By: Akshat Agarwal user 29 Jun 2023 at 11:26 p.m. CDT

3 Responses
Akshat Agarwal gravatar
When I change the user status from "active" to "inactive" or vice versa the previously used password becomes invalid. In the ldap container we can clearly see that after changing the status the userPassword ssha value gets reset. ``` / # /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -w secret -b "ou=people,o=gluu" "(mail=abc@gmail.com dn: inum=b249f4d6-15ed-4303-a72e-992737f2276c,ou=people,o=gluu cn: abc displayName: abc givenName: abc gluuStatus: active inum: b249f4d6-15ed-4303-a72e-992737f2276c mail: abc@gmail.com objectClass: eduPerson objectClass: gluuCustomPerson objectClass: gluuPerson objectClass: top oxCreationTimestamp: 20230627083117.805Z oxTrustEmail:: ewogICJ2YWx1ZSIgOiAiYWtzaGF0YWdAdmVyc2EtbmV0d29ya3MuY29tIiwKICAiZGlzcGxheSIgOiBudWxsLAogICJ0eXBlIiA6IG51bGwsCiAgInByaW1hcnkiIDo sn: abc twoFactorStatus: false uid: abc updatedAt: 20230629050851.408Z userPassword: {SSHA512}FsCcrrYZ0Rl8Sf1bUV+N1xT4Hoth9pjNnNcQjfZw/TWLb5NtyRL67FTEMAf/dFcbBzNYgHlt6166F1vtvCo7j6SeDfpWCix6 / # /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -w secret -b "ou=people,o=gluu" "(mail=abc@gmail.com dn: inum=b249f4d6-15ed-4303-a72e-992737f2276c,ou=people,o=gluu cn: abc displayName: abc givenName: abc gluuStatus: inactive inum: b249f4d6-15ed-4303-a72e-992737f2276c mail: abc@gmail.com objectClass: eduPerson objectClass: gluuCustomPerson objectClass: gluuPerson objectClass: top oxCreationTimestamp: 20230627083117.805Z oxTrustEmail:: ewogICJ2YWx1ZSIgOiAiYWtzaGF0YWdAdmVyc2EtbmV0d29ya3MuY29tIiwKICAiZGlzcGxheSIgOiBudWxsLAogICJ0eXBlIiA6IG51bGwsCiAgInByaW1hcnkiIDo sn: abc twoFactorStatus: false uid: abc updatedAt: 20230629051751.306Z userPassword: {SSHA512}pNevN1BD0G+z8sJiYc+/4kpkm6RxnC+QzE7AT8DHVgYoG3puoglLuQxASIVNieV+iiMlmgqfPg6VLXBxKw9JJ+/TBX84uk0h ``` This issue have been opened before for older version of gluu. But i'm seeing same issue for 4.3.1. https://support.gluu.org/identity-management/7640/user-password-is-reset-after-any-change-request-from-scim/#at53612 https://github.com/GluuFederation/oxTrust/issues/1869

By Mohib Zico Account Admin 30 Jun 2023 at 12:48 a.m. CDT

Mohib Zico gravatar
Thanks for the report, Akshat! We will test it and push fixes if required.

By Akshat Agarwal user 30 Jun 2023 at 2:57 a.m. CDT

Akshat Agarwal gravatar
Also I would like to mention that the issue happens only when I update user from OxTrust UI and is working fine with scim api.

By Mohib Zico Account Admin 30 Jun 2023 at 10:26 a.m. CDT

Mohib Zico gravatar
Thanks, can you please open a github issue here? https://github.com/GluuFederation/oxTrust/issues Thanks!