Issue Details (XML | Word | Printable)

Key: SEC-960
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Luke Taylor
Reporter: Troy J. Kelley
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Spring Security

DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors

Created: 20/Aug/08 02:25 PM   Updated: 30/Sep/08 07:59 AM   Resolved: 05/Sep/08 08:51 AM
Component/s: LDAP
Affects Version/s: 2.0.3
Fix Version/s: 2.0.4

Time Tracking:
Not Specified

File Attachments: 1. Zip Archive mylyn-context.zip (1 kB)


 Description  « Hide
Please see the write-up here:

http://forum.springframework.org/showthread.php?t=53118

This prevents changepassword operations by binding as the user. Normally, binding as the admin to change the password will work, but certain LDAP directory servers (such as Novell eDirectory) have a policy that sets the user's account to expire after some small time period whenever an admin user changes a password. However, this side-effect is undesirable when it's actually the user changing the password.

 

Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Luke Taylor added a comment - 05/Sep/08 08:51 AM - edited
I was able to reproduce this by adding a space to the ou that the test users were stored under for LdapUserDetailsManagerTests. The issue is that the toUrl() adds the escaping to the spaces (which is the wrong type of encoding in this context). I've replaced the call with a toString() when setting up the principal for authentication.

Atlassian JIRA (v4.0#466) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for Spring Framework. Try JIRA - bug tracking software for your team.