directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Brooks (US)" <Brian.Bro...@datapath.com>
Subject Fortress Rest 2.0.0-RC2 and ApacheDS 2.0.0-M23 - Password Reset Use Case - Missing pwdReset Delete or Set to FALSE? - calling rbacAuthN rc=1015 error message=checkPwPolicies for userId [brian] PASSWORD HAS BEEN RESET BY LDAP_ADMIN_POOL_UID
Date Wed, 14 Jun 2017 13:58:13 GMT
We're encountering a problem with authenticating a user after resetting their password.  After
performing a Fortress Rest /userReset on a user, subsequent /rbacAuthN fail with the error:

FAILED calling rbacAuthN rc=1015 error message=checkPwPolicies for userId [brian] PASSWORD
HAS BEEN RESET BY LDAP_ADMIN_POOL_UID

the only way we've found to recover is to manually delete the pwdReset value on the user entry
uid=brian,ou=People,${suffix}.

Reading the code in org.apache.directory.fortress.core.impl.UserDAO.resetUserPassword(User)
we see

       mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_RESET,
"TRUE" ) );

But we're unable to find any Fortress code that ever does something like

       mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_RESET,
"FALSE" ) );

or deletes the pwdReset value.

How should the password reset use case work?  Is it expected that the application using Fortress
delete pwdReset or set the value to false?

**Environment**
Fortress 2.0.0-RC2
ApacheDS 2.0.0-M23
Windows 10

Brian Brooks
Sr Software Engineer
brian.brooks@datapath.com
Office: +1 678 252 4498
2205 Northmont Pkwy, STE 100
Duluth, GA 30096

Mime
View raw message