AuthenticationService.invalidateAuthenticationCaches( LdapDN principalDn ) calls:
authenticator.invalidateCache( getPrincipal().getJndiName() );
instead of (what I think it should do):
authenticator.invalidateCache( principalDn );
This results in original credentials remaining in the Authenticator cache, blocking a user to login again after changing the credentials.
I'm trying to upgrade our Jetspeed-2 codebase to use the new ApacheDS 1.0.0 but this is a blocker right now.
(NB: another one is that we still build with maven-1..., I can't find any docs how to embed ApacheDS using maven-1, or -2 for that matter)
When I modified the AuthenticationService the way I think it should, the problem is solved.