[DIRAPI-348] NPE when Api decodes bind response from OpenDJ server 6.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.0.0.AM3
Fix Version/s: 2.1.1
Labels:
None

Docs Text:

Hide
https://docs.ldap.com/specs/draft-vchu-ldap-pwd-policy-00.txt - Chapter 10

10. Password Change After Reset

This policy forces the user to select a new password on first bind or
after password reset. After bind operation succeed with authentication, the server should check if the password change after reset policy is on
and this is the first time logon. If so, the server should send bin-
dResponse with the resultCode: LDAP_SUCCESS, and should include the password expired control in the controls field of the bindResponse mes-
sage:

    controlType: 2.16.840.1.113730.3.4.4,

    controlValue: an octet string: "0",

    criticality: false

After that, for any operation issued by the user other than modify pass-
word, bind, unbind, abandon, or search, the server should send the
response message with the resultCode: LDAP_UNWILLING_TO_PERFORM, and
should include the password expired control in the controls field of the
response message:

    controlType: 2.16.840.1.113730.3.4.4,

    controlValue: an octet string: "0",

    criticality: false

Show
https://docs.ldap.com/specs/draft-vchu-ldap-pwd-policy-00.txt - Chapter 10 10. Password Change After Reset This policy forces the user to select a new password on first bind or after password reset. After bind operation succeed with authentication, the server should check if the password change after reset policy is on and this is the first time logon. If so, the server should send bin- dResponse with the resultCode: LDAP_SUCCESS, and should include the password expired control in the controls field of the bindResponse mes- sage:     controlType: 2.16.840.1.113730.3.4.4,     controlValue: an octet string: "0",     criticality: false After that, for any operation issued by the user other than modify pass- word, bind, unbind, abandon, or search, the server should send the response message with the resultCode: LDAP_UNWILLING_TO_PERFORM, and should include the password expired control in the controls field of the response message:     controlType: 2.16.840.1.113730.3.4.4,     controlValue: an octet string: "0",     criticality: false

Description

User can use our application to reset the password, even if they do not know their old ones.

In the first step, the application resets the password and uses the temporary password for the bind request with the intention to change the password.

During the decoding of the response, there is a control sent back, for which there is no factory defined, and a NullPointerException is thrown.

This is the control in question:

controlType: 2.16.840.1.113730.3.4.4, controlValue: an octet string: "0", criticality: false

Attached is the stacktrace, and implementation ideas for a new control

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ApacheLdapConnectionPool.java
08/Jul/19 10:19
5 kB
Jan Zelmer
PasswordExpiredResponse.java
26/Jun/19 12:56
0.2 kB
Jan Zelmer
PasswordExpiredResponseFactory.java
26/Jun/19 12:56
1 kB
Jan Zelmer
PasswordExpiredResponseImpl.java
26/Jun/19 12:56
0.7 kB
Jan Zelmer
stacktrace.txt
26/Jun/19 12:56
4 kB
Jan Zelmer
stacktrace-illegal-pool.txt
08/Jul/19 10:17
7 kB
Jan Zelmer

Activity

People

Assignee:: Unassigned

Reporter:: Jan Zelmer

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Jun/19 12:57

Updated:: 27/Jul/22 22:02

Resolved:: 27/Jul/22 22:02