directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hal Deadman (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-2202) pwdHistory not getting maintained when doing modify password with ldaptive client
Date Sat, 15 Jul 2017 01:44:00 GMT
Hal Deadman created DIRSERVER-2202:
--------------------------------------

             Summary: pwdHistory not getting maintained when doing modify password with ldaptive
client
                 Key: DIRSERVER-2202
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2202
             Project: Directory ApacheDS
          Issue Type: Bug
    Affects Versions: 2.0.0-M23
         Environment: windows, ldaptive latest, java 8
            Reporter: Hal Deadman


If I connect as a non admin user and modify my own password with directory studio, a new pwdHistory
is added. 

If I modify the password programatically, using the old/new password modifyPassword extended
operation that should respect history, it is deleting all my history (and leaving a single
pwdHistory entry). The code looks like this:

// connecting as user that is trying to change their password
		org.ldaptive.Credential cred = new org.ldaptive.Credential(oldPassword);
		org.ldaptive.BindConnectionInitializer bindConnectionInit = new org.ldaptive.BindConnectionInitializer(userDn,cred);
		org.ldaptive.ConnectionConfig connectionConfig = new org.ldaptive.ConnectionConfig(ldapUrl);
		connectionConfig.setUseStartTLS(false);
		connectionConfig.setConnectionInitializer(bindConnectionInit);
		DefaultConnectionFactory userLdapConnectionFactory = new DefaultConnectionFactory(connectionConfig);
		try (Connection conn = userLdapConnectionFactory.getConnection()) {
		  conn.open();
		  PasswordModifyOperation modify = new PasswordModifyOperation(conn);
		  Response<Credential> response = modify.execute(new PasswordModifyRequest(userDn,
new Credential(oldPassword), new Credential(plaintextPassword)));
		} 

Isn't the pwdHistory being maintained by the server? Why does a different client determine
whether pwdHistory entries are added or not? (In this case they are not only not added but
multiple entries are replaced by a single one).

Ldaptive doesn't implement ldap protocol, in this case it is using JNDI as the provider of
ldap protocol. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message