[
https://issues.apache.org/jira/browse/DIRSERVER-2347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17345616#comment-17345616
]
Emmanuel Lécharny commented on DIRSERVER-2347:
----------------------------------------------
Side note: ApacheDS does not feed the genPassword field at all, which means
it's always empty. Now, RFC 3602 stipulates:
{noformat}
2.2. Password Modify Response
A Password Modify response is an ExtendedResponse where the
responseName field is absent and the response field is optional. The
response field, if present, SHALL contain a PasswdModifyResponseValue
with genPasswd field present.
The genPasswd field, if present, SHALL contain a generated password
for the user.
{noformat}
I think at this point we should not generate the response value when genPasswd
is null or empty.
> Incorrect Password Modify response (extended response)
> ------------------------------------------------------
>
> Key: DIRSERVER-2347
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2347
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: asn1, changepw
> Affects Versions: 2.0.0.AM26
> Reporter: Oleksandr Andreiev
> Priority: Major
> Attachments: 2021-05-14_09-00.png
>
>
> Hello,
> I'm using ApacheDS as LDAP Server along with Linux PAM.
> When I try to change user's password via `passwd` ApacheDS actually changes
> it, but sends some extra bytes with ExtendedResp packet. Because these bytes
> an extra `pam_ldap` library cannot parse it and generates an decoding error.
> The same issue is described here:
> [https://lists.arthurdejong.org/nss-pam-ldapd-users/2019/msg00030.html]
> Is there a way to handle it or probably some workaround?
> Regards,
> Oleksandr
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
