Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7034

Provide a means for returning structured advice for invalid passwords during LDAP ADD, MODIFY, and password modify operations


    • Type: New Feature
    • Status: Done
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: security
    • Labels:


      As a user who is in the process of setting a new password using a client application I would like the application to provide me with advice indicating why my new password does not satisfy their validation requirements. As a developer of this client application, I would like a way to determine whether a user provided password for a new or existing user satisfies DJ's password validation criteria: DJ should return the advice in the form of a structured response which can be rendered in the UI using the user's locale.

      One approach could be to provide "dry run" support for LDAP ADD, MODIFY and password modify operations, where password validation failures would trigger inclusion of an "advice" response control describing why the password does not satisfy the applicable policy. Another JIRA will address the "dry-run" capability: this JIRA will focus on the structured response.


      • another possibility is to use an extended operation. However, password policy selection for ADD operations may depend on properties of the added user, such as group membership
      • the mechanism must collect the results for all applicable validators rather than exposing them one at a time
      • the mechanism should at a minimum indicate the DNs of the failed validators. This may be sufficient to render the UI feedback.


          Issue Links



              • Assignee:
                michal.severin Michal Severin [X] (Inactive)
                matthew Matthew Swift
                Dev Assignee:
                Matthew Swift
                QA Assignee:
                Michal Severin [X] (Inactive)
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: