Bug 793535 (JBEPP-614)

Summary: Old password is cached when using LDAP
Product: [JBoss] JBoss Enterprise Portal Platform 5 Reporter: Martin Weiler <mweiler>
Component: PortalAssignee: Thomas Heute <theute>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.0.1.GACC: boleslaw.dawidowicz, epp-bugs
Target Milestone: ---   
Target Release: 5.0.2.GA, 5.1.0.ER04   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEPP-614
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
EPP 5.0.1 LDAP in r/w mode
Last Closed: 2010-11-11 11:14:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 793542, 793543    
Bug Blocks:    

Description Martin Weiler 2010-11-09 15:00:13 UTC 
Help Desk Ticket Reference: https://na7.salesforce.com/500A0000004TFsI
Workaround Description: disable connection pooling - com.sun.jndi.ldap.connect.pool=false
project_key: JBEPP

Use case: I created a user named testuser3 with password "testuser3" in EPP Classic portal. I can successfully login with the testuser3 username and password. Then, I change the user password from "testuser3" to "other". After that, I logout. When I login using user testuser3 and password "testuser3", I can still login. Also, when I login using the new password "other", I can login as well. 

The problem is gone after I restart the EPP, i.e. I can only login using the new password "other".
Comment 1 Scott Mumford 2010-11-10 01:03:09 UTC 
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Known Issue
Release Notes Text: Added: An issue has been reported about EPP caching recently changed passwords. After a user changes their password, both the old and new password will allow them to log into the portal. This situation persists until the portal is restarted.
Comment 2 boleslaw.dawidowicz 2010-11-11 10:56:07 UTC 
Workaround is to disable LDAP connection pooling. 

This is fixed in PLIDM 1.1.7.CR01 and the case can be closed once picketlink idm version is upgraded.
Comment 3 Thomas Heute 2010-11-11 11:13:39 UTC 
Link: Added: This issue is related to JBEPP-620
Comment 4 Thomas Heute 2010-11-11 11:14:28 UTC 
Release Notes Docs Status: Removed: Documented as Known Issue Added: Documented as Resolved Issue
Comment 5 boleslaw.dawidowicz 2010-11-11 11:16:16 UTC 
Link: Added: This issue depends JBEPP-621
Comment 6 Thomas Heute 2010-11-11 11:38:54 UTC 
Link: Added: This issue depends JBEPP-622