Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9459

500 Internal Server Error from changePassword endpoint with AD repo

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2, 12.0.3
    • Fix Version/s: 6.0.1, 7.0.0, 6.5.3
    • Component/s: rest
    • Labels:
    • Environment:
      Active Directory user store
    • Rank:
      1|hzrtzb:
    • Support Ticket IDs:

      Description

      After applying a patch for OPENAM-6867, some issues persist when the backend user store is Active Directory.

      POST to http://openam.example.com:18080/openam/json/users/demo?_action=changePassword results in the following:

      1. If the new password provided is short (less than 8 characters) :

      {
      "code": 500,
      "reason": "Internal Server Error",
      "message": "Internal Server Error"
      }
      

      2. If the new password violates any other password policy constraints other than password length, e.g. password in history:

      {
      "code": 400,
      "reason": "Bad Request",
      "message": "0000052D: AtrErr: DSID-03190F80, #1:"
      } 

      The 500 error in the first instance is what OPENAM-6867 was meant to correct. It appears that AD may behave differently than DJ in this case and should be accounted for.

      In the second case, the result is expected, but the message is opaque. A more user friendly message is desired.

      The expectation is that the error messages returned will be fairly consistent for any LDAPv3 repository.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                neal.fisher Neal Fisher
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: