Return-Path: 
 <dev-return-43114-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 87CA0F1E3
	for <apmail-directory-dev-archive@www.apache.org>;
 Tue,  7 May 2013 16:55:17 +0000 (UTC)
Received: (qmail 76348 invoked by uid 500); 7 May 2013 16:55:17 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 75787 invoked by uid 500); 7 May 2013 16:55:16 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 75776 invoked by uid 99); 7 May 2013 16:55:16 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 May 2013 16:55:16 +0000
Date: Tue, 7 May 2013 16:55:16 +0000 (UTC)
From: "Emmanuel Lecharny (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.12643192.1366288116831.281804.1367945716608@arcas>
In-Reply-To: <JIRA.12643192.1366288116831@arcas>
References: <JIRA.12643192.1366288116831@arcas>
Subject: [jira] [Commented] (DIRSERVER-1830) when ads-pwdMaxIdle > 0 no more
 authentication possible
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/DIRSERVER-1830?page=3Dcom.atlas=
sian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D=
13651047#comment-13651047 ]=20

Emmanuel Lecharny commented on DIRSERVER-1830:
----------------------------------------------

The check is done when we try to authenticate a user. At this time, the Pwd=
LastSuccess attrubute is not yet set. We set it later.

What I don't get is that we have a unit test that checks this use case ;

    /**
     * Check the maxIdle : if the user does not bind for more than this del=
ay,
     * the password is locked.
     */
    @Test
    public void testPwMaxIdle() throws Exception
    {
        policyConfig.setPwdMaxIdle( 5 );

        Dn userDn =3D new Dn( "cn=3DuserLockout4,ou=3Dsystem" );
        LdapConnection adminConnection =3D getAdminNetworkConnection( getLd=
apServer() );

        addUser( adminConnection, "userLockout4", "12345" );

        // We should succeed
        checkBindSuccess( userDn, "12345" );

        // Wait 5 seconds now
        Thread.sleep( 5000 );

        // We shpuld not be able to succeed now
        checkBindFailure( userDn, "12345" );

        adminConnection.close();
    }


I can assure you that you can successfully bind, then when there is no bind=
 for 5 seconds, the bind fails.

Pierre-Arnaud suggested that it might be an issue with the pool of connecti=
on. Can you try to do the same test, but with a connection you create, not =
one you pull from the pool ?
               =20
> when ads-pwdMaxIdle > 0 no more authentication possible
> -------------------------------------------------------
>
>                 Key: DIRSERVER-1830
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1830
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: 2.0.0-M11
>         Environment: CentOS
>            Reporter: Michael Witzel
>
> when I configure ads-pwdMaxIdle > 0 no authentication is possible, neithe=
r with admin, nor with other users
> Eclipse Studio:
> Fehler beim =C3=96ffnen der Verbindung
>  - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Canno=
t authenticate user uid=3Dadmin,ou=3Dsystem]
> java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind fai=
led: ERR_229 Cannot authenticate user uid=3Dadmin,ou=3Dsystem]
> =09at org.apache.directory.studio.connection.core.io.api.DirectoryApiConn=
ectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
> =09at org.apache.directory.studio.connection.core.io.api.DirectoryApiConn=
ectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
> =09at org.apache.directory.studio.connection.core.io.api.DirectoryApiConn=
ectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
> =09at org.apache.directory.studio.connection.core.io.api.DirectoryApiConn=
ectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
> =09at org.apache.directory.studio.connection.core.io.api.DirectoryApiConn=
ectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
> =09at org.apache.directory.studio.connection.core.io.api.DirectoryApiConn=
ectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
> =09at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRun=
nable.run(OpenConnectionsRunnable.java:114)
> =09at org.apache.directory.studio.connection.core.jobs.StudioConnectionJo=
b.run(StudioConnectionJob.java:109)
> =09at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot a=
uthenticate user uid=3Dadmin,ou=3Dsystem]
> wrapper.log
> INFO   | jvm 1    | 2013/04/18 14:24:06 | [14:24:06] ERROR=20
> [org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler] =
- ERR_169 failed to unbind session properly
> INFO   | jvm 1    | 2013/04/18 14:24:06 | org.apache.directory.api.ldap.m=
odel.exception.LdapNoSuchObjectException: ERR_268 Cannot find a partition f=
or=20
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.shared.partition.DefaultPartitionNexus.getPartition(DefaultParti=
tionNexus.java:927)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.shared.partition.DefaultPartitionNexus.unbind(DefaultPartitionNe=
xus.java:794)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:26=
6)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor=
.java:1159)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230=
)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandle=
r.java:50)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandle=
r.java:38)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.jav=
a:219)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.jav=
a:56)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.handle=
r.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.s=
erver.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217=
)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.f=
ilterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterC=
hain.java:690)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.f=
ilterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChai=
n.java:417)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.f=
ilterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.f=
ilterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilter=
Chain.java:765)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.f=
ilterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.s=
ession.IoEvent.run(IoEvent.java:63)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.filter=
.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExe=
cutor.java:474)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.filter=
.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecuto=
r.java:428)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at java.lang.Thread.run(T=
hread.java:662)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrato=
rs
For more information on JIRA, see: http://www.atlassian.com/software/jira