[
https://issues.apache.org/jira/browse/DIRSERVER-1932?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lucas theisen updated DIRSERVER-1932:
-------------------------------------
Attachment: DIRSERVER-1932.patch
The attached patch includes an additional unit test demonstrating the problem
and a proposed fix. However, in implementing that fix, it seems like there may
be room for improvement...
> Password policy pwdMinAge check should check for required reset
> ---------------------------------------------------------------
>
> Key: DIRSERVER-1932
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1932
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0-M15, 2.0.0-M16
> Reporter: lucas theisen
> Attachments: DIRSERVER-1932.patch
>
>
> According to the rfc
> (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.8):
> 7.8 Password Too Young Check
> If the Section 7.2 check returned true then this check will return
> false, to allow the password to be changed.
> ...
> 7.2 Password Must be Changed Now Check</b>
> A status of true is returned to indicate that the password must be
> changed if all of these conditions are met:
> o The pwdMustChange attribute is set to TRUE.
> o The pwdReset attribute is set to TRUE.
> Otherwise a status of false is returned.
> Therefore, if the admin sets the password, the user should be allowed
> to change it even if pwdMinAge has not expired.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
