Hy Community,
I've opened a PMR long time go (63 Days!) and still no final response, while it is easily reproducible. Maybe anybody here has a clue:
Supportanfragenummer
TS008687899
We found an issue with changing a user’s password in different ways leading to a different result while using the same input string. In the end we could trace it down to some German special characters. But also, other special characters seem to trigger that issue.
To see what’s happening we’d set up a lab environment wit LDAP storing the PW in plain text. As input string we used the following password in ALL cases: pwAGPVBO%456ÄÖÜäöüß
We have tried 4 different use cases:
1. Using WPM from Appliance
2. Using pdadmin from ssh terminal
3. Using mapping rule with UserHelper
4. Using our portal which results in a call to the pdadmin REST API
Setting it with WPM results in the same string stored at the LDAP userPassword Attribute. So case 1 seems fine. See result at pwmitumlauten-pdadmin-wpm.png.
Using pdadmin from ssh terminal ends up with a totally different String. That in fact would result in a not recoverable password and a user unable to log in. See pwmitumlauten-putty.png
For the mapping Rule with UserLookupHelper we also got a very strange and again different result, as you can find at pwmitumlauten-userlookuphelper.png. At this point we noticed that forcing the browser using ISO-8859 encoding solves the problem. As we can’t force users to do so this isn’t a way solving the issue. The code is as follows:
var user = helper.getUser(username);
if (user && !stringUtils.isNullOrEmpty(newPassword)) {
user.setPassword(newPassword);
}
For the REST API it looks like the PW will be stored correctly. The code is as follows:
commands = String.format("user modify %s account-valid yes", cn),
String.format("user modify %s password \"%s\"", cn, newPassword),
String.format("user modify %s password-valid no", cn);
JSONArray commandsArray = new JSONArray();
for (String command : commands) {
commandsArray.put(command);
}
return new JSONObject()
.put("admin_id", adminId)
.put("admin_pwd", adminPwd)
.put("admin_domain", adminDomain)
.put("commands", commandsArray)
.toString();
------------------------------
Jens Petersen
------------------------------