Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13480

Incorrect Credentials error for LDAP bind request in Multiple Passwords Sample

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: _Samples
    • Labels:
    • Environment:
      OpenIDM version "7.0.0-SNAPSHOT" (build: 20190624233449, revision: 1680624)
    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      2
    • Sprint:
      2019.11 - IDM

      Description

      IDM > Samples Guide

      IDM 7.0 - 13.4.  Demonstrating the Use of Multiple Accounts

      In Step 6 the ldapsearch is returning an error with Incorrect Credentials for 'jdoe' and 'ldapPassword' even though the password was set as per Step 3 with the successfull result.

      Set up passwords:

      curl \
       --header "X-OpenIDM-Username: openidm-admin" \
       --header "X-OpenIDM-Password: openidm-admin" \
       --header "Content-Type: application/json" \
       --request POST \
       --data '{
         "userName": "jdoe",
         "givenName": "John",
         "sn" : "Doe",
         "displayName" : "John Doe",
         "mail" : "john.doe@example.com",
         "password" : "Passw0rd",
         "ldapPassword" : "PPassw0rd",
         "ldap2Password" : "Passw00rd"
       }' \
       "http://localhost:8080/openidm/managed/user"
      

      Json output:

      {
        "_id": "193ce2a1-0c78-473f-84fe-c51d2abce689",
        "_rev": "000000009c565ed5",
        "userName": "jdoe",
        "givenName": "John",
        "sn": "Doe",
        "displayName": "John Doe",
        "mail": "john.doe@example.com",
        "ldapPassword": {
          "$crypto": {
            "value": {
              "algorithm": "SHA-256",
              "data": "oEf/5p/jbvKo5jGmDw0V0gwwdXJBcacR0Tt52hWrJJCB709rTnLnu8dJXCSaGFgK"
            },
            "type": "salted-hash"
          }
        },
        "ldap2Password": {
          "$crypto": {
            "type": "x-simple-encryption",
            "value": {
              "cipher": "AES/CBC/PKCS5Padding",
              "stableId": "openidm-sym-default",
              "salt": "XevmhuQK9Dh8DuQGdDn5pw==",
              "data": "6Pp50qF7d6N3P+pICz/ktg==",
              "keySize": 16,
              "purpose": "idm.password.encryption",
              "iv": "Zy0Hb0LAkzI91yK7c4sumw==",
              "mac": "xd4WFkRAdvND4ZL7uB2xgQ=="
            }
          }
        },
        "accountStatus": "active",
        "effectiveRoles": [],
        "effectiveAssignments": [],
        "roles": []
      }
      $ cd /path/to/opendj
      $ bin/ldapsearch \
      --hostname localhost \
      --port 1389 \
      --bindDN uid=jdoe,ou=People,dc=example,dc=com \
      --bindPassword PPassw0rd \
      --baseDN dc=example,dc=com \
      uid=jdoe
      

      Error message:

      The LDAP bind request failed: 49 (Invalid Credentials)
      

      Updating the 'ldapPassword' like shown in Step 7 doesn't work either, so Step 8 is returning the same error.

      Update password:

      curl \
       --header "X-OpenIDM-Username: openidm-admin" \
       --header "X-OpenIDM-Password: openidm-admin" \
       --header "Content-Type: application/json" \
       --request PATCH \
       --data '[ {
         "operation" : "replace",
         "field" : "ldapPassword",
         "value" : "TTestw0rd"
       } ]' \
       "http://localhost:8080/openidm/managed/user/193ce2a1-0c78-473f-84fe-c51d2abce689"
      

      Json output:

      {
        "_id": "193ce2a1-0c78-473f-84fe-c51d2abce689",
        "_rev": "00000000650286de",
        "userName": "jdoe",
        "givenName": "John",
        "sn": "Doe",
        "displayName": "John Doe",
        "mail": "john.doe@example.com",
        "ldapPassword": {
          "$crypto": {
            "value": {
              "algorithm": "SHA-256",
              "data": "/S85h6yhjgerGzwLedMqurzaFvEQQ7Sh62J7kiWOZvvKkH0JckP6SPcsqqYh9elb"
            },
            "type": "salted-hash"
          }
        },
        "ldap2Password": {
          "$crypto": {
            "type": "x-simple-encryption",
            "value": {
              "cipher": "AES/CBC/PKCS5Padding",
              "stableId": "openidm-sym-default",
              "salt": "Hk5m+66FCIOAlIWnMeoAeQ==",
              "data": "TA9QmM44Zxh+g3y93K21Vg==",
              "keySize": 16,
              "purpose": "idm.password.encryption",
              "iv": "hWW/4It/liQS5M4pMZrmbA==",
              "mac": "iL4NucDQaeH0uoa1kM2+hA=="
            }
          }
        },
        "accountStatus": "active",
        "effectiveRoles": [],
        "effectiveAssignments": [],
        "roles": []
      }
      

      Error again:

      $ cd /path/to/opendj
      $ bin/ldapsearch \
      --hostname localhost \
      --port 1389 \
      --bindDN uid=jdoe,ou=People,dc=example,dc=com \
      --bindPassword TTestw0rd \
      --baseDN dc=example,dc=com \
      uid=jdoe
      
      The LDAP bind request failed: 49 (Invalid Credentials)
      

       

        Attachments

          Activity

            People

            • Assignee:
              alin Alin Brici
              Reporter:
              son.nguyen Son Nguyen
              QA Assignee:
              Petr Bednar
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: