[jira] [Commented] (DIRSERVER-1750) Change password attribute with policy throws exception and does not complete operation

[Carlo Accorsi (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13476500#comment-13476500
 ] 

Carlo Accorsi commented on DIRSERVER-1750:
------------------------------------------

This functionaity is working in the build we made from the trunk on Tuesday 
2012-10-09. Thanks!
                
> Change password attribute with policy throws exception and does not complete 
> operation
> --------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1750
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1750
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M8
>         Environment: Win32, Java 1.6.0_32
>            Reporter: Carlo Accorsi
>            Priority: Critical
>
> Hi, we're receiving an exception when a user tries to reset their own expired 
> password on a grace login.
> Relevant password policy fields:
> ads-maxage=600 // expire password in 5 mins
> ads-passwordmustchange=TRUE // causes pwdReset=TRUE on entry when ADMIN, not 
> USER changes 
> ads-graceauthnlimit=5 // how many logins are permitted once password expires. 
> Once the password has expired (as defined above) a subsequent bind as the 
> user, will cause a pwdGraceUseTime attribute to be set with time stamp of the 
> login. This works great. When the field is present, we are able to get the # 
> of gracelogins that remain from the response controls.
> The issue occurs when at least one pwdGraceUseTime field set and binding as 
> themselves, they try to set the password. The password is set correctly 
> (becasue logging in later with the new password works) however an exception 
> thrown (below) while trying to remove the field pwdReset. This field is not 
> and should not be there in this case as the password was only expired, it was 
> not reset by an admin. The code seems to be looking to delete this field and 
> probably the grace login fields afterwards but does not.  Perhaps the code to 
> remove the field could check for NoSuchAttributeException and continue as if 
> it were deleted.  Thanks!!
> Here is the code snip. 
>       ModificationItem[] mods = new ModificationItem[1];
>               mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, 
> new BasicAttribute("userPassword", strValue));
>                       try {
>                               // set control in here. 
>                               ctx.setRequestControls(new Control[]{new 
> PasswordPolicyRqControl()});   
>                               ctx.modifyAttributes(strDn, mods);
>                       } catch (InvalidAttributeValueException iae){
>                             iae.printStackTrace();
>                       } catch (NoSuchAttributeException nae){
>                             nae.printStackTrace();
>                       } 
> Exception
> javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 
> NO_SUCH_ATTRIBUTE: failed for MessageType : MODIFY_REQUEST
> Message ID : 2
>     Modify Request
>         Object : 'uid=1307087872588,ou=users,ou=int,o=cpro'
>             Modification[0]
>                 Operation :  replace
>                 Modification
>     userPassword: '0x23 0x62 0x6F 0x73 0x74 0x6F 0x6E 0x31 '
> org.apache.directory.shared.ldap.model.message.modifyrequesti...@b95d19f4org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyImpl@e4d0cd
>     ManageDsaITImpl Control
>         Type OID    : '2.16.840.1.113730.3.4.2'
>         Criticality : 'false'
> '
> : ERR_55 Trying to remove an non-existant attribute: ATTRIBUTE_TYPE ( 
> 1.3.6.1.4.1.42.2.27.8.1.22
>  NAME 'pwdReset'
>  DESC The indication that the password has been reset
>  EQUALITY booleanMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
>  SINGLE-VALUE
>  USAGE directoryOperation
>  )
> ]; remaining name 'uid=1307087872588,ou=users,ou=int,o=cpro'
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3062)
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
>       at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
>       at 
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
>       at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
>       at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
>       at 
> javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148)
>       at 
> com.ibsamericainc.dir.DirectoryAdapterConnection.setAttribute(DirectoryAdapterConnection.java:367)
>       at 
> com.ibsamericainc.dir.DirectoryAdapterPassword.setUpdatePassword(DirectoryAdapterPassword.java:277)
>       at 
> com.ibsamericainc.dir.DirectoryAdapter.setUpdateUserPassword(DirectoryAdapter.java:248)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>       at java.lang.reflect.Method.invoke(Method.java:597)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira