[
https://issues.apache.org/jira/browse/DIRAPI-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny resolved DIRAPI-296.
--------------------------------------
Resolution: Invalid
It's clearly not an API issue : the API does not enforce the password policy,
the server does. We don't know which server is used, so if it's not teh Apache
Directory Server, it's not our issue, and otherwise, an issue should be opened
on Apache Directory Server.
> Password reset does not respect password history policy
> -------------------------------------------------------
>
> Key: DIRAPI-296
> URL: https://issues.apache.org/jira/browse/DIRAPI-296
> Project: Directory Client API
> Issue Type: Bug
> Reporter: Srinivasan A
> Labels: security
>
> I'm using ldap connection template to allow the user to reset/change the
> password. My password policy allows has a password history attribute value of
> 5. So user will not be able to use previous 5 passwords.
> When I'm using the modifyPassword method for changing the password(i.e. as a
> user by passing current and new password), it respects the password history
> policy. i.e I'm not allowed to use any of the previous 5 passwords. But when
> using the reset option(i.e. - only new password), it does not honor the
> password policy. It takes any value(including current one).
> How to make the reset password scenario honor the password history policy?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
