Return-Path: 
 <dev-return-44597-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CBD361073F
	for <apmail-directory-dev-archive@www.apache.org>;
 Sat,  7 Dec 2013 15:25:47 +0000 (UTC)
Received: (qmail 55097 invoked by uid 500); 7 Dec 2013 15:25:44 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 55029 invoked by uid 500); 7 Dec 2013 15:25:43 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 54997 invoked by uid 99); 7 Dec 2013 15:25:35 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Dec 2013 15:25:35 +0000
Date: Sat, 7 Dec 2013 15:25:35 +0000 (UTC)
From: "lucas theisen (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.12683170.1386356125930.92314.1386429935540@arcas>
In-Reply-To: <JIRA.12683170.1386356125930@arcas>
References: <JIRA.12683170.1386356125930@arcas>
Subject: [jira] [Updated] (DIRSERVER-1928) PasswordPolicy should be ignored
 from Admin session
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/DIRSERVER-1928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

lucas theisen updated DIRSERVER-1928:
-------------------------------------

    Attachment:     (was: ppolicytest.patch)

> PasswordPolicy should be ignored from Admin session
> ---------------------------------------------------
>
>                 Key: DIRSERVER-1928
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1928
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core-integ
>    Affects Versions: 2.0.0-M15, 2.0.0-M16
>            Reporter: lucas theisen
>            Priority: Critical
>
> While not explicitly stated in either the RFC for password policy (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10), an authenticated session with admin privileges should avoid password policy checks.  For example, a user might change his password and forget it soon thereafter.  At which point he would contact an administrator and ask to have it reset again.  If an ads-pwdMinAge is set longer than the elapsed time, even the administrator is unable to fix the problem (short of modifying the pwdChangedTime by hand before making the request).  Other LDAP implementations like Active Directory do this, and operating systems like windows and unix do this...  Would it not make sense to do the same here?



--
This message was sent by Atlassian JIRA
(v6.1#6144)