormalizationInterceptor.java:196)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.DefaultOperationManager.lookup(DefaultOperationManager.java:775)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.shared.DefaultCoreSession.lookup(DefaultCoreSession.java:560)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.modifyUserPassword(PwdModifyHandler.java:98)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.handleExtendedOperation(PwdModifyHandler.java:297)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.handleExtendedOperation(PwdModifyHandler.java:66)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429)
INFO | jvm 1 | 2016/03/10 09:19:15 | at java.lang.Thread.run(Thread.java:745)
{noformat}
was (Author: peterjam28):
Based on the stack trace, what seems to be happening is that the PwdModifyHandler.modifyUserPassword call does a lookup to ensure the user exists before changing the password. This lookup fails because the password has been reset.
This is the trace: -
{noformat}
INFO | jvm 1 | 2016/03/10 09:19:15 | "pool-7-thread-1" #29 prio=5 os_prio=0 tid=0x00007f1b3c065000 nid=0x1d17 at breakpoint[0x00007f1b518d9000]
INFO | jvm 1 | 2016/03/10 09:19:15 | java.lang.Thread.State: RUNNABLE
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1652)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.authn.AuthenticationInterceptor.lookup(AuthenticationInterceptor.java:850)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:483)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.normalization.NormalizationInterceptor.lookup(NormalizationInterceptor.java:196)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.DefaultOperationManager.lookup(DefaultOperationManager.java:775)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.core.shared.DefaultCoreSession.lookup(DefaultCoreSession.java:560)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.modifyUserPassword(PwdModifyHandler.java:98)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.handleExtendedOperation(PwdModifyHandler.java:297)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler.handleExtendedOperation(PwdModifyHandler.java:66)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:64)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.request.ExtendedRequestHandler.handle(ExtendedRequestHandler.java:39)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:216)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475)
INFO | jvm 1 | 2016/03/10 09:19:15 | at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429)
INFO | jvm 1 | 2016/03/10 09:19:15 | at java.lang.Thread.run(Thread.java:745)
{noformat}
> cannot log in with ads-pwdmustchange true
> -----------------------------------------
>
> Key: DIRSERVER-2131
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2131
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0-M21
> Environment: centos 7.
> Reporter: Peter Jamieson
>
> If i modify the authentication policy to set ads-pwdmustchange to TRUE, when i log in, i get: -
> {noformat}
> provisioning:root *#ssh user2@192.168.56.164
> Authorized users only. All activity may be monitored and reported.
> user2@192.168.56.164's password:
> Password expired. Change your password now.
> Last login: Mon Mar 7 15:46:02 2016 from provisioning
> Authorized users only. All activity may be monitored and reported.
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user user2.
> Current Password:
> New password:
> Retype new password:
> Password change failed. Server message: Cannot find an entry for DN uid=user2,ou=users,dc=example,dc=com
> passwd: Authentication token manipulation error
> Connection to 192.168.56.164 closed.
> {noformat}
> and this appears in the apacheds.log: -
> [15:46:33] ERROR [org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler] - Cannot find an entry for DN uid=user2,ou=users,dc=example,dc=com, exception : password needs to be reset before performing this operation
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)