Michael Dugan wrote:
Michael Ströder wrote:
I'm testing LDAP Password Modify Extended Operation (RFC 3062) with
OpenDS 1.0. I just sent the new password in the request, bound as
"cn=Directory Manager". Are there any restrictions?
I get the following error:
---------------------------- snip ----------------------------
Protocol error:
The password modify extended request cannot be processed because it
contained an invalid authorization ID that did not start with either
"dn:" or "u:". The provided authorization ID string was "cn=Fred
Feuerstein,ou=People,dc=opends,dc=stroeder,dc=local"
---------------------------- snip ----------------------------
Frankly I don't understand what it says. To me it sounds rather an
error message related to "Who Ami I? ext. op.".
Since "cn=Fred Feuerstein,ou=People,dc=opends,dc=stroeder,dc=local"
>
looks like a DN, you
probably need to prefix it with "dn:". For example,
"dn:cn=Fred Feuerstein,ou=People,dc=opends,dc=stroeder,dc=local"
if not it assumes it is not a DN and tries to use an identity mapper
to process the request.
Could you please point me to the part of RFC 3062 which talks about
adding a "dn:" prefix?
I only found:
------------------------------------------------------------------
PasswdModifyRequestValue ::= SEQUENCE {
userIdentity [0] OCTET STRING OPTIONAL
oldPasswd [1] OCTET STRING OPTIONAL
newPasswd [2] OCTET STRING OPTIONAL }
[..]
The userIdentity field, if present, SHALL contain an octet string
representation of the user associated with the request. This string
may or may not be an LDAPDN [RFC2253]. If no userIdentity field is
present, the request acts up upon the password of the user currently
associated with the LDAP session.
------------------------------------------------------------------
My understanding is that the server has to detect whether it's a valid
DN or not and act accordingly.
Ciao, Michael.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@opends.dev.java.net
For additional commands, e-mail: users-help@opends.dev.java.net