I've run into an issue with either Apache DS or the Apache LDAP API, or both.
Here's the scenario. I have a user whose password is expired. I want to force the user to change their password. However, I can't distinguish between a case where the user knows the password and where the user doesn't. I always get a PasswordException with passwordPolicyError=PasswordPolicyErrorEnum.PASSWORD_EXPIRED and resultCode = ResultCodeEnum.INVALID_CREDENTIALS. On top of that, the LdapConnectionTemplate.modifyPassword() method that takes old and new password doesn't work, because the library is attempting to bind with the users old password, and we just get the same PasswordException as above. If I use the 'asAdmin' flag, then the old password is never checked. I don't want to change the password as admin, because I have no way to validate the user knows his old password. I've tried this against both versions 1.0.0-RC1 and RC2 of the LDAP API. We're currently using ApacheDS 2.0.0-M20. I'm unsure how to proceed. Any advice would be appreciated. Mike Davis REZ-1 Software Development Manager 100 William Street | Suite 100 Wellesley, MA 02481 t: 781.263.0200 ext. 529 | e: <mailto:[email protected]> [email protected] w: <http://www.rez1.com/> www.rez1.com | f: 339-686-3078 <http://www.linkedin.com/company/rez-1> LinkedIn | <https://twitter.com/REZ1updates> Twitter
