Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7317

Revert password validation changes in ds-empty Docker image introduced when removing production mode


    • Type: Task
    • Status: Done
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: devops, security, setup
    • Labels:


      A side effect of the recent removal of production mode in favor of a more secure OOTB configuration for all profiles was that the default password policy validation rules became more strict. In particular, they now check new passwords against a dictionary of known common passwords.

      This change in behavior has exposed integration limitations in our downstream platform cloud services. At the moment the platform UI and IDM are responsible for validating new passwords before handing them off to DS. DS may reject the password, notably common passwords that are used during demos, and return a constrain violation error. Unfortunately, IDM and the platform UI do not handle these errors very gracefully which results in an unpleasant user experience and failed product demo.

      Suggested fix:

      Revert the password validation changes in the ds-empty Docker image used by our cloud services. This image already contains a couple of patches to revert the changes introduced in OPENDJ-5982.

      Long term fix:

      Password validation will become the responsibility of DS. The platform UI and IDM will use the recently added PasswordQualityAdviceRequestControl in order to consume validation results and render them in a user-friendly manner. See IAM-223.


          Issue Links



              • Assignee:
                matthew Matthew Swift
                matthew Matthew Swift
                Dev Assignee:
                Matthew Swift
              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created: