Return-Path: 
 <dev-return-44649-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C2B29107D7
	for <apmail-directory-dev-archive@www.apache.org>;
 Thu, 12 Dec 2013 21:41:11 +0000 (UTC)
Received: (qmail 80969 invoked by uid 500); 12 Dec 2013 21:41:11 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 80674 invoked by uid 500); 12 Dec 2013 21:41:11 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 80594 invoked by uid 99); 12 Dec 2013 21:41:11 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Dec 2013 21:41:11 +0000
Date: Thu, 12 Dec 2013 21:41:11 +0000 (UTC)
From: "lucas theisen (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Message-ID: <JIRA.12684359.1386884453717.26762.1386884471083@arcas>
In-Reply-To: <JIRA.12684359.1386884453717@arcas>
References: <JIRA.12684359.1386884453717@arcas>
Subject: [jira] [Created] (DIRSERVER-1932) Password policy pwdMinAge check
 should check for required reset
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

lucas theisen created DIRSERVER-1932:
----------------------------------------

             Summary: Password policy pwdMinAge check should check for required reset
                 Key: DIRSERVER-1932
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1932
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 2.0.0-M15, 2.0.0-M16
            Reporter: lucas theisen


According to the rfc (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.8):

7.8 Password Too Young Check
  If the Section 7.2 check returned true then this check will return
  false, to allow the password to be changed.
  ...

7.2 Password Must be Changed Now Check</b>
  A status of true is returned to indicate that the password must be
  changed if all of these conditions are met:   
  o  The pwdMustChange attribute is set to TRUE.
  o  The pwdReset attribute is set to TRUE.
  Otherwise a status of false is returned.

Therefore, if the admin sets the password, the user should be allowed
to change it even if pwdMinAge has not expired.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)