Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1932

Password policy pwdMinAge check should check for required reset

Attach filesAttach ScreenshotWatch issueCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M15, 2.0.0-M16
    • Fix Version/s: 2.0.0-M16
    • Component/s: core
    • Labels:
      None

      Description

      According to the rfc (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.8):

      7.8 Password Too Young Check
      If the Section 7.2 check returned true then this check will return
      false, to allow the password to be changed.
      ...

      7.2 Password Must be Changed Now Check</b>
      A status of true is returned to indicate that the password must be
      changed if all of these conditions are met:
      o The pwdMustChange attribute is set to TRUE.
      o The pwdReset attribute is set to TRUE.
      Otherwise a status of false is returned.

      Therefore, if the admin sets the password, the user should be allowed
      to change it even if pwdMinAge has not expired.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              akiran Kiran Ayyagari
              Reporter:
              ltheisen@mitre.org lucas theisen

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment