Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1
Replicated: 6.1.10, 6.1.x (Rev. 110292), Trunk (Rev. 110292)
1. Sign in as firstname.lastname@example.org
2. Set up LDAP server with import enabled
3. Make sure the LDAP password of imported users, email@example.com and firstname.lastname@example.org, is set as "root"
4. Sign into email@example.com using any word even the default password "test", make sure it's not the LDAP password "root"
5. LDAP Authentication error stack trace will show up in the logs, but the user will still be logged in.
6. User will also be prompted to reset their password, but "test" is set as the imported password. "Your new password cannot be the same as your old password. Please enter in a different password."
6. Sign into firstname.lastname@example.org using the LDAP password, "root"
7. User would be prompted to reset their password with no stack trace, but "test" is still set as the imported password, "Your new password cannot be the same as your old password. Please enter in a different password."
8. Even after signing in and the user has been imported with passwords reset, all passwords allow login. If signing in using the LDAP password, there is still no stack trace.
a. If import is not enabled, can only login using the LDAP password. After logging in, the imported password seems to be "test". Same message "Your new password cannot be the same as your old password. Please enter in a different password." when trying to reset password.
b. Have also tried setting "ldap.import.user.password.default=password"