directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <ste...@labeo.de>
Subject Re: ApacheDS 1.5.1 :: Does ApacheDS internally cache modified object properties, like changed user password
Date Fri, 20 Jul 2007 16:04:11 GMT
Markus Pohle wrote:
> I use ApacheDS-1.5.1-SNAPSHOT release on my computer and figured out the 
> following:
> 
> 1. started my webapp
> 2. tried to login to my webapp, which tries to authenticate myself 
> against apacheds
> 3. login is successful
> 
> 4. used LDAP Studio to modify my users password
> 5. started my webapp again and tried to login with modified password 
> with no success
> 6. tried the old password and thats successful
> 
> 7. stopped ApacheDS and started again and tried then to use the new 
> password and now it is successful
> 
> Can anybody tell me, why that happens? Looked in server.xml for reason 
> and found only these two tags:
> <property name="synchPeriodMillis" value="15000" />
> <property name="synchOnWrite" value="true" />
> 
> Help would be really appreciated.
> TIA
> Markus

I tried to reproduce, and I could. I only used ApacheDS 1.5.1-SNAPSHOT 
and an LDAP client, and the change to the password did not work immediately.

This is what I did:

(1) Add this entry to the directory:

---
dn: cn=Tori Amos,dc=example,dc=com
sn: Amos
objectClass: person
objectClass: top
cn: Tori Amos
userpassword: secret
---

$ ldapmodify -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -a 
-f tori.ldif
adding new entry cn=Tori Amos,dc=example,dc=com

(2) Check, that Tori can authenticate

$ ldapsearch -h localhost -p 10389 -D "cn=Tori Amos,dc=example,dc=com" 
-w secret -b "" -s base "(objectClass=*)" vendorName
version: 1
dn:
vendorName: Apache Software Foundation

(3) Modify Tori's password

LDIF-File:

---
dn: cn=Tori Amos,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: geheim
-
---

$ ldapmodify -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -f 
changePwd.ldif
modifying entry cn=Tori Amos,dc=example,dc=com

!!! Note, that I use the admin to perform the operation !!!

(4) Check, whether it works

$ ldapsearch -h localhost -p 10389 -D "cn=Tori Amos,dc=example,dc=com" 
-w geheim -b "" -s base "(objectClass=*)" vendorName
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: Bind failed: null

$ ldapsearch -h localhost -p 10389 -D "cn=Tori Amos,dc=example,dc=com" 
-w secret -b "" -s base "(objectClass=*)" vendorName
version: 1
dn:
vendorName: Apache Software Foundation

=> I think this behavior is not correct, because the new password 
"geheim" should work immediately (as you assume as well).

Note that the problem does not occur, if the user "Tori Amos" changes 
her password herself. In this case, the new password is valid immediately.

Others?





Mime
View raw message