Results 1 to 7 of 7

Thread: LDAP Change Password OpenLDAP

  1. Oct 16th, 2008, 08:25 AM #1
    J Ball
    J Ball is offline Member
    Join Date
    Jul 2008
    Posts
    77

    Default LDAP Change Password OpenLDAP

    It seems that Spring Security is caching the login credentials, and I'm not sure how to prevent it. Here are the steps I take:

    1. login with user/pass
    2. change password to pass1
    3. logout
    4. login with user/pass (this shouldn't work but still does)
    5. logout
    6. logout with user/pass1 (this should work and does)

    Notice that now the user can login with the old and new password. If I redeploy my application, then it is corrected - the old password doesn't work and the new one does.

    I am using standalone ApacheDS for LDAP and Tomcat for my application.
  2. Oct 16th, 2008, 04:40 PM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    What version are you using? Do you have a cache configured?
  3. Oct 16th, 2008, 04:49 PM #3
    J Ball
    J Ball is offline Member
    Join Date
    Jul 2008
    Posts
    77

    Default

    Sorry, thought I had it here, but I am using Spring Security 2.0.4. I am new to OpenLDAP but have setup no cache for the database. Is there a cache on the Spring Security side? Is there a way to flush the cache after I make the following call. I can see that LDAP contains the new password.

    ModificationItem[] modificationItemArray = new ModificationItem[2];
    String newpassword = null;
    try {
    newpassword = getSHA1(newpw);
    } catch (NoSuchAlgorithmException e1) {
    // TODO Auto-generated catch block
    e1.printStackTrace();
    } catch (UnsupportedEncodingException e1) {
    // TODO Auto-generated catch block
    e1.printStackTrace();
    }
    Attribute userPasswordAttribute = new BasicAttribute(LDAP_USER_PASSWORD, newpassword);
    ModificationItem newPassword = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, userPasswordAttribute);
    modificationItemArray[0] = newPassword;

    Attribute userPasswordChangedAttribute = new BasicAttribute(LDAP_PASSWORD_CHANGE_DATE, format.format(convertToUtc(null).getTime()) + "Z");
    ModificationItem newPasswordChanged = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, userPasswordChangedAttribute);
    modificationItemArray[1] = newPasswordChanged;
    ldapTemplate.modifyAttributes(getDN(), modificationItemArray);
  4. Oct 16th, 2008, 07:52 PM #4
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    I would check debug your application (or check the logs) and check if the bind is being executed to authenticate against the directory. If so, and the password has changed, then it should fail. There is no caching option in 2.0.4 with bind authentication.
  5. Jan 8th, 2009, 12:32 PM #5
    irishfan99ko
    irishfan99ko is offline Junior Member
    Join Date
    Nov 2008
    Posts
    3

    Default

    I am having the exact same problem as described above using 2.0.4 and OpenDS. Were you able to track down what the problem was?
  6. Jan 8th, 2009, 12:33 PM #6
    J Ball
    J Ball is offline Member
    Join Date
    Jul 2008
    Posts
    77

    Default

    Sorry, but I was unable to fix this problem and have since moved on to another project.
  7. Jan 8th, 2009, 12:44 PM #7
    irishfan99ko
    irishfan99ko is offline Junior Member
    Join Date
    Nov 2008
    Posts
    3

    Default

    Thanks for getting back to me.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules