Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1183

Cannot reset userPassword through REST interface due to lack of privileges

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 3.0.0, 2.8.0, 2.6.1
    • Component/s: rest
    • Environment:
      Redhat, Open JDK 1.7
    • Support Ticket IDs:

      Description

      REST mapping for userPassword has been defined as:
      "userPassword" : { "simple" :

      { "ldapAttribute" : "userPassword", "isSingleValued" : true, "isRequired" : false }

      },

      Using REST to update userPassword Fails:

      Admin user is user.0
      Target of userPassword change is newuser:

      Command is:
      curl -k --request PATCH --user user.0:password --header "Content-Type: application/json" \
      --data '[

      { "operation": "replace", "field": "/userPassword", "value": "Passw0rd" }

      ]' \
      https://openam.example.com:38443/users/newuser?_prettyPrint=true

      Logged output:

      http:

      • 127.0.0.1 user.0 20/Oct/2013:18:42:20 +0200 PATCH /users/newuser?_prettyPrint=true HTTP/1.1 403 curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 2 16

      access:

      [20/Oct/2013:18:42:20 +0200] BIND REQ conn=2 op=1 msgID=1 version=3 type=SIMPLE dn="uid=user.0,ou=People,dc=example,dc=com"
      [20/Oct/2013:18:42:20 +0200] BIND RES conn=2 op=1 msgID=1 result=0 authDN="uid=user.0,ou=People,dc=example,dc=com" etime=3
      [20/Oct/2013:18:42:20 +0200] MODIFY REQ conn=2 op=2 msgID=2 dn="uid=newuser,ou=people,dc=example,dc=com"
      [20/Oct/2013:18:42:20 +0200] MODIFY RES conn=2 op=2 msgID=2 result=50 message="You do not have sufficient privileges to reset user passwords" etime=5

      Updating the userPassword with ldapmodify works OK (same admin user, same target)

      /opt/opendj/bin/ldapmodify -h localhost -p 389 -D "uid=user.0,ou=people,dc=example,dc=com" -w password -f p.ldif

      cat p.ldif:
      dn: uid=newuser,ou=people,dc=example,dc=com
      changetype: modify
      replace: userPassword
      userPasswrd: TheRaininSpain000

      [20/Oct/2013:18:53:56 +0200] BIND REQ conn=6 op=0 msgID=1 version=3 type=SIMPLE dn="uid=user.0,ou=people,dc=example,dc=com"
      [20/Oct/2013:18:53:56 +0200] BIND RES conn=6 op=0 msgID=1 result=0 authDN="uid=user.0,ou=People,dc=example,dc=com" etime=1
      [20/Oct/2013:18:53:56 +0200] MODIFY REQ conn=6 op=1 msgID=2 dn="uid=newuser,ou=people,dc=example,dc=com"
      [20/Oct/2013:18:53:56 +0200] MODIFY RES conn=6 op=1 msgID=2 result=0 etime=3

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ludo Ludovic Poitou
                Reporter:
                warren.strange@forgerock.com Warren Strange
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: