[jira] [Updated] (DIRSERVER-2366) "ads-pwdMustChange: TRUE" returns INSUFFICIENT_ACCESS_RIGHTS using ApacheDS 2.0.0-M26

Sat, 20 Aug 2022 18:58:07 -0700 


     [ 
https://issues.apache.org/jira/browse/DIRSERVER-2366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lécharny updated DIRSERVER-2366:
-----------------------------------------
    Component/s: ppolicy

> "ads-pwdMustChange: TRUE" returns INSUFFICIENT_ACCESS_RIGHTS using ApacheDS 
> 2.0.0-M26
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-2366
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2366
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ppolicy
>            Reporter: Michael
>            Priority: Major
>
> After upgrading to ApacheDS 2.0.0-M26 from ApacheDS2.0.0-M17, this attribute 
> "ads-pwdMustChange: TRUE" behaves differently in 2.0.0-M26. We have a 
> password policy to change the password on the first time login.
> Before upgrade, we're able to change the password on the first time login to 
> our application using the older version of ApacheDS 2.0.0-M17.
> With the new version ApacheDS2.0.0-M26, the LDAP search result returns an 
> error "Insufficient_Access_Rights". 
> Any idea what could be the problem here?
> {noformat}
> [MessageType : SEARCH_RESULT_DONE
> Message ID : 2
> Search Result Done
> Ldap Result
> Result code : (INSUFFICIENT_ACCESS_RIGHTS) insufficientAccessRights
> Matched Dn : ''
> Diagnostic message : 'INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : 
> SEARCH_REQUEST
> Message ID : 2
> SearchRequest
> baseDn : 'uid=admin,ou=Users,ou=Management,ou=Foo,dc=Local,dc=Site,o=Company'
> filter : '(objectClass=*)'
> scope : base object
> typesOnly : false
> Size Limit : no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : '*'
> org.apache.directory.api.ldap.model.message.SearchRequestImpl@a3ef3537: 
> password needs to be reset before performing this operation:
> org.apache.directory.api.ldap.model.exception.LdapNoPermissionException: 
> password needs to be reset before performing this operation
> at 
> org.apache.directory.server.core.authn.AuthenticationInterceptor.checkPwdReset(AuthenticationInterceptor.java:1716)
> at 
> org.apache.directory.server.core.authn.AuthenticationInterceptor.search(AuthenticationInterceptor.java:1388)
> at 
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:596)
> at 
> org.apache.directory.server.core.normalization.NormalizationInterceptor.search(NormalizationInterceptor.java:414)
> at 
> org.apache.directory.server.core.DefaultOperationManager.search(DefaultOperationManager.java:1831)
> at 
> org.apache.directory.server.core.shared.DefaultCoreSession.search(DefaultCoreSession.java:1219)
> at 
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:797)
> at 
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1147)
> at 
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1245)
> at 
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:211)
> at 
> org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:94)
> at 
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:209)
> at 
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:57)
> at 
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243)
> at 
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:224)
> at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1015)
> at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
> at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
> at 
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
> at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:106)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:89)
> at 
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:541)
> at 
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:493)
> at java.base/java.lang.Thread.run(Thread.java:834)
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

Reply via email to