I'm trying to use LDAP for Jetspeed authentication. I was trying to
figure out why I was getting errors when I tried to change a user's
password (or set a new user's password), and I ran into the following
function, which starts at line 176 of LdapUserCredentialDaoImpl.java:
private void setPassword(final String userDn, final String
password) throws NamingException
{
logger.debug("setPassword userDn = " + userDn);
String rdn = getSubcontextName(userDn);
if (!StringUtils.isEmpty(getUserFilterBase()))
rdn+="," + getUserFilterBase();
logger.debug("setPassword rdn = " + rdn);
Attributes attrs = new BasicAttributes(false);
attrs.put(getUserPasswordAttribute(), password);
ctx.modifyAttributes(rdn, DirContext.REPLACE_ATTRIBUTE, attrs);
}
I'm not 100% sure what's going on, but it seems like userDn must be a
fully-qualified entry name (e.g. "cn=joe,ou=People,ou=OrgUnit1"); if
I cause userDn to be a simple entry name (e.g. "joe"), it produces an
invalid path ("joe,ou=People,ou=OrgUnit1"; notice that the "cn="
prefix is missing). However, in its current state, the code seems to
cause the path to be appended a second time (e.g.
"cn=joe,ou=People,ou=OrgUnit1,ou=People,ou=Orgunit1"). As a result,
when it tries to find the entry to change the password, it can't find
the entry.
If I comment out lines 180 and 181, i.e.:
//if (!StringUtils.isEmpty(getUserFilterBase()))
// rdn+="," + getUserFilterBase();
Everything seems to work. However, I'm not sure if I'm breaking
anything else by doing that. As far as I can tell, the code is only
used in three portlets ("User Registration", "Change Password", and
"User Detail Information"), and they all seem to be working correctly.
Am I missing something? Does anyone have an example of a working
Jetspeed installation that uses LDAP and didn't require changes to
the Java code? Did I miss something in security-spi-ldap.xml?
--
Lincoln Peters
Blue Sunrise Software
<[EMAIL PROTECTED]>
