directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: Fortress Rest 2.0.0-RC2 and ApacheDS 2.0.0-M23 - Password Reset Use Case - Missing pwdReset Delete or Set to FALSE? - calling rbacAuthN rc=1015 error message=checkPwPolicies for userId [brian] PASSWORD HAS BEEN RESET BY LDAP_ADMIN_POOL_UID
Date Wed, 14 Jun 2017 16:21:17 GMT

> On Jun 14, 2017, at 9:16 AM, Shawn McKinney <smckinney@apache.org> wrote:
> 
> In either case during authentication of account, if pwdreset is true you’ll get the
error you’re receiving which is working as designed.
> 
> So far so good.  The way it is ‘supposed’ to work, is then the user connects to a
process that allows them to change the password from the value applied during reset to a new
one, that only they know.  Afterwards the pwdreset flag should be removed and the latest password
applied.
> 
> Running through this scenario with apacheds doesn’t work.  The password gets changed,
but the pwdreset is still set.

to be clear, the normal scenario is….

1. administrator resets user’s password using the resetPassword api
2. admin sends new password to user
3. user connects to a page that calls the changePassword api where they enter the old password,
supplied by admin, and the new password.
4. afterwards user logs on normally using either authenticate or createSession, using the
new password.

If you just want to change the password, and not leave it in reset state, you should call
the updateUser api.

Let me know if you have any questions.
Mime
View raw message