[Anthill-pro] LDAP Authentication Realm - Updating username /
password
Ryan Smith
rws at urbancode.com
Mon Jul 21 09:37:00 CDT 2008
Peter,
You are correct, LDAP users should not be able to change their username
or their password. We do not store the LDAP passwords either. Thank you
for reporting this, we will file it an a issue and fix it.
Ryan Smith
Lanser, Peter wrote:
> Hi,
>
> we are managing our users in an LDAP Authentication Realm. I was surprised when I noticed that those users can update their username / password.
>
> So I tried to update my username and my password. Changing the password seems to be impossible. AHP always brings up the error message "The existing password did not match the supplied password." although I'm pretty sure the passwords did match.
>
> Changing the username works. But it's impossible to logon again. When using the updated username AHP states "Invalid login, please try again" - I expected that. When using the old user (LDAP lookup should return a valid result) AHP shows the following message (without stacktrace): IllegalStateException: com.urbancode.anthill3.domain.security.Role: Persistent IDs cannot be changed once set
>
> Does it make sense to allow LDAP users to update their username/password? Am I missing something?
>
> We are using AHP 3.5.3_14575.
>
> BTW: The administrator can resolve this conflict by editing the user's profile (System - Users - <Realm> - <Updated Username>).
>
> Regards,
> Peter
>
> _______________________________________________
> Anthill-pro mailing list
> Anthill-pro at lists.urbancode.com
> http://lists.urbancode.com/mailman/listinfo/anthill-pro
>
>
More information about the Anthill-pro
mailing list