directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricio Demitrio <pdemit...@scoop-gmbh.de>
Subject Re: [ApacheDS] Error 56
Date Fri, 01 Feb 2013 15:52:26 GMT
Ok, I captured the operation using wireshark, I have no idea if this is
useful or not. I'm attaching two files (wireshark format and plain text,
both have same content).

And here is an answer from a developer of openam, I'm copying it since
maybe it helps.

-----------
 This error message is now coming
out of LDAP authentication module, and not from the UMUserChangePassword
page..
The LDAP authentication module grabs the existing password and creates a
MODIFY request:
remove userpassword: currentvalue
add userpassword: newvvalue
Looks like this is not really handled by Apache DS for some reason,
which is quite strange. The other way is to simply run one operation of:
replace userpassword: newvalue
but this could be only done by a privileged user (who can reset
passwords for arbitrary users).


On Fri, Feb 1, 2013 at 3:51 PM, Emmanuel Lécharny <elecharny@gmail.com>wrote:

> There is somethong *extremelly* weird...
>
> The userPassword value you are trying to modify is :
>
> e1NTSEF9NGx1QXphMkw...tM2F3SHFZN0E9PQ==
>
> which once decoded gives :
>
> {SSHA}4luAza2L+0Xyut...VVm3awHqY7A==
>
> and now, the password value is a base64 value, which makes no sense...
>
> Something in OpenAM should encode the real SSHA salted password in
> base64, then add {SSHA) into the value, and try to remove this value
> from the server.
>
> I would expect the real value to be :
>
> {SSHA}â[€Í­‹ûE...VmÚÀz˜ì
>
> instead...
>
> Is it possible that you capture the PDU being exchanged between OpenAM
> and ApacheDS using wireshark ?
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>

Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message