directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricio Demitrio <pdemit...@scoop-gmbh.de>
Subject Re: pwdHistory not validating properly (in custom server)
Date Fri, 26 Apr 2013 14:24:00 GMT
Im pretty sure, yes.
When debugging, my interceptors listed are:
[org.apache.directory.server.core.normalization.NormalizationInterceptor@4f8771a
,
app.ldap.server.AuthenticationInterceptor2@54534e82,
org.apache.directory.server.core.referral.ReferralInterceptor@2947640e,
org.apache.directory.server.core.authz.AciAuthorizationInterceptor@df9e84e,
org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor@1202600d
,
org.apache.directory.server.core.admin.AdministrativePointInterceptor@59effeb7
,
org.apache.directory.server.core.exception.ExceptionInterceptor@1b3bce82,
org.apache.directory.server.core.schema.SchemaInterceptor@7372c6c5,
org.apache.directory.server.core.operational.OperationalAttributeInterceptor@7457eab9
,
org.apache.directory.server.core.collective.CollectiveAttributeInterceptor@37f3535b
,
org.apache.directory.server.core.subtree.SubentryInterceptor@47e5980f,
 org.apache.directory.server.core.event.EventInterceptor@326225a9,
org.apache.directory.server.core.trigger.TriggerInterceptor@49969416,
org.apache.directory.server.core.changelog.ChangeLogInterceptor@3cd45618,
org.apache.directory.server.core.journal.JournalInterceptor@186060db]


ABout the canges you mentioned, is there something newer than M11? Or
should I build something locally?

Thanks


On Fri, Apr 26, 2013 at 4:17 PM, Kiran Ayyagari <kayyagari@apache.org>wrote:

