Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4992

Use proxy auth control with the password modify extended operation

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0, 5.5.0, 4.0.0, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.0.0, 2.6.4
    • Fix Version/s: 6.5.0
    • Component/s: core server
    • Labels:
    • Epic Link:
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      Currently it is not possible to use the password modify extended operation to bind as one user and change another user's password without it being considered a password reset.

      However it is possible to do this using the normal modify operation, as it supports the proxy auth control.

      For example this changes user.14's password but does not reset it:

      $ bin/ldapmodify -D "cn=Directory Manager" -w password -h localhost -p 1389 -Y "dn:uid=user.14,ou=people,dc=example,dc=com"
      dn: uid=user.14,ou=people,dc=example,dc=com
      changetype: modify
      replace: userpassword
      userpassword: secret

      The closest we can get with the extended operation causes a reset of user.14's password:

      $ bin/ldappasswordmodify  -D "cn=Directory Manager" -w password -h localhost -p 1389 -a "dn:uid=user.14,ou=people,dc=example,dc=com" -n secret

      It would be useful if the server's PasswordModifyExtendedOperation supported the proxyAuth control, perhaps with some constraints such as the proxy user having to be the same as the target entry.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ludo Ludovic Poitou
                Reporter:
                cjr Chris Ridd
                QA Assignee:
                Viktor Nawrath [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: