We're encountering a problem with authenticating a user after resetting their
password. After performing a Fortress Rest /userReset on a user, subsequent
/rbacAuthN fail with the error:
FAILED calling rbacAuthN rc=1015 error message=checkPwPolicies for userId
[brian] PASSWORD HAS BEEN RESET BY LDAP_ADMIN_POOL_UID
the only way we've found to recover is to manually delete the pwdReset value on
the user entry uid=brian,ou=People,${suffix}.
Reading the code in
org.apache.directory.fortress.core.impl.UserDAO.resetUserPassword(User) we see
mods.add( new DefaultModification(
ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_RESET, "TRUE" ) );
But we're unable to find any Fortress code that ever does something like
mods.add( new DefaultModification(
ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_RESET, "FALSE" ) );
or deletes the pwdReset value.
How should the password reset use case work? Is it expected that the
application using Fortress delete pwdReset or set the value to false?
**Environment**
Fortress 2.0.0-RC2
ApacheDS 2.0.0-M23
Windows 10
Brian Brooks
Sr Software Engineer
[email protected]
Office: +1 678 252 4498
2205 Northmont Pkwy, STE 100
Duluth, GA 30096
