aoktox / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Case Sensitive Password requirements using AD #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Setup PWM to read from AD
2. Go to the change password screen.

What is the expected output? What do you see instead?
I expect that password requirements show as case-sensitive.

What version of the product are you using? On what operating system?
PWM Developer Build #1020 - AD 2003 - Sun's Java 1.6

Please provide any additional information below.
I have a system setup to AD, and it states that passwords are not case
sensitive. I can't figure out how to make them case-sensitive or at
least read the proper value for this. Filing as a bug per discussion group.

Original issue reported on code.google.com by ipaul...@gmail.com on 14 Mar 2011 at 2:28

GoogleCodeExporter commented 9 years ago

Original comment by jrivard on 15 Mar 2011 at 12:05

GoogleCodeExporter commented 9 years ago
I've examined the code, and if PWM is indeed pointed directly at an AD ldap 
server, its should default to password being case sensitive.

Is PWM actually pointing at an Active Directory ldap server? If so, when you 
visit the PWM admin status page, what does it show for "LDAP Vendor".  If 
indeed it shows AD, please set your logging level to TRACE and share a log from 
startup to a user changing password.

Original comment by jrivard on 16 Mar 2011 at 11:00

GoogleCodeExporter commented 9 years ago
I'm connecting via LDAPS on port 636 to AD and it does show as AD in the status 
page. I am currently utilizing promiscuous mode SSL for my testing. I will 
provide a TRACE log tomorrow.

Original comment by ipaul...@gmail.com on 17 Mar 2011 at 4:58

GoogleCodeExporter commented 9 years ago
Looking at status, the exact message is:
LDAP Vendor     MICROSOFT_ACTIVE_DIRECTORY

I've attached a trace with my AD name, IP addresses, and dn path modified.

Original comment by ipaul...@gmail.com on 17 Mar 2011 at 7:36

Attachments:

GoogleCodeExporter commented 9 years ago
FYI, The following NullPointerException seems to occur later, during Health 
Checks. Attaching in case it is helpful.

Original comment by ipaul...@gmail.com on 17 Mar 2011 at 7:44

Attachments:

GoogleCodeExporter commented 9 years ago
FYI, the same issue occurs if I change protocol from ldaps to ldap and remove 
promiscuous SSL mode.

Original comment by ipaul...@gmail.com on 17 Mar 2011 at 8:02

GoogleCodeExporter commented 9 years ago
Both issues (NPE & non-CaseSensitive w/AD) should be fixed as of svn revision 
122

Original comment by jrivard on 21 Mar 2011 at 3:55