https://bugs.openldap.org/show_bug.cgi?id=9523
Issue ID: 9523
Summary: In OpenLDAP, the password length check counts accented
characters (UTF-8) as two characters instead of one
Product: OpenLDAP
Version: 2.4.40
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
In OpenLDAP, the password length check counts accented characters (eg. è which
has UTF-8 Encoding of 0xC3 0xA8) as two characters instead of one. As a result,
if users enter accented characters, they can create passwords that are shorter
than the minimum length specified in the password policy.
We tested it directly in Apache Directory Studio and the same result. Is this a
bug or is there any setting in LDAP which makes sure the encoding is happening
in UTF-16?
Steps to reproduce
1. Access the LDAP in Apache Directory studio
2. Have the password policy to accept more than 8 characters
3. Try to update the password for a user to "àbcdefg" (7 characters)
Expected result: Fails with the error password length should be greater than 8
Actual result: It accepts the password
--
You are receiving this mail because:
You are on the CC list for the issue.