> did you disable the default AuthenticationInterceptor?
>
>
> On Fri, Apr 26, 2013 at 7:20 PM, Patricio Demitrio
> <pdemitrio@scoop-gmbh.de>wrote:
>
> > Hi, I'm currently working with a custom M11 server, the only thing
> > different is a custom implementation of AuthenticatorInterceptor.
> >
> > When, from apacheDS, I try to change the user password, two different
> > things happen:
> > - If there is no pwdHistory present, the update works, and the pwdHistory
> > attribute is created.
> > - If pwdHistory exists, it throws me an error, even though the password
> is
> > completely different.
> >
> > The error is:
> >
> > 2013.04.24 14:23:56,445 DEBUG [pool-4-thread-2]
> > org.apache.directory.server.core.authn.AuthenticationInterceptor [] -
> > Operation Context: ModifyContext for Dn 'uid=00000005,dc=2013.04.24
> > 14:23:56,445
> > DEBUG [pool-4-thread-2]
> > org.apache.directory.server.core.authn.AuthenticationInterceptor [] -
> > Operation Context: ModifyContext for Dn
> 'uid=00000005,dc=company1,dc=com',
> > modifications :
> > Modification: replace
> > , attribute : userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74
> > 0x31 '
> >
> >
> > 2013.04.24 14:23:56,446 DEBUG [pool-4-thread-2]
> > org.apache.directory.server.ldap.handlers.LdapRequestHandler [] -
> > CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST
> > Message ID : 16
> >     Modify Request
> >         Object : 'uid=00000005,dc=company1,dc=com'
> >             Modification[0]
> >                 Operation :  replace
> >                 Modification
> > userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 0x31 '
> > org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcebfd3b:
> > invalid reuse of password present in password history
> > org.apache.directory.api.ldap.model.exception.LdapOperationException:
> > invalid reuse of password present in password history
> > at
> >
> >
> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956)
> >  at
> >
> >
> app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
> > --->>>> extends from AuthenticationInterceptor. No added behaviour in
> this
> > example
> >  at
> >
> >
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> > at
> >
> >
> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:980)
> >  at
> >
> >
> app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
> > at
> >
> >
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> >  at
> >
> >
> org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:223)
> > at
> >
> >
> org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
> >  at
> >
> >
> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:914)
> > at
> >
> >
> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:897)
> >  at
> >
> >
> org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:56)
> > at
> >
> >
> org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:39)
> >  at
> >
> >
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
> > at
> >
> >
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> >  at
> >
> >
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> > at
> >
> >
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> >  at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> >  at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> >  at
> >
> org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> > at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> >  at
> >
> >
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> > at
> >
> >
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> >  at java.lang.Thread.run(Thread.java:722)
> > 2013.04.24 14:23:56,449 DEBUG [pool-4-thread-2]
> > org.apache.mina.core.filterchain.IoFilterEvent [] - Event
> MESSAGE_RECEIVED
> > has been fired for session 1
> > 2013.04.24 14:23:56,449 DEBUG [NioProcessor-2]
> > org.apache.directory.server.ldap.handlers.LdapResponseHandler [] -
> Message
> > sent : MessageType : MODIFY_RESPONSE,dc=com', modifications :
> > Modification: replace
> > , attribute : userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74
> > 0x31 '
> >
> >
> > 2013.04.24 14:23:56,446 DEBUG [pool-4-thread-2]
> > org.apache.directory.server.ldap.handlers.LdapRequestHandler [] -
> > CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST
> > Message ID : 16
> >     Modify Request
> >         Object : 'uid=00000005,dc=company1,dc=com'
> >             Modification[0]
> >                 Operation :  replace
> >                 Modification
> > userPassword: '0x73 0x63 0x6F 0x6F 0x70 0x73 0x6F 0x66 0x74 0x31 '
> > org.apache.directory.api.ldap.model.message.ModifyRequestImpl@fcebfd3b:
> > invalid reuse of password present in password history
> > org.apache.directory.api.ldap.model.exception.LdapOperationException:
> > invalid reuse of password present in password history
> > at
> >
> >
> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:956)
> >  at
> >
> >
> app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
> > at
> >
> >
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> >  at
> >
> >
> org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:980)
> > at
> >
> >
> app.ldap.server.AuthenticationInterceptor2.modify(AuthenticationInterceptor2.java:168)
> >  at
> >
> >
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:577)
> > at
> >
> >
> org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:223)
> >  at
> >
> >
> org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
> > at
> >
> >
> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:914)
> >  at
> >
> >
> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:897)
> > at
> >
> >
> org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:56)
> >  at
> >
> >
> org.apache.directory.server.ldap.handlers.request.ModifyRequestHandler.handle(ModifyRequestHandler.java:39)
> > at
> >
> >
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
> >  at
> >
> >
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> > at
> >
> >
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> >  at
> >
> >
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> >  at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> > at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> >  at
> >
> >
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> > at
> >
> org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> >  at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> > at
> >
> >
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> >  at
> >
> >
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> > at java.lang.Thread.run(Thread.java:722)
> > 2013.04.24 14:23:56,449 DEBUG [pool-4-thread-2]
> > org.apache.mina.core.filterchain.IoFilterEvent [] - Event
> MESSAGE_RECEIVED
> > has been fired for session 1
> > 2013.04.24 14:23:56,449 DEBUG [NioProcessor-2]
> > org.apache.directory.server.ldap.handlers.LdapResponseHandler [] -
> Message
> > sent : MessageType : MODIFY_RESPONSE
> >
> >
> > I don't know if this helps, but here's some extra info:
> >
> > Entry
> >     dn[n]: uid=00000005,dc=company1,dc=com
> >     objectclass: top
> >     objectclass: extensibleObject
> >     objectclass: InetOrgPerson
> >     objectclass: organizationalPerson
> >     objectclass: person
> >     objectclass: pwdPolicy
> >     pwdHistory: '0x32 0x30 0x31 0x33 0x30 0x34 0x32 0x34 0x31 0x32 0x32
> > 0x33 0x32 0x39 0x2E 0x38 ...'
> >     pwdAllowUserChange: true
> >     uid: 00000005
> >     pwdPolicySubEntry:
> >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> >     pwdReset: TRUE
> >     userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 '
> >     entryParentId: ccde56b4-aa2e-4738-af71-f15648d5e563
> >     distinguishedName: uid=00000005,dc=company1,dc=com
> >     pwdChangedTime: 20130410111201.584Z
> >     pwdAttribute: userPassword
> >     givenName: Michael
> >     c: DE
> >     cn: Michael Jackson
> >     sn: Jackson
> >     l: mjackson
> >     mail: mjackson@company1.de
> >     entryuuid: f679c2bb-e2f4-4987-8533-4d0b8407e876
> >     o: Test Company
> >     entryDN: uid=00000005,dc=company1,dc=com
> >     modifyTimestamp: 20130424122329.889Z
> >     entryCSN: 20130424122329.889000Z#000000#000#000000
> >     displayName: Michael Jackson
> >     modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> >
> >
> > dn:
> >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> > objectClass: top
> > objectClass: ads-base
> > objectClass: ads-passwordPolicy
> > ads-pwdId: default
> > ads-pwdSafeModify: FALSE
> > ads-pwdMaxAge: 0
> > ads-pwdFailureCountInterval: 30
> > ads-pwdAttribute: userPassword
> > ads-pwdMaxFailure: 5
> > ads-pwdLockout: TRUE
> > ads-pwdMustChange: FALSE
> > ads-pwdLockoutDuration: 0
> > ads-pwdMinLength: 5
> > ads-pwdInHistory: 5
> > ads-pwdExpireWarning: 0
> > ads-pwdMinAge: 0
> > ads-pwdAllowUserChange: TRUE
> > ads-pwdGraceAuthNLimit: 0
> > ads-pwdCheckQuality: 2
> > ads-pwdMaxLength: 0
> > ads-pwdGraceExpire: 0
> > ads-pwdMinDelay: 0
> > ads-pwdMaxDelay: 0
> > ads-pwdMaxIdle: 0
> > ads-enabled: TRUE
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message