directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (DIRAPI-296) Password reset does not respect password history policy
Date Mon, 29 May 2017 00:55:04 GMT

     [ https://issues.apache.org/jira/browse/DIRAPI-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny resolved DIRAPI-296.
--------------------------------------
    Resolution: Invalid

It's clearly not an API issue : the API does not enforce the password policy, the server does.
We don't know which server is used, so if it's not teh Apache Directory Server, it's not our
issue, and otherwise, an issue should be opened on Apache Directory Server.

> Password reset does not respect password history policy
> -------------------------------------------------------
>
>                 Key: DIRAPI-296
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-296
>             Project: Directory Client API
>          Issue Type: Bug
>            Reporter: Srinivasan A
>              Labels: security
>
> I'm using ldap connection template to allow the user to reset/change the password. My
password policy allows has a password history attribute value of 5. So user will not be able
to use previous 5 passwords.
> When I'm using the modifyPassword method for changing the password(i.e. as a user by
passing current and new password), it respects the password history policy. i.e I'm not allowed
to use any of the previous 5 passwords. But when using the reset option(i.e. - only new password),
it does not honor the password policy. It takes any value(including current one).
> How to make the reset password scenario honor the password history policy?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message