directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Paulsen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials
Date Wed, 08 Apr 2015 15:20:12 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14485374#comment-14485374
] 

David Paulsen commented on DIRSERVER-2051:
------------------------------------------

FYI I'm using the Novell JLDAP API (not sure that bit of information is relevant here, but
just in case).

Here are three cases that help describe the issue.

Case 1 (working as expected): 
If the password IS NOT expired, and I try to authenticate with the WRONG password, I get a
com.novell.ldap.LDAPException with message:
INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com

Case 2 (working as expected):
If the password IS expired, and I try to authenticate with the CORRECT password, I get a com.novell.ldap.LDAPException
with message:
INVALID_CREDENTIALS: Bind failed: paasword expired

Case 3 (not working as expected):
If the password IS expired, and I try to authenticate with the WRONG password, I get a com.novell.ldap.LDAPException
with message:
INVALID_CREDENTIALS: Bind failed: paasword expired

In Case 3, since the password I entered was wrong, I'm thinking it should return the values
in Case 1. The thought being that information about the password being expired should not
be disclosed if typing any old password value in. And logically it seems to me that the primary/first
problem in Case 3 that the password is wrong, not that it's expired. Just my opinion.

By the way this is not a show-stopper issue for us, so from my perspective it doesn't have
hold up the M20 release.


> Getting Password Expired Instead of Invalid Credentials
> -------------------------------------------------------
>
>                 Key: DIRSERVER-2051
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message