[
https://issues.apache.org/jira/browse/DIRSERVER-2366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny updated DIRSERVER-2366:
-----------------------------------------
Description:
After upgrading to ApacheDS 2.0.0-M26 from ApacheDS2.0.0-M17, this attribute
"ads-pwdMustChange: TRUE" behaves differently in 2.0.0-M26. We have a password
policy to change the password on the first time login.
Before upgrade, we're able to change the password on the first time login to
our application using the older version of ApacheDS 2.0.0-M17.
With the new version ApacheDS2.0.0-M26, the LDAP search result returns an error
"Insufficient_Access_Rights".
Any idea what could be the problem here?
{noformat}
[MessageType : SEARCH_RESULT_DONE
Message ID : 2
Search Result Done
Ldap Result
Result code : (INSUFFICIENT_ACCESS_RIGHTS) insufficientAccessRights
Matched Dn : ''
Diagnostic message : 'INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType :
SEARCH_REQUEST
Message ID : 2
SearchRequest
baseDn : 'uid=admin,ou=Users,ou=Management,ou=Foo,dc=Local,dc=Site,o=Company'
filter : '(objectClass=*)'
scope : base object
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@a3ef3537:
password needs to be reset before performing this operation:
org.apache.directory.api.ldap.model.exception.LdapNoPermissionException:
password needs to be reset before performing this operation
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1716)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.search(AuthenticationInterceptor.java:1388)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:596)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.search(NormalizationInterceptor.java:414)
at
org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1831)
at
org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1219)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:797)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1147)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1245)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:211)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:94)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:209)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:57)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:224)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1015)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:106)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:89)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:541)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:493)
at java.base/java.lang.Thread.run(Thread.java:834)
{noformat}
was:
After upgrading to ApacheDS 2.0.0-M26 from ApacheDS2.0.0-M17, this attribute
"ads-pwdMustChange: TRUE" behaves differently in 2.0.0-M26. We have a password
policy to change the password on the first time login.
Before upgrade, we're able to change the password on the first time login to
our application using the older version of ApacheDS 2.0.0-M17.
With the new version ApacheDS2.0.0-M26, the LDAP search result returns an error
"Insufficient_Access_Rights".
Any idea what could be the problem here?
[MessageType : SEARCH_RESULT_DONE
Message ID : 2
Search Result Done
Ldap Result
Result code : (INSUFFICIENT_ACCESS_RIGHTS) insufficientAccessRights
Matched Dn : ''
Diagnostic message : 'INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType :
SEARCH_REQUEST
Message ID : 2
SearchRequest
baseDn : 'uid=admin,ou=Users,ou=Management,ou=Foo,dc=Local,dc=Site,o=Company'
filter : '(objectClass=*)'
scope : base object
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : '*'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@a3ef3537:
password needs to be reset before performing this operation:
org.apache.directory.api.ldap.model.exception.LdapNoPermissionException:
password needs to be reset before performing this operation
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1716)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.search(AuthenticationInterceptor.java:1388)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:596)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.search(NormalizationInterceptor.java:414)
at
org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1831)
at
org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1219)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:797)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1147)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1245)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:211)
at
org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:94)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:209)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:57)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:224)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1015)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:106)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:89)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:541)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:493)
at java.base/java.lang.Thread.run(Thread.java:834)
> "ads-pwdMustChange: TRUE" returns INSUFFICIENT_ACCESS_RIGHTS using ApacheDS
> 2.0.0-M26
> -------------------------------------------------------------------------------------
>
> Key: DIRSERVER-2366
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2366
> Project: Directory ApacheDS
> Issue Type: Bug
> Reporter: Michael
> Priority: Major
>
> After upgrading to ApacheDS 2.0.0-M26 from ApacheDS2.0.0-M17, this attribute
> "ads-pwdMustChange: TRUE" behaves differently in 2.0.0-M26. We have a
> password policy to change the password on the first time login.
> Before upgrade, we're able to change the password on the first time login to
> our application using the older version of ApacheDS 2.0.0-M17.
> With the new version ApacheDS2.0.0-M26, the LDAP search result returns an
> error "Insufficient_Access_Rights".
> Any idea what could be the problem here?
> {noformat}
> [MessageType : SEARCH_RESULT_DONE
> Message ID : 2
> Search Result Done
> Ldap Result
> Result code : (INSUFFICIENT_ACCESS_RIGHTS) insufficientAccessRights
> Matched Dn : ''
> Diagnostic message : 'INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType :
> SEARCH_REQUEST
> Message ID : 2
> SearchRequest
> baseDn : 'uid=admin,ou=Users,ou=Management,ou=Foo,dc=Local,dc=Site,o=Company'
> filter : '(objectClass=*)'
> scope : base object
> typesOnly : false
> Size Limit : no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : '*'
> org.apache.directory.api.ldap.model.message.SearchRequestImpl@a3ef3537:
> password needs to be reset before performing this operation:
> org.apache.directory.api.ldap.model.exception.LdapNoPermissionException:
> password needs to be reset before performing this operation
> at
> org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1716)
> at
> org.apache.directory.server.core.authn.AuthenticationInterceptor.search(AuthenticationInterceptor.java:1388)
> at
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:596)
> at
> org.apache.directory.server.core.normalization.NormalizationInterceptor.search(NormalizationInterceptor.java:414)
> at
> org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1831)
> at
> org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1219)
> at
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:797)
> at
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1147)
> at
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1245)
> at
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:211)
> at
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:94)
> at
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:209)
> at
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:57)
> at
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243)
> at
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:224)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1015)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
> at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:106)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:89)
> at
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:541)
> at
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:493)
> at java.base/java.lang.Thread.run(Thread.java:834)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
