Hi api @directory.apache.org, When using Apache Directory API to send out a ModifyPassword request to a non-Apache LDAP server, I stumbled upon an issue when processing the response of the request.
The specification ( https://tools.ietf.org/html/rfc3062#section-2.2 ; RFC 3062 section 2.2), states " Password Modify response is an ExtendedResponse where the responseName field is absent and the response field is optional." But PasswordModifyFactory#decorate() instead assumes there will always be a response field. I was able to override PasswordModifyFactory and implement a fix by changing the decorate() method in the subclass, but I think it's actually a bug in the library, so I'd like to propose to change it in Apache Directory API instead. The change in PasswordModifyFactory.java is minimal: Line 133, from byte[] value = response.getResponseValue(); ByteBuffer buffer = ByteBuffer.wrap( value ); to byte[] value = response.getResponseValue(); if (value == null) { value = new byte[0]; } ByteBuffer buffer = ByteBuffer.wrap(value); and line 143, from pwdModifyResponse = container.getPwdModifyResponse(); to pwdModifyResponse = container.getPwdModifyResponse(); if (pwdModifyResponse == null) { pwdModifyResponse = new PasswordModifyResponseImpl(decoratedResponse.getMessageId()); } This will allow empty response field values. Can any of you experts take a look and confirm? Thanks! -- Regards, Mark Dobrinic Software Engineer and Identity Specialist Twobo Technologies AB mark.dobri...@twobotechnologies.com www.twobotechnologies.com