793535 – (JBEPP-614) Old password is cached when using LDAP

Bug 793535 (JBEPP-614) - Old password is cached when using LDAP

Summary: Old password is cached when using LDAP

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	JBEPP-614
Product:	JBoss Enterprise Portal Platform 5
Classification:	JBoss
Component:	Portal
Sub Component:
Version:	5.0.1.GA
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	5.0.2.GA,5.1.0.ER04
Assignee:	Thomas Heute
QA Contact:
Docs Contact:
URL:	http://jira.jboss.org/jira/browse/JBE...
Whiteboard:
Depends On:	JBEPP-621 JBEPP-622
Blocks:
TreeView+	depends on / blocked

Reported:	2010-11-09 15:00 UTC by Martin Weiler
Modified:	2012-02-28 16:24 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:	EPP 5.0.1 LDAP in r/w mode
Last Closed:	2010-11-11 11:14:28 UTC
Type:	Bug

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	793541	0	high	CLOSED	Upgrade to PicketLink 1.1.7-CR01	2021-02-22 00:41:40 UTC
Red Hat Issue Tracker	JBEPP-614	0	None	Closed	Old password is cached when using LDAP	2012-04-24 10:11:17 UTC

Internal Links: 793541

Description Martin Weiler 2010-11-09 15:00:13 UTC

Help Desk Ticket Reference: https://na7.salesforce.com/500A0000004TFsI
Workaround Description: disable connection pooling - com.sun.jndi.ldap.connect.pool=false
project_key: JBEPP

Use case: I created a user named testuser3 with password "testuser3" in EPP Classic portal. I can successfully login with the testuser3 username and password. Then, I change the user password from "testuser3" to "other". After that, I logout. When I login using user testuser3 and password "testuser3", I can still login. Also, when I login using the new password "other", I can login as well. 

The problem is gone after I restart the EPP, i.e. I can only login using the new password "other".

Comment 1 Scott Mumford 2010-11-10 01:03:09 UTC

Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Known Issue
Release Notes Text: Added: An issue has been reported about EPP caching recently changed passwords. After a user changes their password, both the old and new password will allow them to log into the portal. This situation persists until the portal is restarted.

Comment 2 boleslaw.dawidowicz 2010-11-11 10:56:07 UTC

Workaround is to disable LDAP connection pooling. 

This is fixed in PLIDM 1.1.7.CR01 and the case can be closed once picketlink idm version is upgraded.

Comment 3 Thomas Heute 2010-11-11 11:13:39 UTC

Link: Added: This issue is related to JBEPP-620

Comment 4 Thomas Heute 2010-11-11 11:14:28 UTC

Release Notes Docs Status: Removed: Documented as Known Issue Added: Documented as Resolved Issue

Comment 5 boleslaw.dawidowicz 2010-11-11 11:16:16 UTC

Link: Added: This issue depends JBEPP-621

Comment 6 Thomas Heute 2010-11-11 11:38:54 UTC

Link: Added: This issue depends JBEPP-622

Note You need to log in before you can comment on or make changes to this bug.