I'm trying to extract a reason why a certain password is denied, using UnboundID LDAPSDK and connecting to Red Hat Directory Server. However, after performing the following request:
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(userDN, currPassword, newPassword, new Control[]{new Control("1.3.6.1.4.1.42.2.27.8.5.1")});
passwordModifyExtendedRequest.setResponseTimeoutMillis(1000);
LDAPConnection ldapConnection = ldapManager.getLdapConnection();
PasswordModifyExtendedResult extendedResult = (PasswordModifyExtendedResult) ldapConnection.processExtendedOperation(passwordModifyExtendedRequest);
System.out.println(extendedResult);
I get this as a response (which is not descriptive enough):
PasswordModifyExtendedResult(resultCode=19 (constraint violation), messageID=2, diagnosticMessage='Failed to update password', responseControls={PasswordPolicyResponseControl(errorType='insufficient password quality', isCritical=false)})
However, when I change the password via Apache Directory Studio, it provides perfectly fine error message:
[LDAP: error code 19 - invalid password syntax - password must be at least 8 characters long]
Just for example, it returns the following when used on ApacheDS (which is fine as well):
[LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST Message ID : 15 Modify Request Object : 'cn=josef,ou=users,o=test' Modification[0] Operation : replace Modification userPassword: 0x70 0x65 0x70 0x61 org.apache.directory.api.ldap.model.message.ModifyRequestImpl@196d9db6: Password should have a minimum of 5 characters]
The question is, is there a way to get the information that Apache Directory Studio manages to get? I've tried searching through their codebase, but was unable to find it.
In other words, I need to get the "password must be at least 8 characters long" in the response somehow.
Found a solution, using a regular
ModifyRequest
as follows:This results in the following exception: