Bug 793535 (JBEPP-614) - Old password is cached when using LDAP
Summary: Old password is cached when using LDAP
Keywords:
Status: CLOSED NEXTRELEASE
Alias: JBEPP-614
Product: JBoss Enterprise Portal Platform 5
Classification: JBoss
Component: Portal
Version: 5.0.1.GA
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 5.0.2.GA,5.1.0.ER04
Assignee: Thomas Heute
QA Contact:
URL: http://jira.jboss.org/jira/browse/JBE...
Whiteboard:
Depends On: JBEPP-621 JBEPP-622
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-09 15:00 UTC by Martin Weiler
Modified: 2012-02-28 16:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
EPP 5.0.1 LDAP in r/w mode
Last Closed: 2010-11-11 11:14:28 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 793541 0 high CLOSED Upgrade to PicketLink 1.1.7-CR01 2021-02-22 00:41:40 UTC
Red Hat Issue Tracker JBEPP-614 0 None Closed Old password is cached when using LDAP 2012-04-24 10:11:17 UTC

Internal Links: 793541

Description Martin Weiler 2010-11-09 15:00:13 UTC
Help Desk Ticket Reference: https://na7.salesforce.com/500A0000004TFsI
Workaround Description: disable connection pooling - com.sun.jndi.ldap.connect.pool=false
project_key: JBEPP

Use case: I created a user named testuser3 with password "testuser3" in EPP Classic portal. I can successfully login with the testuser3 username and password. Then, I change the user password from "testuser3" to "other". After that, I logout. When I login using user testuser3 and password "testuser3", I can still login. Also, when I login using the new password "other", I can login as well. 

The problem is gone after I restart the EPP, i.e. I can only login using the new password "other".

Comment 1 Scott Mumford 2010-11-10 01:03:09 UTC
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Known Issue
Release Notes Text: Added: An issue has been reported about EPP caching recently changed passwords. After a user changes their password, both the old and new password will allow them to log into the portal. This situation persists until the portal is restarted.



Comment 2 boleslaw.dawidowicz 2010-11-11 10:56:07 UTC
Workaround is to disable LDAP connection pooling. 

This is fixed in PLIDM 1.1.7.CR01 and the case can be closed once picketlink idm version is upgraded.

Comment 3 Thomas Heute 2010-11-11 11:13:39 UTC
Link: Added: This issue is related to JBEPP-620


Comment 4 Thomas Heute 2010-11-11 11:14:28 UTC
Release Notes Docs Status: Removed: Documented as Known Issue Added: Documented as Resolved Issue


Comment 5 boleslaw.dawidowicz 2010-11-11 11:16:16 UTC
Link: Added: This issue depends JBEPP-621


Comment 6 Thomas Heute 2010-11-11 11:38:54 UTC
Link: Added: This issue depends JBEPP-622



Note You need to log in before you can comment on or make changes to this bug.