did you disable the default AuthenticationInterceptor?
On Fri, Apr 26, 2013 at 7:20 PM, Patricio Demitrio <[email protected]>wrote: > Hi, I'm currently working with a custom M11 server, the only thing > different is a custom implementation of AuthenticatorInterceptor. > > When, from apacheDS, I try to change the user password, two different > things happen: > - If there is no pwdHistory present, the update works, and the pwdHistory > attribute is created. > - If pwdHistory exists, it throws me an error, even though the password is > completely different. > > The error is: > > 2013.04.24 14:23:56,445 DEBUG [pool-4-thread-2] > org.apache.directory.server.core.authn.AuthenticationInterceptor [] - > Operation Context: ModifyContext for Dn 'uid=00000005,dc=2013.04.24 > 14:23:56,445 > DEBUG [pool-4-thread-2] > org.apache.directory.server.core.authn.AuthenticationInterceptor [] - > Operation Context: ModifyContext for Dn 'uid=00000005,dc=company1,dc=com', > modifications : > Modification: replace > , attribute : userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 > 0x31 ' > > > 2013.04.24 14:23:56,446 DEBUG [pool-4-thread-2] > org.apache.directory.server.ldap.handlers.LdapRequestHandler [] - > CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST > Message ID : 16 > Modify Request > Object : 'uid=00000005,dc=company1,dc=com' > Modification[0] > Operation : replace > Modification > userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 0x31 ' > org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcebfd3b: > invalid reuse of password present in password history > org.apache.directory.api.ldap.model.exception.LdapOperationException: > invalid reuse of password present in password history > at > > org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956) > at > > app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168) > --->>>> extends from AuthenticationInterceptor. No added behaviour in this > example > at > > org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577) > at > > org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:980) > at > > app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168) > at > > org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577) > at > > org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:223) > at > > org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782) > at > > org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:914) > at > > org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:897) > at > > org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:56) > at > > org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:39) > at > > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) > at > > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) > at > > org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) > at > > org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > at > org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > at > > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) > at > > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) > at java.lang.Thread.run(Thread.java:722) > 2013.04.24 14:23:56,449 DEBUG [pool-4-thread-2] > org.apache.mina.core.filterchain.IoFilterEvent [] - Event MESSAGE_RECEIVED > has been fired for session 1 > 2013.04.24 14:23:56,449 DEBUG [NioProcessor-2] > org.apache.directory.server.ldap.handlers.LdapResponseHandler [] - Message > sent : MessageType : MODIFY_RESPONSE,dc=com', modifications : > Modification: replace > , attribute : userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 > 0x31 ' > > > 2013.04.24 14:23:56,446 DEBUG [pool-4-thread-2] > org.apache.directory.server.ldap.handlers.LdapRequestHandler [] - > CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST > Message ID : 16 > Modify Request > Object : 'uid=00000005,dc=company1,dc=com' > Modification[0] > Operation : replace > Modification > userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 0x31 ' > org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcebfd3b: > invalid reuse of password present in password history > org.apache.directory.api.ldap.model.exception.LdapOperationException: > invalid reuse of password present in password history > at > > org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956) > at > > app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168) > at > > org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577) > at > > org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:980) > at > > app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168) > at > > org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577) > at > > org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:223) > at > > org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782) > at > > org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:914) > at > > org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:897) > at > > org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:56) > at > > org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:39) > at > > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207) > at > > org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) > at > > org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221) > at > > org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > at > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > at > org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74) > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > at > > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474) > at > > org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428) > at java.lang.Thread.run(Thread.java:722) > 2013.04.24 14:23:56,449 DEBUG [pool-4-thread-2] > org.apache.mina.core.filterchain.IoFilterEvent [] - Event MESSAGE_RECEIVED > has been fired for session 1 > 2013.04.24 14:23:56,449 DEBUG [NioProcessor-2] > org.apache.directory.server.ldap.handlers.LdapResponseHandler [] - Message > sent : MessageType : MODIFY_RESPONSE > > > I don't know if this helps, but here's some extra info: > > Entry > dn[n]: uid=00000005,dc=company1,dc=com > objectclass: top > objectclass: extensibleObject > objectclass: InetOrgPerson > objectclass: organizationalPerson > objectclass: person > objectclass: pwdPolicy > pwdHistory: '0x32 0x30 0x31 0x33 0x30 0x34 0x32 0x34 0x31 0x32 0x32 > 0x33 0x32 0x39 0x2E 0x38 ...' > pwdAllowUserChange: true > uid: 00000005 > pwdPolicySubEntry: > > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config > pwdReset: TRUE > userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 ' > entryParentId: ccde56b4-aa2e-4738-af71-f15648d5e563 > distinguishedName: uid=00000005,dc=company1,dc=com > pwdChangedTime: 20130410111201.584Z > pwdAttribute: userPassword > givenName: Michael > c: DE > cn: Michael Jackson > sn: Jackson > l: mjackson > mail: [email protected] > entryuuid: f679c2bb-e2f4-4987-8533-4d0b8407e876 > o: Test Company > entryDN: uid=00000005,dc=company1,dc=com > modifyTimestamp: 20130424122329.889Z > entryCSN: 20130424122329.889000Z#000000#000#000000 > displayName: Michael Jackson > modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system > > > dn: > > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config > objectClass: top > objectClass: ads-base > objectClass: ads-passwordPolicy > ads-pwdId: default > ads-pwdSafeModify: FALSE > ads-pwdMaxAge: 0 > ads-pwdFailureCountInterval: 30 > ads-pwdAttribute: userPassword > ads-pwdMaxFailure: 5 > ads-pwdLockout: TRUE > ads-pwdMustChange: FALSE > ads-pwdLockoutDuration: 0 > ads-pwdMinLength: 5 > ads-pwdInHistory: 5 > ads-pwdExpireWarning: 0 > ads-pwdMinAge: 0 > ads-pwdAllowUserChange: TRUE > ads-pwdGraceAuthNLimit: 0 > ads-pwdCheckQuality: 2 > ads-pwdMaxLength: 0 > ads-pwdGraceExpire: 0 > ads-pwdMinDelay: 0 > ads-pwdMaxDelay: 0 > ads-pwdMaxIdle: 0 > ads-enabled: TRUE > -- Kiran Ayyagari http://keydap.com
