[jira] [Commented] (DIRSERVER-1726) DefaultPasswordValidator always throws PasswordPolicyException when consecutive non-letter chars are in RDN

Oldrich Novak (JIRA) Mon, 20 Aug 2012 02:57:50 -0700

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13437767#comment-13437767
 ]


Oldrich Novak commented on DIRSERVER-1726:
------------------------------------------

Hi 
I investigated a found the reason. Split method will return empty string if 
there are 2 non letter characters in user name. For example [email protected]. 
This empty string always matched the password.
Please fix DefaultPasswordValidator.java method checkUsernameSubstring( String 
password, String username ). 
Replace : if ( password.matches( "(?i).*" + tokens[ii] + ".*" ) )
For : if (tokens[ii].length()>=3 && password.matches( "(?i).*" + tokens[ii] + 
".*" ) )
Author in the method notation describes that tokens should be ignored if they 
have less then 3 characters, but it is not done anywhere in the code.
Thank You
                
> DefaultPasswordValidator always throws PasswordPolicyException when 
> consecutive non-letter chars are in RDN
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1726
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1726
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M6
>            Reporter: Richard Lowden
>
> When adding an entry with a userPassword attribute and the entry RDN contains 
> two non-letter characters in a row (such as [email protected]) then a 
> CONSTRAINT_VIOLATION error is always received with the message "Password 
> shouldn't contain parts of the username" regardless of what password you 
> enter.
> If you remove the "1" character or the "@" character then the entry will be 
> created successfully
> Believe the issue is caused by the regex expressions used within 
> org.apache.directory.server.core.authn.ppolicy.DefaultPasswordValidator, as 
> the String array of tokens will contain an empty string when two non-letter 
> chars are together ("1@" in this case).
> Full error message is:
> Error while creating entry
>  - [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : 
> ADD_REQUES
>   javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 
> - CONSTRAINT_VIOLATION: failed for MessageType : ADD_REQUEST
> Message ID : 240
>     Add Request :
> Entry
>     dn[n]: [email protected],o=unitTest
>     objectClass: inetOrgPerson
>     objectClass: organizationalPerson
>     objectClass: person
>     objectClass: top
>     sn: Smith
>     userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 0x31 '
>     cn: [email protected]
> : Password shouldn't contain parts of the username]; remaining name 
> '[email protected],o=unitTest'
>       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
>       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
>       at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
>       at 
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown 
> Source)
>       at 
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown 
> Source)
>       at 
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$4.run(JNDIConnectionWrapper.java:658)
>       at 
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
>       at 
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.checkConnectionAndRunAndMonitor(JNDIConnectionWrapper.java:1203)
>       at 
> org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.createEntry(JNDIConnectionWrapper.java:704)
>       at 
> org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.createEntry(CreateEntryRunnable.java:226)
>       at 
> org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.run(CreateEntryRunnable.java:117)
>       at 
> org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:113)
>       at 
> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>   [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : 
> ADD_REQUEST
> Message ID : 240
>     Add Request :
> Entry
>     dn[n]: [email protected],o=unitTest
>     objectClass: inetOrgPerson
>     objectClass: organizationalPerson
>     objectClass: person
>     objectClass: top
>     sn: Smith
>     userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 0x31 '
>     cn: [email protected]
> : Password shouldn't contain parts of the username]

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (DIRSERVER-1726) DefaultPasswordValidator always throws PasswordPolicyException when consecutive non-letter chars are in RDN

Reply via email to