directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hal Deadman (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-2067) Password Policy Enforced for admin user
Date Tue, 10 May 2016 21:39:13 GMT


Hal Deadman commented on DIRSERVER-2067:

This is still and issue in M21, password expiration policy is also enforced (in addition to
the password history). 

There are steps here to unexpire your admin password if it is expired:

> Password Policy Enforced for admin user
> ---------------------------------------
>                 Key: DIRSERVER-2067
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M20
>            Reporter: David Paulsen
>            Priority: Minor
> When bound to a connection using the "uid=admin,ou=system" user, it enforces the ads-pwdInHistory
in the password policy of the uid I'm changing the password for. For example, if I'm changing
the password for uid=147547,ou=8300,ou=DVHead,dc=kewilltransport,dc=com, and that uid has
a pwdPolicySubentry=ads-pwdId=DVHead8300,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config,
it enforces the ads-pwdId=DVHead8300 policy's ads-pwdInHistory setting even with the admin
> My understanding is that since it's the admin user, it should not be enforcing any password
policy rules.
> Steps:
> (1) Create a password policy where the ads-pwdInHistory is greater than 0 so it enforces
not reusing passwords.
> (2) Create a uid and set it's pwdPolicySubentry to the above password policy.
> (3) Create a connection and bind to it using the "uid=admin,ou=system" user, and then
modify password for the above uid. You will get this error:
>     error: invalid reuse of password present in password history

This message was sent by Atlassian JIRA

View raw message