[
https://issues.apache.org/jira/browse/DIRSERVER-2202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16094743#comment-16094743
]
Hal Deadman edited comment on DIRSERVER-2202 at 7/20/17 2:16 PM:
-----------------------------------------------------------------
Using the ApacheDS api the way I am below, it seems to be respecting the policy
(and not resetting the pwdHistory), although I don't think it is using the RFC
3062 method where the old and new password are used to remove old password and
add new (vs replace existing password). I am connecting as the user changing
the password so that accomplishes the same thing (and server password policy
seems to get enforced, although I have to inspect the response object to find
out that the password change failed due to constraint violation). I am probably
done with this for the time being b/c I have other things to do so I probably
won't be trying out the PasswordPolicyControl, but thanks.
{code:java}
Dn userDn = new Dn(userDnStr);
byte[] newPassword = newPasswordStr.getBytes( Charset.forName(
"UTF-8" ));
LdapConnection userConnection = null;
try {
logger.info("Changing password for {} at
{}:{}",userDnStr,ldapHost,ldapPort);
userConnection = new LdapNetworkConnection( ldapHost,
ldapPort);
userConnection.bind( userDn.toString(), oldPassword );
ModifyRequest modifyRequest = new ModifyRequestImpl();
modifyRequest.setName( userDn );
modifyRequest.replace( "userPassword", newPassword );
ModifyResponse response = userConnection.modify(
modifyRequest );
return response;
} finally {
userConnection.close();
}
{code}
was (Author: hdeadman):
Using the ApacheDS api the way I am below, it seems to be respecting the policy
(and not resetting the pwdHistory), although I don't think it is using the RFC
3062 method where the old and new password are used to remove old password and
add new (vs replace existing password). I am connecting as the user changing
the password so that accomplishes the same thing (and server password policy
seems to get enforced, although I have to inspect the response object to find
out that the password change failed due to constraint violation). I am probably
done with this for the time being b/c I have other things to do so I probably
won't be trying out the PasswordPolicyControl, but thanks.
{code:java}
Dn userDn = new Dn(userDnStr);
byte[] newPassword = newPasswordStr.getBytes( Charset.forName(
"UTF-8" ));
LdapConnection userConnection = null;
try {
logger.info("Changing password for {} at
{}:{}",userDnStr,ldapHost,ldapPort);
userConnection = new LdapNetworkConnection( ldapHost,
ldapPort);
userConnection.bind( userDn.toString(), oldPassword );
ModifyRequest modifyRequest = new ModifyRequestImpl();
modifyRequest.setName( userDn );
modifyRequest.replace( "userPassword", newPassword );
ModifyResponse response = userConnection.modify(
modifyRequest );
return response;
}
finally {
userConnection.close();
}
{code}
> pwdHistory not getting maintained when doing modify password with ldaptive
> client
> ---------------------------------------------------------------------------------
>
> Key: DIRSERVER-2202
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2202
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M23
> Environment: windows, ldaptive latest, java 8
> Reporter: Hal Deadman
>
> If I connect as a non admin user and modify my own password with directory
> studio, a new pwdHistory is added.
> If I modify the password programatically, using the old/new password
> modifyPassword extended operation that should respect history, it is deleting
> all my history (and leaving a single pwdHistory entry). The code looks like
> this:
> {noformat}
> // connecting as user that is trying to change their password
> org.ldaptive.Credential cred = new
> org.ldaptive.Credential(oldPassword);
> org.ldaptive.BindConnectionInitializer bindConnectionInit = new
> org.ldaptive.BindConnectionInitializer(userDn,cred);
> org.ldaptive.ConnectionConfig connectionConfig = new
> org.ldaptive.ConnectionConfig(ldapUrl);
> connectionConfig.setUseStartTLS(false);
> connectionConfig.setConnectionInitializer(bindConnectionInit);
> DefaultConnectionFactory userLdapConnectionFactory = new
> DefaultConnectionFactory(connectionConfig);
> try (Connection conn =
> userLdapConnectionFactory.getConnection()) {
> conn.open();
> PasswordModifyOperation modify = new
> PasswordModifyOperation(conn);
> Response<Credential> response = modify.execute(new
> PasswordModifyRequest(userDn, new Credential(oldPassword), new
> Credential(plaintextPassword)));
> }
> {noformat}
> Isn't the pwdHistory being maintained by the server? Why does a different
> client determine whether pwdHistory entries are added or not? (In this case
> they are not only not added but multiple entries are replaced by a single
> one).
> Ldaptive doesn't implement ldap protocol, in this case it is using JNDI as
> the provider of ldap protocol.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
