directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Seelmann (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSTUDIO-600) Add feature to replace hidden attribute
Date Thu, 03 Dec 2009 08:18:20 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12785222#action_12785222
] 

Stefan Seelmann commented on DIRSTUDIO-600:
-------------------------------------------

I think a general "change password" operation using RFC 3062 (LDAP Password Modify Extended
Operation) makes more sense. Does AD support that?

A workaround could be to force usage of 'replace' operation for all modify operations in the
connection properties, tab 'Edit Options' (http://directory.apache.org/studio/static/users_guide/ldap_browser/tools_connection_properties.html#tools_connection_properties_edit_options)



> Add feature to replace hidden attribute
> ---------------------------------------
>
>                 Key: DIRSTUDIO-600
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-600
>             Project: Directory Studio
>          Issue Type: Improvement
>          Components: studio-ldapbrowser
>    Affects Versions: 1.5.0
>         Environment: Directory Studio 1.5.1, Windows, Java 1.6.0_11
>            Reporter: Petteri Stenius
>
> The "New Attribute" editor always results in "changetype: add". Sometimes it is useful
to specify "changetype: replace".
> Use case: Password reset
> Password reset with Active Directory or ADAM is difficult without replace. Active Directory
and ADAM always hides userPassword from all search results, and userPassword will never show
up in the Entry Editor. Because of this I cannot use "Edit Value" to replace the password
value. 
> The best option seems to be to use New Attribute, which results in error 20 (attributeOrValueExists).
> The working option, which is rather difficult, is to create a ldif script to execute.
> Modification logs with ADAM:
> #!RESULT ERROR
> #!CONNECTION ldap://localhost:50000
> #!DATE 2009-12-03T08:56:25.280
> #!ERROR [LDAP: error code 20 - 00002081: AtrErr: DSID-030F116D, #1:     0: 00002081:
DSID-030F116D, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 9005a (unicodePwd) 
> dn: CN=user1,CN=instance1,DC=localhost
> changetype: modify
> add: userPassword
> userPassword:: dXNlcjE=
> -
> #!RESULT OK
> #!CONNECTION ldap://localhost:50000
> #!DATE 2009-12-03T09:03:40.095
> dn: CN=user1,CN=instance1,DC=localhost
> changetype: modify
> replace: userPassword
> userPassword: user1
> -

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message