When OpenAM has a minimum password age established in OpenDJ with a Password Policy, the user will receive an Internal Server Error message in the XUI when they use Change Password instead of a message informing them their password cannot be changed due to the password policy.
Steps to reproduce:
- Create a password Policy in OpenDJ with min-password-age set.
- Run dsconfig command in OpenDJ bin
- Select 27 for Password Policy
- Select 3 to edit an existing password policy
- Select 1 for Default Password Policy
- Select 18 for min-password-age and change the value for the min-pasword-age
- Select f to finish and save the changes that have been made
- Login to the end user page.
- Select "Change Password".
- Change the User's password.
This will result in the user receiving an Internal User Error in the XUI even though the IdRepo logs show the following:
ERROR: An error occurred while trying to change password for identity: user.0
org.forgerock.opendj.ldap.ErrorResultException: Unwilling to Perform: The password cannot be changed because it has not been long enough since the last password change
at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:232)
at com.forgerock.opendj.ldap.AbstractLDAPFutureResultImpl.setResultOrError(AbstractLDAPFutureResultImpl.java:138)
at com.forgerock.opendj.ldap.LDAPClientFilter$1.modifyResult(LDAPClientFilter.java:326)
at com.forgerock.opendj.ldap.LDAPClientFilter$1.modifyResult(LDAPClientFilter.java:79)
at com.forgerock.opendj.ldap.LDAPReader.decodeModifyResult(LDAPReader.java:1055)
at com.forgerock.opendj.ldap.LDAPReader.decodeProtocolOp(LDAPReader.java:1143)
at com.forgerock.opendj.ldap.LDAPReader.decode(LDAPReader.java:166)
at com.forgerock.opendj.ldap.LDAPClientFilter.handleRead(LDAPClientFilter.java:499)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:291)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:209)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:137)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:115)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:550)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
at java.lang.Thread.run(Thread.java:745)
- is related to
-
OPENAM-6867 changePassword REST endpoint is not returning LDAP issues that are related to a user mistake.
-
- Resolved
-