[
https://issues.apache.org/jira/browse/DIRSERVER-2210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16175401#comment-16175401
]
Warren Rogers edited comment on DIRSERVER-2210 at 9/21/17 8:27 PM:
-------------------------------------------------------------------
Within AuthintacationINterceptor, line 1552, the check is:
*
{code:java}
if ( policyConfig.isPwdMustChange() && userSession.isPwdMustChange() )
{
return false;
}
{code}
userSession.isPwdMustChange seems to be the wrong object to ask for, because
we should be looking for pwdReset. PwdMustChange is a policy attribute and not
a user attribute and this does not appear to be set anywhere for the
isPwdTooYoung method to use. So, it's null, which means this method will never
return false for pwdReset: TRUE.
Maybe I don't quite understand all the code but I'd believe that needs to be
userEntry.get( pwdResetAT ) instead:
{code:java}
if ( policyConfig.isPwdMustChange() && userEntry.get( pwdResetAT ) )
{
return false;
}
{code}
was (Author: [email protected]):
Within AuthintacationINterceptor, line 1552, the check is:
*
{code:java}
if ( policyConfig.isPwdMustChange() && userSession.isPwdMustChange() )
{
return false;
}
{code}
userSession.isPwdMustChange seems to be the wrong object to ask for, because
we should be looking for pwdReset. PwdMustChange is a policy attribute and not
a user attribute and this does not appear to be set anywhere for the
isPwdTooYoung method to use. So, it's null, which means this method will never
return false for pwdReset: TRUE.
> Password policy pwdMinAge check should check for required reset
> ---------------------------------------------------------------
>
> Key: DIRSERVER-2210
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2210
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Reporter: Warren Rogers
>
> This JIRA is for a regression of DIRSERVER-1932.
> The test given in the previous JIRA has recently been changed so that the min
> age is 1 second, so if the test takes 1.1 seconds, it will pass. The
> previous age was 5 seconds. I would figure this should be even greater to
> make sure the test process finishes each step. I would suggest 30 seconds to
> probably several minutes.
> We are having issues when an admin resets a user's password, they cannot
> reset their password because pwMinAge is 24 hours and the password change is
> rejected because the password is too young.
> I'm still scanning the source code for the specific area causing the issue,
> if I find it, I'll submit a patch (or merge request). But thought I'd at
> least get this issue back on the radar.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
