directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ayyagari (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRSERVER-1543) Password Policy forbid to import entries with a non clear text password
Date Fri, 20 Aug 2010 05:18:18 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1543?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12900576#action_12900576
] 

Kiran Ayyagari commented on DIRSERVER-1543:
-------------------------------------------

when set to '0' the quality will never be checked, i.e max/min length values won't be considered
(even if they are set). 
Whereas when set to '1' it checks for password quality but in some cases (like hashed password)
even if it can't check will allow the password.

Here the idea is to allow clear text password and change it to hashed after completing the
ppolicy checks (but at the moment we don't have
this feature of converting clear text password to a hashed one)

> Password Policy forbid to import entries with a non clear text password
> -----------------------------------------------------------------------
>
>                 Key: DIRSERVER-1543
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1543
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-RC1
>            Reporter: Emmanuel Lecharny
>            Priority: Critical
>             Fix For: 2.0.0-RC1
>
>
> If we try to import a LDIF file containing entries with an encrypted password, we get
a failure :
> #!RESULT ERROR
> #!CONNECTION ldap://iktek:10389
> #!DATE 2010-08-19T16:33:01.575
> #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for     Add Request : Entry
    dn[n]: uid=elecharny,ou=People,dc=iktek,dc=com     objectClass: organizationalPerson 
   objectClass: person     objectClass: inetOrgPerson     objectClass: top     uid: elecharny
    mail: elecharny@apache.org     sn: Lecharny     userPassword: '0x7B 0x53 0x53 0x48 0x41
0x7D 0x72 0x32 0x56 0x4C 0x75 0x55 0x52 0x6C 0x75 0x46 ...'     cn: Emmanuel Lecharny    
givenName: Emmanuel    : cannot verify the quality of the non-cleartext passwords]
> dn: uid=elcharny,ou=People,dc=iktek,dc=com
> changetype: add
> objectClass: organizationalPerson
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: top
> mail: elecharny@apache.org
> givenName: Emmanuel
> uid: seelmann
> userPassword: {SSHA}wnfS3DVTFB/FVbBwC47WfQNn29WN/.....
> sn: Lecharny
> cn: Emmanuel lecharny
> Seems like we should disable the password policy when it's not plain text...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message