You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2015/07/25 15:03:04 UTC
[jira] [Created] (DIRSERVER-2085) The PasswordPolicyConfiguration
holds the password attribute as a String
Emmanuel Lecharny created DIRSERVER-2085:
--------------------------------------------
Summary: The PasswordPolicyConfiguration holds the password attribute as a String
Key: DIRSERVER-2085
URL: https://issues.apache.org/jira/browse/DIRSERVER-2085
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 2.0.0-M20
Reporter: Emmanuel Lecharny
Fix For: 2.0.0-M21
When we are dealing with a password modification, we call the {{getPwdModDetails}} methods, which try to find if a Modification is impacting the password attribute. This attribute is configured in the {{PasswordPolicyConfiguration}} class (which is either read from the config, or default to {{userPassword}}).
So far, so good, except that the password attribute is stored as a String in the {{PasswordPolicyConfiguration}} instance, which leads to code like :
{code}
if ( at.getUpId().equalsIgnoreCase( policyConfig.getPwdAttribute() ) )
{code}
This is *broken*. If the Mods contain the OID of the password attribute instead of its name, it's not going to work. If the configured password attribute has many names, it won't work either.
We *must* store the {{AttributeType}} and not the String of the password attribute, and compare it with the {{AttributeType}} we have in the Modification.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)