Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1726

DefaultPasswordValidator always throws PasswordPolicyException when consecutive non-letter chars are in RDN

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0-M6
    • 2.0.0-M8
    • None
    • None

    Description

      When adding an entry with a userPassword attribute and the entry RDN contains two non-letter characters in a row (such as cn=test1@tempuri.com) then a CONSTRAINT_VIOLATION error is always received with the message "Password shouldn't contain parts of the username" regardless of what password you enter.

      If you remove the "1" character or the "@" character then the entry will be created successfully

      Believe the issue is caused by the regex expressions used within org.apache.directory.server.core.authn.ppolicy.DefaultPasswordValidator, as the String array of tokens will contain an empty string when two non-letter chars are together ("1@" in this case).

      Full error message is:

      Error while creating entry

      • [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : ADD_REQUES
        javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : ADD_REQUEST
        Message ID : 240
        Add Request :
        Entry
        dn[n]: cn=test1@tempuri.com,o=unitTest
        objectClass: inetOrgPerson
        objectClass: organizationalPerson
        objectClass: person
        objectClass: top
        sn: Smith
        userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 0x31 '
        cn: test1@tempuri.com
        : Password shouldn't contain parts of the username]; remaining name 'cn=test1@tempuri.com,o=unitTest'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source)
        at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$4.run(JNDIConnectionWrapper.java:658)
        at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
        at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.checkConnectionAndRunAndMonitor(JNDIConnectionWrapper.java:1203)
        at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.createEntry(JNDIConnectionWrapper.java:704)
        at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.createEntry(CreateEntryRunnable.java:226)
        at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.run(CreateEntryRunnable.java:117)
        at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:113)
        at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)

      [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : ADD_REQUEST
      Message ID : 240
      Add Request :
      Entry
      dn[n]: cn=test1@tempuri.com,o=unitTest
      objectClass: inetOrgPerson
      objectClass: organizationalPerson
      objectClass: person
      objectClass: top
      sn: Smith
      userPassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 0x31 '
      cn: test1@tempuri.com
      : Password shouldn't contain parts of the username]

      Attachments

        Activity

          People

            Unassigned Unassigned
            lowds Richard Lowden
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: