[jira] [Updated] (DIRSERVER-1734) ads-certificatePassword syntax far too restrictive for actual passwords

Thu, 02 May 2013 04:48:18 -0700 

     [ 
https://issues.apache.org/jira/browse/DIRSERVER-1734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-1734:
-----------------------------------------

    Fix Version/s:     (was: 2.0.0-RC1)
                   2.0.0-M8
    
> ads-certificatePassword syntax far too restrictive for actual passwords
> -----------------------------------------------------------------------
>
>                 Key: DIRSERVER-1734
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1734
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M7
>         Environment: CP/M-86 Java 7 on PDP-11
>            Reporter: Sean Kelly
>            Assignee: Emmanuel Lecharny
>             Fix For: 2.0.0-M8
>
>
> The password for my keystore happens to be "ec7!J>;;x".
> However, specifying that value in my config.ldif as 
> {{ads-certificatePassword: ec7!J>;;x}} results in a startup failure:
> {noformat}
> [18:08:12] WARN [org.apache.directory.shared.ldap.model.entry.DefaultEntry] - 
> The attribute 'ads-certificatepassword' cannot be stored
> org.apache.directory.shared.ldap.model.exception.LdapOtherException: 
> ERR_04447_CANNOT_NORMALIZE_VALUE Cannot normalize the wrapped value 
> ERR_04473_NOT_VALID_VALUE Not a valid value 'ec7!J>;;x' for the AttributeType 
> 'ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.309
>  NAME 'ads-certificatePassword'
>  DESC The certificate passord
>  EQUALITY caseExactMatch
>  ORDERING caseExactOrderingMatch
>  SUBSTR caseExactSubstringsMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
>  SINGLE-VALUE
>  USAGE userApplications
>  )
> '
>       at 
> org.apache.directory.server.core.api.partition.AbstractPartition.initialize(AbstractPartition.java:77)
>       at 
> org.apache.directory.server.ApacheDsService.initConfigPartition(ApacheDsService.java:284)
>       at 
> org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:166)
>       at org.apache.directory.server.UberjarMain.main(UberjarMain.java:58)
> {noformat}
> Apparently the {{ads-certificatePassword}} property's syntax is 
> 1.3.6.1.4.1.1466.115.121.1.44, which, sadly, is far too restrictive for 
> actual in-use passwords.
> I recommend changing the syntax to something a bit more permissive.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to