directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Carlo.Acco...@ibs-ag.com>
Subject 2 issues with Password policy response warnings / types
Date Thu, 21 Jun 2012 18:24:48 GMT
Hi, we're deep into testing the password policy and we came across this situation.  Using 
DS built from the trunk version 1349996

Short description. In the ASN.1 response:
When the password is expiring in 60 seconds , the three bytes should be  -128, 0, 60  instead
they are -128, 1, 60
When 4 grace logins remain, the three bytes should be  -128, 1, 4  instead they are -127,
1, 4

We have a user that has the pwdReset = true  Attribute   AND their password is about to expire.
This is the byte[] value returned after 3 consecutive logins, you can see the password expiration
working

[48, 8, -96, 3, -128, 1, 122, -127, 1, 2]  // pw expires in 122 seconds
[48, 8, -96, 3, -128, 1, 83, -127, 1, 2] // pw expires in 83 seconds
[48, 8, -96, 3, -128, 1, 48, -127, 1, 2] // pw expires in 48 seconds


// here's the last case decoded.
48 (30) Skip
8 (8) Length = 8
-96 (160) Continue
3 (3) Length = 3
-128 (128) Warning OK
1 (1) Type 1  <-- ?? This should be error Type 0? Type 1 defines Grace Logins
48 (48) 48 seconds remaining on password <-- expected value but is getting set in grace
logins
// loop again
-127 (129) Error OK
1 (1) length =1
2 (2) Error  CHANGE_AFTER_RESET   <-- this is what we expect.


Here's the same case, after the password expires. The Grace Login also has an Error instead
of a warning
[48, 8, -96, 3, -127, 1, 4, -127, 1, 2]
-127 (129) Error <-- This should be a Warning  -128
1 (1) Type 1 = Grace Logins remaining  <-- this is the correct warning type
4 (4) 4 logins remaining  <-- correct # of logins remaining


Thanks!



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message