[ https://issues.apache.org/jira/browse/DIRSERVER-2202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16094743#comment-16094743 ]
Hal Deadman edited comment on DIRSERVER-2202 at 7/20/17 2:16 PM: ----------------------------------------------------------------- Using the ApacheDS api the way I am below, it seems to be respecting the policy (and not resetting the pwdHistory), although I don't think it is using the RFC 3062 method where the old and new password are used to remove old password and add new (vs replace existing password). I am connecting as the user changing the password so that accomplishes the same thing (and server password policy seems to get enforced, although I have to inspect the response object to find out that the password change failed due to constraint violation). I am probably done with this for the time being b/c I have other things to do so I probably won't be trying out the PasswordPolicyControl, but thanks. {code:java} Dn userDn = new Dn(userDnStr); byte[] newPassword = newPasswordStr.getBytes( Charset.forName( "UTF-8" )); LdapConnection userConnection = null; try { logger.info("Changing password for {} at {}:{}",userDnStr,ldapHost,ldapPort); userConnection = new LdapNetworkConnection( ldapHost, ldapPort); userConnection.bind( userDn.toString(), oldPassword ); ModifyRequest modifyRequest = new ModifyRequestImpl(); modifyRequest.setName( userDn ); modifyRequest.replace( "userPassword", newPassword ); ModifyResponse response = userConnection.modify( modifyRequest ); return response; } finally { userConnection.close(); } {code} was (Author: hdeadman): Using the ApacheDS api the way I am below, it seems to be respecting the policy (and not resetting the pwdHistory), although I don't think it is using the RFC 3062 method where the old and new password are used to remove old password and add new (vs replace existing password). I am connecting as the user changing the password so that accomplishes the same thing (and server password policy seems to get enforced, although I have to inspect the response object to find out that the password change failed due to constraint violation). I am probably done with this for the time being b/c I have other things to do so I probably won't be trying out the PasswordPolicyControl, but thanks. {code:java} Dn userDn = new Dn(userDnStr); byte[] newPassword = newPasswordStr.getBytes( Charset.forName( "UTF-8" )); LdapConnection userConnection = null; try { logger.info("Changing password for {} at {}:{}",userDnStr,ldapHost,ldapPort); userConnection = new LdapNetworkConnection( ldapHost, ldapPort); userConnection.bind( userDn.toString(), oldPassword ); ModifyRequest modifyRequest = new ModifyRequestImpl(); modifyRequest.setName( userDn ); modifyRequest.replace( "userPassword", newPassword ); ModifyResponse response = userConnection.modify( modifyRequest ); return response; } finally { userConnection.close(); } {code} > pwdHistory not getting maintained when doing modify password with ldaptive > client > --------------------------------------------------------------------------------- > > Key: DIRSERVER-2202 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2202 > Project: Directory ApacheDS > Issue Type: Bug > Affects Versions: 2.0.0-M23 > Environment: windows, ldaptive latest, java 8 > Reporter: Hal Deadman > > If I connect as a non admin user and modify my own password with directory > studio, a new pwdHistory is added. > If I modify the password programatically, using the old/new password > modifyPassword extended operation that should respect history, it is deleting > all my history (and leaving a single pwdHistory entry). The code looks like > this: > {noformat} > // connecting as user that is trying to change their password > org.ldaptive.Credential cred = new > org.ldaptive.Credential(oldPassword); > org.ldaptive.BindConnectionInitializer bindConnectionInit = new > org.ldaptive.BindConnectionInitializer(userDn,cred); > org.ldaptive.ConnectionConfig connectionConfig = new > org.ldaptive.ConnectionConfig(ldapUrl); > connectionConfig.setUseStartTLS(false); > connectionConfig.setConnectionInitializer(bindConnectionInit); > DefaultConnectionFactory userLdapConnectionFactory = new > DefaultConnectionFactory(connectionConfig); > try (Connection conn = > userLdapConnectionFactory.getConnection()) { > conn.open(); > PasswordModifyOperation modify = new > PasswordModifyOperation(conn); > Response<Credential> response = modify.execute(new > PasswordModifyRequest(userDn, new Credential(oldPassword), new > Credential(plaintextPassword))); > } > {noformat} > Isn't the pwdHistory being maintained by the server? Why does a different > client determine whether pwdHistory entries are added or not? (In this case > they are not only not added but multiple entries are replaced by a single > one). > Ldaptive doesn't implement ldap protocol, in this case it is using JNDI as > the provider of ldap protocol. -- This message was sent by Atlassian JIRA (v6.4.14#64029)