directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Updated] (DIRSERVER-2067) Password Policy Enforced for admin user
Date Fri, 28 Jun 2019 06:45:00 GMT


Emmanuel Lecharny updated DIRSERVER-2067:
    Component/s: ppolicy

> Password Policy Enforced for admin user
> ---------------------------------------
>                 Key: DIRSERVER-2067
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ppolicy
>    Affects Versions: 2.0.0-M20
>            Reporter: David Paulsen
>            Priority: Minor
> When bound to a connection using the "uid=admin,ou=system" user, it enforces the ads-pwdInHistory
in the password policy of the uid I'm changing the password for. For example, if I'm changing
the password for uid=147547,ou=8300,ou=DVHead,dc=kewilltransport,dc=com, and that uid has
a pwdPolicySubentry=ads-pwdId=DVHead8300,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config,
it enforces the ads-pwdId=DVHead8300 policy's ads-pwdInHistory setting even with the admin
> My understanding is that since it's the admin user, it should not be enforcing any password
policy rules.
> Steps:
> (1) Create a password policy where the ads-pwdInHistory is greater than 0 so it enforces
not reusing passwords.
> (2) Create a uid and set it's pwdPolicySubentry to the above password policy.
> (3) Create a connection and bind to it using the "uid=admin,ou=system" user, and then
modify password for the above uid. You will get this error:
>     error: invalid reuse of password present in password history

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message