directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukas Slebodnik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1955) Directory Apacheds sends wrong empty response for password policy request
Date Tue, 04 Feb 2014 10:36:08 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13890545#comment-13890545
] 

Lukas Slebodnik commented on DIRSERVER-1955:
--------------------------------------------

- run apacheds
- add user
- enable password policy
- install openldap-clients <=2.4.38
- run following command:
ldapwhoami -d7 -D "cn=William Bush,ou=people,dc=example,dc=com" -w wbPassword -H        
ldap://localhost:10389 -e ppolicy

Result:
ldapwhoami will crash(sigsegv), because it did not expect malformed response. It is fixed
in openldap 2.4.39.

In my opinion, integration test is not necessary because unit test cover this use case.

> Directory Apacheds sends wrong empty response for password policy request
> -------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1955
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1955
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M15
>            Reporter: Lukas Slebodnik
>         Attachments: 0001-Fix-sending-empty-response-for-password-policy-reque.patch
>
>
> According to ldap password policy draft
> (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-6.2)
> Response Control should contain controlType (1.3.6.1.4.1.42.2.27.8.5.1) and
> the controlValue and the BER encoding of the following type:
>    PasswordPolicyResponseValue ::= SEQUENCE {
>          warning [0] CHOICE {
>             timeBeforeExpiration [0] INTEGER (0 .. maxInt),
>             graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
>          error   [1] ENUMERATED {
>             passwordExpired             (0),
>             accountLocked               (1),
>             changeAfterReset            (2),
>             passwordModNotAllowed       (3),
>             mustSupplyOldPassword       (4),
>             insufficientPasswordQuality (5),
>             passwordTooShort            (6),
>             passwordTooYoung            (7),
>             passwordInHistory           (8) } OPTIONAL }
> Empty response should also contain BER encoding of empty sequence.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message