directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (DIRSERVER-1734) ads-certificatePassword syntax far too restrictive for actual passwords
Date Fri, 06 Jul 2012 07:48:34 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny resolved DIRSERVER-1734.
------------------------------------------

    Resolution: Invalid

Although the attributeType's name is ads-certficatePassword, the key word here is "Certficate',
not 'password'.

That means this AT is not supposed to store anything but a base 64 encoded certificate.

For passwords, you should use the userPassword AT instead.
                
> ads-certificatePassword syntax far too restrictive for actual passwords
> -----------------------------------------------------------------------
>
>                 Key: DIRSERVER-1734
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1734
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M7
>         Environment: CP/M-86 Java 7 on PDP-11
>            Reporter: Sean Kelly
>             Fix For: 2.0.0-RC1
>
>
> The password for my keystore happens to be "ec7!J>;;x".
> However, specifying that value in my config.ldif as {{ads-certificatePassword: ec7!J>;;x}}
results in a startup failure:
> {noformat}
> [18:08:12] WARN [org.apache.directory.shared.ldap.model.entry.DefaultEntry] - The attribute
'ads-certificatepassword' cannot be stored
> org.apache.directory.shared.ldap.model.exception.LdapOtherException: ERR_04447_CANNOT_NORMALIZE_VALUE
Cannot normalize the wrapped value ERR_04473_NOT_VALID_VALUE Not a valid value 'ec7!J>;;x'
for the AttributeType 'ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.309
>  NAME 'ads-certificatePassword'
>  DESC The certificate passord
>  EQUALITY caseExactMatch
>  ORDERING caseExactOrderingMatch
>  SUBSTR caseExactSubstringsMatch
>  SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
>  SINGLE-VALUE
>  USAGE userApplications
>  )
> '
> 	at org.apache.directory.server.core.api.partition.AbstractPartition.initialize(AbstractPartition.java:77)
> 	at org.apache.directory.server.ApacheDsService.initConfigPartition(ApacheDsService.java:284)
> 	at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:166)
> 	at org.apache.directory.server.UberjarMain.main(UberjarMain.java:58)
> {noformat}
> Apparently the {{ads-certificatePassword}} property's syntax is 1.3.6.1.4.1.1466.115.121.1.44,
which, sadly, is far too restrictive for actual in-use passwords.
> I recommend changing the syntax to something a bit more permissive.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message