Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1213

LDIFReader should reject LDIF that contains trailing space

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.6.0
    • Fix Version/s: None
    • Component/s: core server
    • Labels:
    • Support Ticket IDs:
    • Sprint:
      Sprint 23

      Description

      The customer needed to reset a lost Directory Manager password, so used the encode-password tool to construct a new value, and then edited it into config.ldif while the server was shut down. Unfortunately they included a trailing space after the hashed value, e.g.

      userPassword: {SSHA512}hb+26Gcu9ZNyK9Z8EHURMMzZVefK3HT7/7wWsEAvyjRlq0LNFeTHLG0SWXVA1nETBh5DCW+IHT8SObmD5Rk6rHK7V8OUXvrq  
      

      The trailing space prevents authentication from working - the server returns error 49 (invalid credentials).

      Although you shouldn't edit config.ldif by hand, resetting a lost manager password is a reasonable use case. Also, you can use ldapmodify to set/reset a pre-encoded userPassword value over protocol with a trailing space.

      It seems like it might be sensible to trim trailing whitespace on hashed passwords during comparisons to avoid this sort of hard to diagnose problem!

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              cjr Chris Ridd
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: