You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Hal Deadman (JIRA)" <ji...@apache.org> on 2016/05/10 21:39:13 UTC

[jira] [Commented] (DIRSERVER-2067) Password Policy Enforced for admin user

    [ https://issues.apache.org/jira/browse/DIRSERVER-2067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15279003#comment-15279003 ] 

Hal Deadman commented on DIRSERVER-2067:
----------------------------------------

This is still and issue in M21, password expiration policy is also enforced (in addition to the password history). 

There are steps here to unexpire your admin password if it is expired:
http://markmail.org/message/rohhcxnar4ysfzlq


> Password Policy Enforced for admin user
> ---------------------------------------
>
>                 Key: DIRSERVER-2067
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2067
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M20
>            Reporter: David Paulsen
>            Priority: Minor
>
> When bound to a connection using the "uid=admin,ou=system" user, it enforces the ads-pwdInHistory in the password policy of the uid I'm changing the password for. For example, if I'm changing the password for uid=147547,ou=8300,ou=DVHead,dc=kewilltransport,dc=com, and that uid has a pwdPolicySubentry=ads-pwdId=DVHead8300,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config, it enforces the ads-pwdId=DVHead8300 policy's ads-pwdInHistory setting even with the admin user.
> My understanding is that since it's the admin user, it should not be enforcing any password policy rules.
> Steps:
> (1) Create a password policy where the ads-pwdInHistory is greater than 0 so it enforces not reusing passwords.
> (2) Create a uid and set it's pwdPolicySubentry to the above password policy.
> (3) Create a connection and bind to it using the "uid=admin,ou=system" user, and then modify password for the above uid. You will get this error:
>     error: invalid reuse of password present in password history



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)