Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.1
    • Fix Version/s: 2.0.0-M12
    • Component/s: None
    • Labels:
      None
    • Environment:
      apacheds-server-1.5.1-x86_64.rpm on RHEL5

      Description

      1. ldappasswd -a foobar -x -D 'uid=admin,ou=system'
        ldap_bind: Invalid credentials (49)
        additional info: Bind failed: null

      and the logfile says:
      INFO | jvm 1 | 2008/03/05 14:44:43 | [14:44:43] INFO [org.apache.directory.server.core.authn.SimpleAuthenticator] - Password not correct for user 'uid=admin,ou=system'
      INFO | jvm 1 | 2008/03/05 14:44:43 | [14:44:43] INFO [org.apache.directory.server.core.authn.AuthenticationService] - Authenticator class org.apache.directory.server.core.authn.SimpleAuthenticator failed to authenticate uid=admin,ou=system
      INFO | jvm 1 | 2008/03/05 14:44:43 | [14:44:43] INFO [org.apache.directory.server.core.authn.AuthenticationService] - Cannot bind to the server

      but the password is correct, using it with e.g. ldapsearch or ApacheDirectoryStudio works.

      The same problem occurs with a test-user, it's not specific to uid=admin

      Emmanuel Lécharny said in a mail to users@directory.apache.org:
      > The ldappasswd is using an extended request, described by RFC 3062.
      > I think we support this RFC, but it may be buggy

        Activity

        Hide
        Emmanuel Lecharny added a comment -

        Fixed in trunk

        Show
        Emmanuel Lecharny added a comment - Fixed in trunk
        Hide
        Emmanuel Lecharny added a comment -

        The pwdModify extended operation has been added to the server. The ldappasswd operation should now work (to be checked)

        Show
        Emmanuel Lecharny added a comment - The pwdModify extended operation has been added to the server. The ldappasswd operation should now work (to be checked)
        Hide
        Kiran Ayyagari added a comment -

        Moving to 2.0,0-RC2

        Show
        Kiran Ayyagari added a comment - Moving to 2.0,0-RC2
        Hide
        Emmanuel Lecharny added a comment -

        Moved back to 2.0.0-RC1

        Show
        Emmanuel Lecharny added a comment - Moved back to 2.0.0-RC1
        Hide
        Emmanuel Lecharny added a comment -

        RFC 3062 will be implemented in 2.0. No time to include it in 1.5.2.

        Show
        Emmanuel Lecharny added a comment - RFC 3062 will be implemented in 2.0. No time to include it in 1.5.2.
        Hide
        Emmanuel Lecharny added a comment -

        Testing the default server (default configuration), and trying to change the password using ldappasswd, here is what I get :

        $ ldappasswd -x -D 'uid=admin,ou=system' -h localhost -p 10389 -s test -w secret
        Result: Protocol error (2)
        Additional info: Unrecognized extended operation EXTENSION_OID: 1.3.6.1.4.1.4203.1.11.1

        This is pretty clear we don't support this extended request.

        We do have some changepw layer, directly connected to the kerberos stack, but it's a different beast.

        We have to dig this issue, I think this is on our roadmap, or if it's not, it might be added.

        This is described in RFC 3062.

        Show
        Emmanuel Lecharny added a comment - Testing the default server (default configuration), and trying to change the password using ldappasswd, here is what I get : $ ldappasswd -x -D 'uid=admin,ou=system' -h localhost -p 10389 -s test -w secret Result: Protocol error (2) Additional info: Unrecognized extended operation EXTENSION_OID: 1.3.6.1.4.1.4203.1.11.1 This is pretty clear we don't support this extended request. We do have some changepw layer, directly connected to the kerberos stack, but it's a different beast. We have to dig this issue, I think this is on our roadmap, or if it's not, it might be added. This is described in RFC 3062.

          People

          • Assignee:
            Unassigned
            Reporter:
            Martin Schuster
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development