directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Custine" <ccust...@apache.org>
Subject Re: ApacheDS 1.5.1 :: Does ApacheDS internally cache modified object properties, like changed user password
Date Fri, 20 Jul 2007 16:17:48 GMT
Yes, I can reproduce this as well.  The password does not seem to update
immdiately when bound as another user (uid=admin,ou=system), but does update
immediately when bound as that user.

So who wants to file the Jira?  :-)

Chris

On 7/20/07, Stefan Zoerner <stefan@labeo.de> wrote:
>
> Markus Pohle wrote:
> > I use ApacheDS-1.5.1-SNAPSHOT release on my computer and figured out the
> > following:
> >
> > 1. started my webapp
> > 2. tried to login to my webapp, which tries to authenticate myself
> > against apacheds
> > 3. login is successful
> >
> > 4. used LDAP Studio to modify my users password
> > 5. started my webapp again and tried to login with modified password
> > with no success
> > 6. tried the old password and thats successful
> >
> > 7. stopped ApacheDS and started again and tried then to use the new
> > password and now it is successful
> >
> > Can anybody tell me, why that happens? Looked in server.xml for reason
> > and found only these two tags:
> > <property name="synchPeriodMillis" value="15000" />
> > <property name="synchOnWrite" value="true" />
> >
> > Help would be really appreciated.
> > TIA
> > Markus
>
> I tried to reproduce, and I could. I only used ApacheDS 1.5.1-SNAPSHOT
> and an LDAP client, and the change to the password did not work
> immediately.
>
> This is what I did:
>
> (1) Add this entry to the directory:
>
> ---
> dn: cn=Tori Amos,dc=example,dc=com
> sn: Amos
> objectClass: person
> objectClass: top
> cn: Tori Amos
> userpassword: secret
> ---
>
> $ ldapmodify -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -a
> -f tori.ldif
> adding new entry cn=Tori Amos,dc=example,dc=com
>
> (2) Check, that Tori can authenticate
>
> $ ldapsearch -h localhost -p 10389 -D "cn=Tori Amos,dc=example,dc=com"
> -w secret -b "" -s base "(objectClass=*)" vendorName
> version: 1
> dn:
> vendorName: Apache Software Foundation
>
> (3) Modify Tori's password
>
> LDIF-File:
>
> ---
> dn: cn=Tori Amos,dc=example,dc=com
> changetype: modify
> replace: userPassword
> userPassword: geheim
> -
> ---
>
> $ ldapmodify -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -f
> changePwd.ldif
> modifying entry cn=Tori Amos,dc=example,dc=com
>
> !!! Note, that I use the admin to perform the operation !!!
>
> (4) Check, whether it works
>
> $ ldapsearch -h localhost -p 10389 -D "cn=Tori Amos,dc=example,dc=com"
> -w geheim -b "" -s base "(objectClass=*)" vendorName
> ldap_simple_bind: Invalid credentials
> ldap_simple_bind: additional info: Bind failed: null
>
> $ ldapsearch -h localhost -p 10389 -D "cn=Tori Amos,dc=example,dc=com"
> -w secret -b "" -s base "(objectClass=*)" vendorName
> version: 1
> dn:
> vendorName: Apache Software Foundation
>
> => I think this behavior is not correct, because the new password
> "geheim" should work immediately (as you assume as well).
>
> Note that the problem does not occur, if the user "Tori Amos" changes
> her password herself. In this case, the new password is valid immediately.
>
> Others?
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message