[jira] [Created] (DIRSERVER-1750) Change password attribute with policy throws exception and does not complete operation

Fri, 05 Oct 2012 07:32:05 -0700 

Carlo Accorsi created DIRSERVER-1750:
----------------------------------------

             Summary: Change password attribute with policy throws exception 
and does not complete operation
                 Key: DIRSERVER-1750
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1750
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: changepw
    Affects Versions: 2.0.0-M8
         Environment: Win32, Java 1.6.0_32
            Reporter: Carlo Accorsi
            Priority: Critical


Hi, we're receiving an exception when a user tries to reset their own expired 
password on a grace login.

Relevant password policy fields:
ads-maxage=600 // expire password in 5 mins
ads-passwordmustchange=TRUE // causes pwdReset=TRUE on entry when ADMIN, not 
USER changes 
ads-graceauthnlimit=5 // how many logins are permitted once password expires. 

Once the password has expired (as defined above) a subsequent bind as the user, 
will cause a pwdGraceUseTime attribute to be set with time stamp of the login. 
This works great. When the field is present, we are able to get the # of 
gracelogins that remain from the response controls.


The issue occurs when at least one pwdGraceUseTime field set and binding as 
themselves, they try to set the password. The password is set correctly 
(becasue logging in later with the new password works) however an exception 
thrown (below) while trying to remove the field pwdReset. This field is not and 
should not be there in this case as the password was only expired, it was not 
reset by an admin. The code seems to be looking to delete this field and 
probably the grace login fields afterwards but does not.  Perhaps the code to 
remove the field could check for NoSuchAttributeException and continue as if it 
were deleted.  Thanks!!

Here is the code snip. 

        ModificationItem[] mods = new ModificationItem[1];
                mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, 
new BasicAttribute("userPassword", strValue));
                        try {
                                // set control in here. 
                                ctx.setRequestControls(new Control[]{new 
PasswordPolicyRqControl()});   
                                ctx.modifyAttributes(strDn, mods);
                        } catch (InvalidAttributeValueException iae){
                            iae.printStackTrace();
                        } catch (NoSuchAttributeException nae){
                            nae.printStackTrace();
                        } 

Exception

javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 
NO_SUCH_ATTRIBUTE: failed for MessageType : MODIFY_REQUEST
Message ID : 2
    Modify Request
        Object : 'uid=1307087872588,ou=users,ou=int,o=cpro'
            Modification[0]
                Operation :  replace
                Modification
    userPassword: '0x23 0x62 0x6F 0x73 0x74 0x6F 0x6E 0x31 '
org.apache.directory.shared.ldap.model.message.modifyrequesti...@b95d19f4org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyImpl@e4d0cd
    ManageDsaITImpl Control
        Type OID    : '2.16.840.1.113730.3.4.2'
        Criticality : 'false'
'
: ERR_55 Trying to remove an non-existant attribute: ATTRIBUTE_TYPE ( 
1.3.6.1.4.1.42.2.27.8.1.22
 NAME 'pwdReset'
 DESC The indication that the password has been reset
 EQUALITY booleanMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
 SINGLE-VALUE
 USAGE directoryOperation
 )
]; remaining name 'uid=1307087872588,ou=users,ou=int,o=cpro'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3062)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
        at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
        at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
        at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
        at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
        at 
javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:148)
        at 
com.ibsamericainc.dir.DirectoryAdapterConnection.setAttribute(DirectoryAdapterConnection.java:367)
        at 
com.ibsamericainc.dir.DirectoryAdapterPassword.setUpdatePassword(DirectoryAdapterPassword.java:277)
        at 
com.ibsamericainc.dir.DirectoryAdapter.setUpdateUserPassword(DirectoryAdapter.java:248)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to