Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1213

LDIFReader should reject LDIF that contains trailing space

    Details

    • Support Ticket IDs:

      Description

      The customer needed to reset a lost Directory Manager password, so used the encode-password tool to construct a new value, and then edited it into config.ldif while the server was shut down. Unfortunately they included a trailing space after the hashed value, e.g.

      userPassword: {SSHA512}hb+26Gcu9ZNyK9Z8EHURMMzZVefK3HT7/7wWsEAvyjRlq0LNFeTHLG0SWXVA1nETBh5DCW+IHT8SObmD5Rk6rHK7V8OUXvrq  
      

      The trailing space prevents authentication from working - the server returns error 49 (invalid credentials).

      Although you shouldn't edit config.ldif by hand, resetting a lost manager password is a reasonable use case. Also, you can use ldapmodify to set/reset a pre-encoded userPassword value over protocol with a trailing space.

      It seems like it might be sensible to trim trailing whitespace on hashed passwords during comparisons to avoid this sort of hard to diagnose problem!

        Attachments

          Activity

            People

            • Assignee:
              matthew Matthew Swift
              Reporter:
              cjr Chris Ridd
              Dev Assignee:
              Matthew Swift
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: