[
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14390093#comment-14390093
]
Kiran Ayyagari commented on DIRSERVER-2051:
-------------------------------------------
[~dpaulsen] Do you see any security implication if the error message provides
the reason "password expired" in the
error message?
I don't see any and IMO, it is informative to users without requiring to decode
the passwordpolicy response control.
Also, note that the detail about why the login was unsuccessful is already
present in the ppolicy response control
present in BindResponse.
> Getting Password Expired Instead of Invalid Credentials
> -------------------------------------------------------
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
> Issue Type: Bug
> Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229
> Cannot authenticate user
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword
> expired
> I would think we should get the invalid credentials error in that case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
