directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Warren Rogers (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-2210) Password policy pwdMinAge check should check for required reset
Date Thu, 21 Sep 2017 20:26:00 GMT


Warren Rogers commented on DIRSERVER-2210:

Within AuthintacationINterceptor, line 1552, the check is: 
if ( policyConfig.isPwdMustChange() && userSession.isPwdMustChange() )
            return false;

 userSession.isPwdMustChange seems to be the wrong object to ask for, because we should be
looking for pwdReset.  PwdMustChange is a policy attribute and not a user attribute and this
does not appear to be set anywhere for the isPwdTooYoung method to use.  So, it's null, which
means this method will never return false for pwdReset: TRUE.

> Password policy pwdMinAge check should check for required reset
> ---------------------------------------------------------------
>                 Key: DIRSERVER-2210
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>            Reporter: Warren Rogers
> This JIRA is for a regression of DIRSERVER-1932.
> The test given in the previous JIRA has recently been changed so that the min age is
1 second, so if the test takes 1.1 seconds, it will pass.  The previous age was 5 seconds.
 I would figure this should be even greater to make sure the test process finishes each step.
 I would suggest 30 seconds to probably several minutes.
> We are having issues when an admin resets a user's password, they cannot reset their
password because pwMinAge is 24 hours and the password change is rejected because the password
is too young.
> I'm still scanning the source code for the specific area causing the issue, if I find
it, I'll submit a patch (or merge request).  But thought I'd at least get this issue back
on the radar.

This message was sent by Atlassian JIRA

View raw message