[
https://issues.apache.org/jira/browse/DIRSERVER-1955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13890545#comment-13890545
]
Lukas Slebodnik commented on DIRSERVER-1955:
--------------------------------------------
- run apacheds
- add user
- enable password policy
- install openldap-clients <=2.4.38
- run following command:
ldapwhoami -d7 -D "cn=William Bush,ou=people,dc=example,dc=com" -w wbPassword
-H
ldap://localhost:10389 -e ppolicy
Result:
ldapwhoami will crash(sigsegv), because it did not expect malformed response.
It is fixed in openldap 2.4.39.
In my opinion, integration test is not necessary because unit test cover this
use case.
> Directory Apacheds sends wrong empty response for password policy request
> -------------------------------------------------------------------------
>
> Key: DIRSERVER-1955
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1955
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M15
> Reporter: Lukas Slebodnik
> Attachments:
> 0001-Fix-sending-empty-response-for-password-policy-reque.patch
>
>
> According to ldap password policy draft
> (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-6.2)
> Response Control should contain controlType (1.3.6.1.4.1.42.2.27.8.5.1) and
> the controlValue and the BER encoding of the following type:
> PasswordPolicyResponseValue ::= SEQUENCE {
> warning [0] CHOICE {
> timeBeforeExpiration [0] INTEGER (0 .. maxInt),
> graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
> error [1] ENUMERATED {
> passwordExpired (0),
> accountLocked (1),
> changeAfterReset (2),
> passwordModNotAllowed (3),
> mustSupplyOldPassword (4),
> insufficientPasswordQuality (5),
> passwordTooShort (6),
> passwordTooYoung (7),
> passwordInHistory (8) } OPTIONAL }
> Empty response should also contain BER encoding of empty sequence.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
