search

grealish / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

NMAS error on Forgotten Password usage #352

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Configure PWM to read the password policy from eDir (Password Policy Source 
= LDAP) and allow user to recover forgotten password.
2. Login as user and set responses.
3. Try to recover forgotten password - answer to the Challenges
4. The Change Password form now opens
5. Clcik on auto generate new password

What is the expected output? 
After entering a new password that complies to the eDir password policy, the 
form should allow to save the new password.

What do you see instead?
Although the entered password does comply to the Password Policy (manula 
check), I get the following message:

"New password does not meet requirements. Please try using a different 
password."

Catalina.out throws an NMAS -1648 error:

2013-04-04 09:19:33, DEBUG, server.RestServerHelper, {4,Dhr Drs. S. Veldhuisen} 
REST WebService Request: POST request for: /pwm/public/rest/randompassword  
[127.0.0.1/localhost]
  pwmFormID='XOaL0jOvn3WONb6eLwYVFnnTPZFH4mnF13dd3e5e54aiqoirb'
2013-04-04 09:19:34, TRACE, util.Helper, externalJudgeMethod 
'password.pwm.PwmPasswordJudge' returned a value of 8
2013-04-04 09:19:34, TRACE, util.Helper, externalJudgeMethod 
'password.pwm.PwmPasswordJudge' returned a value of 49
2013-04-04 09:19:34, TRACE, util.RandomPasswordGenerator, {4,Dhr Drs. S. 
Veldhuisen} finished random password generation in 2ms after 2 tries. 
[127.0.0.1/localhost]
2013-04-04 09:19:34, TRACE, util.RandomPasswordGenerator, {4,Dhr Drs. S. 
Veldhuisen} real-time random password generator called (2ms) 
[127.0.0.1/localhost]
2013-04-04 09:19:35, DEBUG, server.RestServerHelper, {4,Dhr Drs. S. Veldhuisen} 
REST WebService Request: POST request for: /pwm/public/rest/checkpassword  
[127.0.0.1/localhost]
  pwmFormID='XOaL0jOvn3WONb6eLwYVFnnTPZFH4mnF13dd3e5e54aiqoirb'
2013-04-04 09:19:35, TRACE, pwm.SessionManager, {4,Dhr Drs. S. Veldhuisen} 
attempting to open new ldap connection for cn=x,ou=users,o=test 
[127.0.0.1/localhost]
2013-04-04 09:19:35, TRACE, util.Helper, creating new chai provider using 
config of ChaiConfiguration: locked=false settings: 
{chai.bind.URLs=ldaps://xxx.xxx.nl:636,, chai.bind.dn=cn=x,ou=users,o=test, 
chai.bind.password=**stripped**, chai.cache.enable=false, 
chai.cache.maximumSize=128, chai.cache.maximumAge=1000, 
chai.statistics.enable=true, chai.watchdog.enable=true, 
chai.watchdog.operationTimeout=60000, chai.watchdog.idleTimeout=24000, 
chai.watchdog.disableIfPwExpired=true, 
chai.connection.watchdog.frequency=60000, chai.connection.promiscuousSSL=false, 
chai.wireDebug.enable=false, chai.failover.enable=true, 
chai.failover.failBackTime=90000, chai.failover.connectRetries=4, 
chai.ldap.dereferenceAliases=never, chai.ldap.ldapTimeout=5000, 
chai.ldap.followReferrals=false, 
chai.provider.implementation=com.novell.ldapchai.provider.JNDIProviderImpl, 
chai.edirectory.enableNMAS=true, 
chai.provider.extendedOperation.failureCache=true, 
chai.provider.readonly=false, chai.vendor.default=, 
chai.provider.jndi.enablePool=true, chai.crsetting.caseInsensitive=true, 
chai.crsetting.allowDuplicateResponses=false, 
chai.crsetting.defaultFormatType=SHA1_SALT, 
chai.cr.chai.attributeName=pwmResponseSet, chai.cr.chai.recordId=0002, 
chai.cr.chai.saltCount=100000}
2013-04-04 09:19:35, TRACE, provider.JNDIProviderImpl, bind successful as 
cn=x,ou=users,o=test (148ms)
2013-04-04 09:19:35, TRACE, provider.ChaiProviderFactory, adding 
WatchdogWrapper to provider instance
2013-04-04 09:19:35, TRACE, provider.WatchdogWrapper, checking for user 
password expiration to adjust watchdog timeout
2013-04-04 09:19:35, TRACE, provider.ChaiProviderFactory, adding 
StatisticsWrapper to provider instance
2013-04-04 09:19:36, TRACE, util.PwmPasswordRuleValidator, calling chai 
directory password validation checker
2013-04-04 09:19:36, DEBUG, impl.AbstractChaiEntry, nmas response code returned 
from server while testing nmas password: -1648
2013-04-04 09:19:36, TRACE, util.PwmPasswordRuleValidator, 
ChaiPasswordPolicyException was thrown while validating password: 
com.novell.ldapchai.exception.ChaiPasswordPolicyException: nmas error -1648
2013-04-04 09:19:36, TRACE, util.Helper, externalJudgeMethod 
'password.pwm.PwmPasswordJudge' returned a value of 50
2013-04-04 09:19:36, TRACE, rest.RestCheckPasswordServer, {4,Dhr Drs. S. 
Veldhuisen} real-time password validator called for null [127.0.0.1/localhost]
  process time: 162ms
  passwordCheckInfo string: {"version":2,"strength":50,"match":"EMPTY","message":"New password does not meet requirements.  Please try using a different password.","passed":false,"errorCode":4038}

What version of the product are you using?
Daily build (data-pwm-version="1.7.0 (RC1)" data-pwm-build="1216")
Also tested this with PWM 1.6.4 (same behaviour)

On what operating system?
SLES 11 SP1

Please provide any additional information below.

Both eDirectory for Linux x86_64 v8.8 SP7 and eDirectory for Linux x86_64 v8.8 
SP6 are used as a LDAP directory.

Original issue reported on code.google.com by sebastia...@gmail.com on 4 Apr 2013 at 7:28

GoogleCodeExporter commented 9 years ago 
fixed in revision 545

Original comment by jrivard on 10 Apr 2013 at 2:38