Hi, I'm currently working with a custom M11 server, the only thing
different is a custom implementation of AuthenticatorInterceptor.
When, from apacheDS, I try to change the user password, two different
things happen:
- If there is no pwdHistory present, the update works, and the pwdHistory
attribute is created.
- If pwdHistory exists, it throws me an error, even though the password is
completely different.
The error is:
2013.04.24 14:23:56,445 DEBUG [pool-4-thread-2]
org.apache.directory.server.core.authn.AuthenticationInterceptor [] -
Operation Context: ModifyContext for Dn 'uid=00000005,dc=2013.04.24
14:23:56,445
DEBUG [pool-4-thread-2]
org.apache.directory.server.core.authn.AuthenticationInterceptor [] -
Operation Context: ModifyContext for Dn 'uid=00000005,dc=company1,dc=com',
modifications :
Modification: replace
, attribute : userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74
0x31 '
2013.04.24 14:23:56,446 DEBUG [pool-4-thread-2]
org.apache.directory.server.ldap.handlers.LdapRequestHandler [] -
CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST
Message ID : 16
Modify Request
Object : 'uid=00000005,dc=company1,dc=com'
Modification[0]
Operation : replace
Modification
userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 0x31 '
org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcebfd3b:
invalid reuse of password present in password history
org.apache.directory.api.ldap.model.exception.LdapOperationException:
invalid reuse of password present in password history
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956)
at
app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
--->>>> extends from AuthenticationInterceptor. No added behaviour in this
example
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:980)
at
app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:223)
at
org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
at
org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:914)
at
org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:897)
at
org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:56)
at
org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:722)
2013.04.24 14:23:56,449 DEBUG [pool-4-thread-2]
org.apache.mina.core.filterchain.IoFilterEvent [] - Event MESSAGE_RECEIVED
has been fired for session 1
2013.04.24 14:23:56,449 DEBUG [NioProcessor-2]
org.apache.directory.server.ldap.handlers.LdapResponseHandler [] - Message
sent : MessageType : MODIFY_RESPONSE,dc=com', modifications :
Modification: replace
, attribute : userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74
0x31 '
2013.04.24 14:23:56,446 DEBUG [pool-4-thread-2]
org.apache.directory.server.ldap.handlers.LdapRequestHandler [] -
CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST
Message ID : 16
Modify Request
Object : 'uid=00000005,dc=company1,dc=com'
Modification[0]
Operation : replace
Modification
userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 0x31 '
org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcebfd3b:
invalid reuse of password present in password history
org.apache.directory.api.ldap.model.exception.LdapOperationException:
invalid reuse of password present in password history
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956)
at
app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:980)
at
app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:223)
at
org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
at
org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:914)
at
org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:897)
at
org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:56)
at
org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:722)
2013.04.24 14:23:56,449 DEBUG [pool-4-thread-2]
org.apache.mina.core.filterchain.IoFilterEvent [] - Event MESSAGE_RECEIVED
has been fired for session 1
2013.04.24 14:23:56,449 DEBUG [NioProcessor-2]
org.apache.directory.server.ldap.handlers.LdapResponseHandler [] - Message
sent : MessageType : MODIFY_RESPONSE
I don't know if this helps, but here's some extra info:
Entry
dn[n]: uid=00000005,dc=company1,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: InetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: pwdPolicy
pwdHistory: '0x32 0x30 0x31 0x33 0x30 0x34 0x32 0x34 0x31 0x32 0x32
0x33 0x32 0x39 0x2E 0x38 ...'
pwdAllowUserChange: true
uid: 00000005
pwdPolicySubEntry:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
pwdReset: TRUE
userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 '
entryParentId: ccde56b4-aa2e-4738-af71-f15648d5e563
distinguishedName: uid=00000005,dc=company1,dc=com
pwdChangedTime: 20130410111201.584Z
pwdAttribute: userPassword
givenName: Michael
c: DE
cn: Michael Jackson
sn: Jackson
l: mjackson
mail: [email protected]
entryuuid: f679c2bb-e2f4-4987-8533-4d0b8407e876
o: Test Company
entryDN: uid=00000005,dc=company1,dc=com
modifyTimestamp: 20130424122329.889Z
entryCSN: 20130424122329.889000Z#000000#000#000000
displayName: Michael Jackson
modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectClass: top
objectClass: ads-base
objectClass: ads-passwordPolicy
ads-pwdId: default
ads-pwdSafeModify: FALSE
ads-pwdMaxAge: 0
ads-pwdFailureCountInterval: 30
ads-pwdAttribute: userPassword
ads-pwdMaxFailure: 5
ads-pwdLockout: TRUE
ads-pwdMustChange: FALSE
ads-pwdLockoutDuration: 0
ads-pwdMinLength: 5
ads-pwdInHistory: 5
ads-pwdExpireWarning: 0
ads-pwdMinAge: 0
ads-pwdAllowUserChange: TRUE
ads-pwdGraceAuthNLimit: 0
ads-pwdCheckQuality: 2
ads-pwdMaxLength: 0
ads-pwdGraceExpire: 0
ads-pwdMinDelay: 0
ads-pwdMaxDelay: 0
ads-pwdMaxIdle: 0
ads-enabled: TRUE
