Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6244

Password expiration time expires in warning interval instead of max-password-age

    Details

    • Type: Bug
    • Status: Done
    • Priority: Minor
    • Resolution: Not a defect
    • Affects Version/s: 6.5.1, 6.5.0, 6.0.0, 5.5.2, 5.5.1, 5.5.0, 7.0.0
    • Fix Version/s: Not applicable
    • Component/s: rest, tools
    • Labels:
      None
    • Epic Link:
    • Story Points:
      0.5
    • Support Ticket IDs:

      Description

      When password default policy - passwords-expiration-warning-interval and max-password-age is set via dsconfig, password expires in passwords-expiration-warning-interval instead of in max-password-age. As documentation says, max-password-age is expiration time: https://qa-backstage.forgerock.com/docs/ds/7/configref/#objects-password-policy-max-password-age

      Found on 7.0.0-SNAPSHOT, revision number: 054825e4d76bff67e031554f373ac7e40e9aa745

       

      Steps to reproduce:

      1. Setup new DJ instance
         ./setup \
              --instancePath pwd \
              --serverId Rowan_Sartin \
              --hostname localhost \
              --adminConnectorPort 4444 \
              --rootUserDn uid=admin \
              --rootUserPassword password \
              --ldapPort 1389 \
              --enableStartTls \
              --ldapsPort 1636 \
              --httpPort 8080 \
              --httpsPort 8443 \
              --sampleData 100 \
              --baseDn dc=example,dc=com
      2. Enable HTTP endpoint
        ./bin/dsconfig \
         set-http-endpoint-prop \
         --hostname localhost \
         --port 4444 \
         --bindDN "uid=admin" \
         --bindPassword password \
         --endpoint-name "/api" \
         --set enabled:true \
         --trustAll \
         --no-prompt 
      3. Add accountUsability in supported actions of http endpoint in /opendj/pwd/config/rest2ldap/endpoints/example-v1.json
        "supportedActions": [ "accountUsability", "modifyPassword", "resetPassword" ] 
      4. Set password expiration and warning time
        ./bin/dsconfig -h localhost -p 4444 \
        -D "uid=admin" \
        -w password \
        -X set-password-policy-prop \
        --policy-name "Default Password Policy" \
        --set "password-expiration-warning-interval:31 s" \
        --set "max-password-age:600 s" -n
        
      5. Use this curl to request account usability of user.0
        curl --request POST --user admin:password --header "Content-Type: application/json"  --data '{}' http://localhost:8080/api/users/user.0?_action=accountUsability 
      6. Reponse says {"isUsable":true,"passwordExpiresIn":31}
      7. Login with user to trigger counter
        curl --user user.0:password http://localhost:8080/api/users/user.0?_fields=userName

        or

        ​./bin/ldapsearch --port 1389 --baseDN dc=example,dc=com --bindDN "uid=user.0,ou=People,dc=example,dc=com" --bindPassword password  uid=user.0 cn
      8. Use curl command from step 7 - no warning message to change password appears in response. Also counter starts counting down
      9. Use ldapsearch command from step 7 - warning message to change password appears in response

      Expected results:

      1. Step 6 - passwordExpiresIn should be 600s (- some time until you manage to do the steps) instead of 31s
      2. Step 8 - warning message to change password should appear in response of curl as it appears in response of ldapsearch

      Current results:

      1. Step 6 - password expires in password-expiration-warning-interval instead of max-password-age
      2. Step 8 - no warning message appears in response of curl request

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                matthew Matthew Swift
                Reporter:
                petr.matej Petr Matej [X] (Inactive)
                Dev Assignee:
                Matthew Swift
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: