[
https://issues.apache.org/jira/browse/DIRSERVER-1928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lucas theisen resolved DIRSERVER-1928.
--------------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0-M16
Revision 1561139
> PasswordPolicy should be ignored from Admin session
> ---------------------------------------------------
>
> Key: DIRSERVER-1928
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1928
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core-integ
> Affects Versions: 2.0.0-M15, 2.0.0-M16
> Reporter: lucas theisen
> Priority: Critical
> Fix For: 2.0.0-M16
>
> Attachments: DIRSERVER-1928.patch
>
>
> While not explicitly stated in either the RFC for password policy
> (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10), an
> authenticated session with admin privileges should avoid password policy
> checks. For example, a user might change his password and forget it soon
> thereafter. At which point he would contact an administrator and ask to have
> it reset again. If an ads-pwdMinAge is set longer than the elapsed time,
> even the administrator is unable to fix the problem (short of modifying the
> pwdChangedTime by hand before making the request). Other LDAP
> implementations like Active Directory do this, and operating systems like
> windows and unix do this... Would it not make sense to do the same here?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
