You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "David Paulsen (JIRA)" <ji...@apache.org> on 2015/06/01 22:00:19 UTC

[jira] [Created] (DIRSERVER-2067) Password Policy Enforced for admin user

David Paulsen created DIRSERVER-2067:
----------------------------------------

             Summary: Password Policy Enforced for admin user
                 Key: DIRSERVER-2067
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2067
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-M20
            Reporter: David Paulsen
            Priority: Minor


When bound to a connection using the "uid=admin,ou=system" user, it enforces the ads-pwdInHistory in the password policy of the uid I'm changing the password for. For example, if I'm changing the password for uid=147547,ou=8300,ou=DVHead,dc=kewilltransport,dc=com, and that uid has a pwdPolicySubentry=ads-pwdId=DVHead8300,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config, it enforces the ads-pwdId=DVHead8300 policy's ads-pwdInHistory setting even with the admin user.

My understanding is that since it's the admin user, it should not be enforcing any password policy rules.

Steps:
(1) Create a password policy where the ads-pwdInHistory is greater than 0 so it enforces not reusing passwords.
(2) Create a uid and set it's pwdPolicySubentry to the above password policy.
(3) Create a connection and bind to it using the "uid=admin,ou=system" user, and then modify password for the above uid. You will get this error:
    error: invalid reuse of password present in password history




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)