[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#3946) PPolicy Overlay - Problem with password reset



Just one more post, with a minor correction from previous:

Steps to create problem:

1. password policy overlay is enabled
2. start client program - secClient
  - Client program is written in Java and uses Netscape Java Programming API to perform LDAP operations.
3. Administrator resets user "testUser" password.  
  - secClient opens LDAP connections with rootdn creds
  - secClient modifies userPassword attribute on user testUser
  - secClient modifies pwdReset attribute, sets to "TRUE"
  - secClient closes connection
4. User "testUser" binds to directory
  - secClient opens connection, binds as testUser, closes connection
5. Any subsequent client connection to LDAP by any user, on any operation creates this error:
  error result (50); Operations are restricted to bind/unbind/abandon/StartTLS/modify password; Insufficient access
  within the same running client process

Observations:
  
1. Through experimentation, it has been determined that stopping and starting the client program will clear up this condition.

Speculation:

Even after bug fix, there is retained inside ldap connection stale data left from restricted user in previous ldap connection.  This data is retained even after ldap connection is closed, placed back into ldap pool, and opened by different user in subsequent operation.