Ah that makes sense but its strange. What about none ASCII chars ? How to treat UTF-8 special chars. Arent't they allowed
in LDAP ? Thank u so much Am 10.10.2016 um 18:12 schrieb Shawn McKinney: On Oct 10, 2016, at 10:09 AM, Patrick Brunmayr <[email protected]><mailto:[email protected]> wrote: Tried this <FortRequest> <contextId>HOME</contextId> <entity xsi:type="user" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";<http://www.w3.org/2001/XMLSchema-instance>> <userId>test</userId> <password>112</password> <password>97</password> <password>115</password> <password>115</password> <password>119</password> <password>111</password> <password>114</password> <password>100</password> </entity> </FortRequest> Session is created successfully. Why ? None of these passwords do match or are valid ? What am i missing ? short answer is this is an array of char’s decimal values: <password>112</password><password>97</password><password>115</password><password>115</password><password>119</password><password>111</password><password>114</password><password>100</password> <password>112</password> = ‘p’ <password>97</password> = ‘a’ <password>115</password> = ’s’ <password>115</password> = ’s’ <password>119</password> = ‘w’ <password>111</password> = ‘o’ <password>114</password> = ‘r’ <password>100</password> = ‘d’ longer answer is this kind of sucks for clients. I could talk about the ‘why’ (related to a perceived security risk for Strings) but it’s not really a good use of our time here & now. I am about 95% convinced the user entity password data type needs to revert back to using a String instead of char[]. That would certainly make services like this more palatable. I would like to hear input from others on this topic. Shawn -- Patrick Brunmayr LINZ AG TELEKOM Infrastruktur & Netzwerktechnik Internet Services Die LINZ AG TELEKOM ist ein Geschäftsbereich der LINZ STROM GmbH für Energieerzeugung, -handel, -dienstleistungen und Telekommunikation. 4021 Linz, Wiener Straße 151, Austria Tel.: +43(0)732/3400-5639 Fax: +43(0)732/3400-155639 E-Mail: [email protected]<mailto:[email protected]> Internet: www.linzag-telekom.at<http://www.linzag-telekom.at> FN 199533 g des Landesgerichtes Linz Zertifiziert nach: EN ISO 9001 Qualitätsmanagement (QM) OHSAS 18001 Arbeitsschutzmanagementsystem ISO/IEC 27001 Informationssicherheits-Managementsystem (ISMS) LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: [email protected]
