You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2010/08/19 16:40:16 UTC
[jira] Created: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Password Policy forbid to import entries with a non clear text password
-----------------------------------------------------------------------
Key: DIRSERVER-1543
URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 2.0.0-RC1
Reporter: Emmanuel Lecharny
Priority: Critical
Fix For: 2.0.0-RC1
If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
#!RESULT ERROR
#!CONNECTION ldap://iktek:10389
#!DATE 2010-08-19T16:33:01.575
#!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
dn: uid=elcharny,ou=People,dc=iktek,dc=com
changetype: add
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
mail: elecharny@apache.org
givenName: Emmanuel
uid: seelmann
userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
sn: Lecharny
cn: Emmanuel lecharny
Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (DIRSERVER-1543) Password Policy
forbid to import entries with a non clear text password
Posted by "Pierre-Arnaud Marcelot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12906442#action_12906442 ]
Pierre-Arnaud Marcelot edited comment on DIRSERVER-1543 at 9/6/10 3:48 AM:
---------------------------------------------------------------------------
Like Emmanuel, I think the default value for this property should be '0'.
It could be very misleading for a user to have LDIF imports failing because of this at the first run of Apache DS.
At least, it was for both of us when we put the finger on it...
Is the default value still '2' ?
was (Author: pamarcelot):
Like Emmanuel, I think the default value for this property should be '0'.
It could be very misleading for a user to have LDIF imports failing because of this at the first run of Apache DS.
At least, it was for both of us when we put the finger on it...
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Assignee: Kiran Ayyagari
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Kiran Ayyagari (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12900576#action_12900576 ]
Kiran Ayyagari commented on DIRSERVER-1543:
-------------------------------------------
when set to '0' the quality will never be checked, i.e max/min length values won't be considered (even if they are set).
Whereas when set to '1' it checks for password quality but in some cases (like hashed password) even if it can't check will allow the password.
Here the idea is to allow clear text password and change it to hashed after completing the ppolicy checks (but at the moment we don't have
this feature of converting clear text password to a hashed one)
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Kiran Ayyagari (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12900382#action_12900382 ]
Kiran Ayyagari commented on DIRSERVER-1543:
-------------------------------------------
The attribute 'pwdCheckQuality' when set to '2' (this is the default in our default ppolicy) refuses to accept any non-clear text passwords.
Setting this value to 1 will accept the hashed passwords.
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Pierre-Arnaud Marcelot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12906446#action_12906446 ]
Pierre-Arnaud Marcelot commented on DIRSERVER-1543:
---------------------------------------------------
If the ppolicy module is disabled by default, '2' is good as default value then.
Thanks for the update, Kiran.
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Assignee: Kiran Ayyagari
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Kiran Ayyagari (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12906443#action_12906443 ]
Kiran Ayyagari commented on DIRSERVER-1543:
-------------------------------------------
'0' will skip the complete quality check and yes the default value is still '2'.
However the ppolicy will be disabled by default(currently it is enabled by default but that will be changed before releasing the 2.0.0-RC1)
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Assignee: Kiran Ayyagari
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Kiran Ayyagari (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kiran Ayyagari closed DIRSERVER-1543.
-------------------------------------
Assignee: Kiran Ayyagari
Resolution: Not A Problem
Closing this as 'not a problem', cause it is a config issue
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Assignee: Kiran Ayyagari
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Pierre-Arnaud Marcelot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12906442#action_12906442 ]
Pierre-Arnaud Marcelot commented on DIRSERVER-1543:
---------------------------------------------------
Like Emmanuel, I think the default value for this property should be '0'.
It could be very misleading for a user to have LDIF imports failing because of this at the first run of Apache DS.
At least, it was for both of us when we put the finger on it...
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Assignee: Kiran Ayyagari
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-1543) Password Policy forbid to import
entries with a non clear text password
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12900500#action_12900500 ]
Emmanuel Lecharny commented on DIRSERVER-1543:
----------------------------------------------
I think that the default should be 0.
(btw, this is the value we set and it worked)
> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
> Key: DIRSERVER-1543
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-RC1
> Reporter: Emmanuel Lecharny
> Priority: Critical
> Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for Add Request : Entry dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: elecharny mail: elecharny@apache.org sn: Lecharny userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...' cn: Emmanuel Lecharny givenName: Emmanuel : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.