[DIRSERVER-1932] Password policy pwdMinAge check should check for required reset - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0-M15, 2.0.0-M16
Fix Version/s: 2.0.0-M16
Component/s: core
Labels:
None

Description

According to the rfc (http://tools.ietf.org/html/draft-behera-ldap-password-policy-10#section-7.8):

7.8 Password Too Young Check
If the Section 7.2 check returned true then this check will return
false, to allow the password to be changed.
...

7.2 Password Must be Changed Now Check</b>
A status of true is returned to indicate that the password must be
changed if all of these conditions are met:
o The pwdMustChange attribute is set to TRUE.
o The pwdReset attribute is set to TRUE.
Otherwise a status of false is returned.

Therefore, if the admin sets the password, the user should be allowed
to change it even if pwdMinAge has not expired.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

DIRSERVER-1932.patch
12/Dec/13 21:43
6 kB
lucas theisen

Issue Links

is related to

DIRSERVER-2210 Password policy pwdMinAge check should check for required reset

Open

Activity

People

Assignee:: Kiran Ayyagari

Reporter:: lucas theisen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12/Dec/13 21:40

Updated:: 21/Sep/17 18:46

Resolved:: 14/Dec/13 07:34