directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Dobrinic <>
Subject ModifyPassword extended operation issue
Date Mon, 03 Oct 2016 11:09:28 GMT
Hi api,

When using Apache Directory API to send out a ModifyPassword request to
a non-Apache LDAP server, I stumbled upon an issue when processing the
response of the request.

The specification ( ;
RFC 3062 section 2.2), states

" Password Modify response is an ExtendedResponse where the responseName
field is absent and the response field is optional."

But PasswordModifyFactory#decorate() instead assumes there will always
be a response field.

I was able to override PasswordModifyFactory and implement a fix by
changing the decorate() method in the subclass, but I think it's
actually a bug in the library, so I'd like to propose to change it in
Apache Directory API instead.

The change in is minimal:

Line 133, from
        byte[] value = response.getResponseValue();

        ByteBuffer buffer = ByteBuffer.wrap( value );
        byte[] value = response.getResponseValue();

        if (value == null)
            value = new byte[0];

        ByteBuffer buffer = ByteBuffer.wrap(value);

and line 143, from

            pwdModifyResponse = container.getPwdModifyResponse();

            pwdModifyResponse = container.getPwdModifyResponse();

            if (pwdModifyResponse == null)
                pwdModifyResponse = new

This will allow empty response field values.

Can any of you experts take a look and confirm?



Mark Dobrinic
Software Engineer and Identity Specialist
Twobo Technologies AB

View raw message