Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-5115

ldappasswordmodify fails, NPE in PasswordPolicyState updatePasswordHistory

    Details

    • Epic Link:
    • Story Points:
      1
    • Support Ticket IDs:

      Description

      DS 5.5.0.

       

      • configure password policy:
      dn: cn=Default Password Policy,cn=Password Policies,cn=config
      ds-cfg-allow-pre-encoded-passwords: true
      ds-cfg-password-history-count: 12

       

      • set userpassword to a crypto block like this, taken from IDM:
        (this should not happen normally, as the password should be decrypted on IDM before sync-ing to DS)
      # bin/ldapmodify -p 55389 -D "cn=directory manager" -w password
      dn: uid=test.0,ou=People,dc=example,dc=com
      changetype: modify
      replace: userpassword
      userPassword: {"$crypto":{"type":"x-simple-encryption","value":{"cipher":"AES/CBC/PKCS5Padding","salt":"hArAKl5DtYU+fr5mzEC9/A==","data":"h7SoLyvVmY8CKEaKiEH+D5qODWqi7B8Y+Jwfk3g0HWUG3HeRzdkKEqw62BR8DuA1tiNN1lPTFbDVgsv6vWQhYd2FwoUmBFdXvWbqOd3XCfIVKvODagyBDVkOO+tw+r1jfJbUnREc43mjZRZG0fAMasGKI4uRYkfJ4NBn/CViqcDyGsvDAsO2sHEmKoHXOKhpexPRY1xyC02XFckYva8qHqFWmPGfKWFL7+DXfYJ9LV+0GlUECWbjVsrGWjM+RYjCxgA8pTteyNmStJs6OzAf6ynIjNYezwqgXV3hXs3GWVYcLm1SOVwuNN5eGOwtj1kxWH5c0gPfijrxct+/upx7cwtWQn1NpURWCL/ExM1Y8dub+sMi7gytEB9//e577jK8","iv":"Cpkk6M3XJ0y9iLVV8Gjysg==","key":"openidm-sym-default","mac":"Jkn1qVIsbeZi+Ifmsg2o+w=="}}}

       

      • ldappasswordmodify:
      # bin/ldappasswordmodify -p 55389 -D "cn=directory manager" -w password --authzID "uid=test.0,ou=People,dc=example,dc=com" --newPassword password

       

      • error log:
        [24/May/2018:14:09:41 +0800] category=CORE severity=ERROR msgID=108 msg=Worker Thread 0 encountered an uncaught exception while processing operation ExtendedOperation(connID=9, opID=1, oid=1.3.6.1.4.1.4203.1.11.1): NullPointerException (PasswordPolicyState.java:2143 PasswordModifyExtendedOperation.java:491 ExtendedOperationBasis.java:275 TraditionalWorkerThread.java:122)
        [24/May/2018:14:09:41 +0800] category=CORE severity=ERROR msgID=140 msg=An uncaught exception during processing for thread Worker Thread 0 has caused it to terminate abnormally. The stack trace for that exception is: UndeliverableException: org.forgerock.opendj.ldap.LdapException: Other: Worker Thread 0 encountered an uncaught exception while processing operation ExtendedOperation(connID=9, opID=1, oid=1.3.6.1.4.1.4203.1.11.1): NullPointerException (PasswordPolicyState.java:2143 PasswordModifyExtendedOperation.java:491 ExtendedOperationBasis.java:275 TraditionalWorkerThread.java:122) (RxJavaPlugins.java:349 FlowableCreate.java:133 ReactiveHandlersUtils.java:407 LdapClientConnection.java:351 TraditionalWorkerThread.java:141)

         

      To workaround:

      1. set password history count to 0.
      2. ldappasswordmodify should work now. Modify userpassword, removing that crypto block.
      3. set password history count back to desired value.

        Attachments

          Activity

            People

            • Assignee:
              JnRouvignac Jean-Noël Rouvignac
              Reporter:
              wei-yee.lum Wei-Yee Lum
              QA Assignee:
              Ondrej Fuchsik
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: