Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1928

PasswordPolicy should be ignored from Admin session

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M15, 2.0.0-M16
    • Fix Version/s: 2.0.0-M16
    • Component/s: core-integ
    • Labels:
      None

      Description

      While not explicitly stated in either the RFC for password policy (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10), an authenticated session with admin privileges should avoid password policy checks. For example, a user might change his password and forget it soon thereafter. At which point he would contact an administrator and ask to have it reset again. If an ads-pwdMinAge is set longer than the elapsed time, even the administrator is unable to fix the problem (short of modifying the pwdChangedTime by hand before making the request). Other LDAP implementations like Active Directory do this, and operating systems like windows and unix do this... Would it not make sense to do the same here?

        Attachments

        1. DIRSERVER-1928.patch
          23 kB
          lucas theisen

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ltheisen@mitre.org lucas theisen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: