lucas theisen created DIRSERVER-1928:
----------------------------------------
Summary: PasswordPolicy should be ignored from Admin session
Key: DIRSERVER-1928
URL: https://issues.apache.org/jira/browse/DIRSERVER-1928
Project: Directory ApacheDS
Issue Type: Bug
Components: core-integ
Affects Versions: 2.0.0-M15, 2.0.0-M16
Reporter: lucas theisen
Priority: Critical
While not explicitly stated in either the RFC for password policy
(http://tools.ietf.org/html/draft-behera-ldap-password-policy-10), an
authenticated session with admin privileges should avoid password policy
checks. For example, a user might change his password and forget it soon
thereafter. At which point he would contact an administrator and ask to have
it reset again. If an ads-pwdMinAge is set longer than the elapsed time, even
the administrator is unable to fix the problem (short of modifying the
pwdChangedTime by hand before making the request). Other LDAP implementations
like Active Directory do this, and operating systems like windows and unix do
this... Would it not make sense to do the same here?
--
This message was sent by Atlassian JIRA
(v6.1#6144)
