DEVHIDE
Login Or Sign up

In 389 DS if LDAP admin changes password then it replaces last password from history

533 Views Asked by At

Under 389 DS we have setup as password policy to save last 5 password in history, so that those can not be used.

We have java application under which password is changed as LDAP administrator. But when password is changed instead of adding new password in password history, it replaces old password with new password. This enables user to change password to the password used in past.

Eg.

  1. User sets password to abc, then history is {abc}.
  2. User changes password to efg, then history is { abc, efg }
  3. Administrator changes password to xyz, then history is expected to be {xyz, abc, efg} but it is {xyz, efg}.

private static void changePasswordAsAdmin(String userDn, String sNewPassword) throws Exception {
      System.out.println("Setting Password:" + sNewPassword);
      LDAPConnection connection = new LDAPConnection(new MySSLSocketFactory(), "Ldap host", 636, "adminCN", "adminPwd" );
      final List mods = new ArrayList();
      final Modification item = new Modification(ModificationType.REPLACE, "userPassword", sNewPassword);
      mods.add(item);
      final ModifyRequest request = new ModifyRequest(userDn, mods);
      try {
            LDAPResult result = connection.modify(request);
            System.out.println(result.getResultString());
        }
        catch(Exception e) {
            System.out.println(e.getMessage());
            throw e;
        }
    }


private static void changePasswordAsUser(String userDn, String oldPassword, String newPassword) throws Exception {
        System.out.println("Setting Password, old password: " + oldPassword + ", new password: " + newPassword); 
        LDAPConnection connection = new LDAPConnection(new MySSLSocketFactory(), "ldapHost", 636, "userDn", "oldPassword");
        final List mods = new ArrayList();
        final Modification item = new Modification(ModificationType.REPLACE, "userPassword", newPassword);
        mods.add(item);
        final ModifyRequest request = new ModifyRequest(userDn, mods);
        try {
            LDAPResult result = connection.modify(request);
            System.out.println(result.getResultString());
        }
        catch(Exception e) {
            System.out.println(e.getMessage());         
        }
    }
ldap password-policy
Original Q&A
1

There are 1 best solutions below

0
On

This is a known bug which should be fixed according to : https://pagure.io/389-ds-base/issue/48813

Try to update you version of 389DS

Related Questions in LDAP

Related Questions in PASSWORD-POLICY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.