directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-1065) http://directory.apache.org/apacheds/1.5/apacheds-v15-developers-guide.html describes wrong feature
Date Tue, 18 Sep 2007 22:23:43 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12528592
] 

Stefan Zoerner commented on DIRSERVER-1065:
-------------------------------------------

I do not find anything about password changes on page
http://directory.apache.org/apacheds/1.5/apacheds-v15-developers-guide.html 
and therefore assume he means this page
http://directory.apache.org/apacheds/1.5/143-changing-the-admin-password.html

I have tested the steps described on the page with ApacheDS 1.5.1 and it works. I am quite
sure that the reporter has either made a mistake during the password change, or refers to
another page.

It is possible to set the value for the userPassword of the admin within the server to a hashed
value (e.g. "{SHA}kGByAB793z4R5tK1eC9Hd/4Dhzk=" as the value for "geheim") and startup the
server.  *But* you have to modify the value within the server.xml before restarting as well,
*and* it does only work if you use the clear text value here (i.e. hashed value for the entry,
clear text within the XML configuration):

...
<prop key="java.naming.security.credentials">geheim</prop>
...

Of course it also works if both values are not encrypted.

DIRSERVER-1064 describes the problem correctly. It is possible to have a hashed value in the
attribute of the user entry (uid=admin,ou=system), but the password within the server.xml
has te be stored in clear text. This is obviously an issue, but I assume that the problem
described here  does not exist. 

Can anybody confirm by replaying the steps from this page?
http://directory.apache.org/apacheds/1.5/143-changing-the-admin-password.html




> http://directory.apache.org/apacheds/1.5/apacheds-v15-developers-guide.html describes
wrong feature
> ---------------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1065
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1065
>             Project: Directory ApacheDS
>          Issue Type: Bug
>         Environment: linux ubuntu 7.10/ apacheds from your side
>            Reporter: Stephan Hermann
>
> On this page http://directory.apache.org/apacheds/1.5/apacheds-v15-developers-guide.html
you mention that you change your admin password via apache directory studio with the SHA algorythm.
Setting this up like its described on the page, the server doesn't startup. If you setup the
{SHA} string in the server.xml the server starts up but you can't authenticate against the
server anymore.
> After a discusson on #directory@freenode, we came to the conclusion that this is not
working.
> To avoid problems for other users, please correct the information, that this setup is
only working with plain text passwords.
> Thx for your great work,
> \sh

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message