/** * Check if we have to add an operational attribute, or if the admin has injected one */ private boolean checkAddOperationalAttribute( boolean isAdmin, Entry entry, AttributeType attribute ) throws LdapException { if ( entry.containsAttribute( attribute ) ) { if ( !isAdmin ) { // Wrong ! String message = I18n.err( I18n.ERR_30, attribute ); LOG.error( message ); throw new LdapNoPermissionException( message ); } else { return true; } } else { return false; } }
/** * {@inheritDoc} */ @Override public boolean exists( Dn dn ) throws LdapException { try { Entry entry = lookup( dn, SchemaConstants.NO_ATTRIBUTE ); return entry != null; } catch ( LdapNoPermissionException lnpe ) { // Special case to deal with insufficient permissions LOG.info( lnpe.getMessage(), lnpe ); return false; } catch ( LdapException le ) { throw le; } }
LdapNoPermissionException ldapNoPermissionException = new LdapNoPermissionException( ldapResult.getDiagnosticMessage() ); ldapNoPermissionException.setResolvedDn( ldapResult.getMatchedDn() );
LdapNoPermissionException ldapNoPermissionException = new LdapNoPermissionException( ldapResult.getDiagnosticMessage() ); ldapNoPermissionException.setResolvedDn( ldapResult.getMatchedDn() );
/** * Check if the current operation has a valid PrincipalDN or not. * * @param operation the operation type * @throws Exception */ private void checkAuthenticated( OperationContext operation ) throws LdapException { if ( operation.getSession().isAnonymous() && !directoryService.isAllowAnonymousAccess() && !operation.getDn().isEmpty() ) { String msg = I18n.err( I18n.ERR_5, operation.getName() ); LOG.error( msg ); throw new LdapNoPermissionException( msg ); } }
LdapNoPermissionException ldapNoPermissionException = new LdapNoPermissionException( ldapResult.getDiagnosticMessage() ); ldapNoPermissionException.setResolvedDn( ldapResult.getMatchedDn() );
/** * If the PP config request it, the old password must be supplied in the modifications. Check that it * is present. */ private void checkOldPwdRequired( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( policyConfig.isPwdSafeModify() && !pwdModDetails.isDelete() && pwdModDetails.isAddOrReplace() ) { String msg = "trying to update password attribute without the supplying the old password"; LOG.debug( msg ); if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.MUST_SUPPLY_OLD_PASSWORD ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException( msg ); } }
throw new LdapNoPermissionException( I18n.err( I18n.ERR_228 ) );
/** * check that if the password modification is allowed by the PP config, or if the session is * the admin. */ private void checkChangePwdAllowed( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( !policyConfig.isPwdAllowUserChange() && !modifyContext.getSession().isAnAdministrator() ) { if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_MOD_NOT_ALLOWED ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException(); } }
/** * Check if the password has to be changed, but can't. */ private void checkPwdMustChange( ModifyOperationContext modifyContext, CoreSession userSession, PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( userSession.isPwdMustChange() && !pwdModDetails.isDelete() && pwdModDetails.isOtherModExists() ) { if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException( "Password should be reset before making any changes to this entry" ); } }
throw new LdapNoPermissionException( message ); throw new LdapNoPermissionException( message ); throw new LdapNoPermissionException( message ); throw new LdapNoPermissionException( message );
/** * checks to see if the user's password should be changed before performing any operations * other than bind, password update, unbind, abandon or StartTLS * * @param opContext the operation's context * @throws LdapException */ private void checkPwdReset( OperationContext opContext ) throws LdapException { if ( directoryService.isPwdPolicyEnabled() ) { CoreSession session = opContext.getSession(); if ( session.isPwdMustChange() ) { boolean isPPolicyReqCtrlPresent = opContext .hasRequestControl( PasswordPolicy.OID ); if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator pwdRespCtrl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); opContext.addResponseControl( pwdRespCtrl ); } throw new LdapNoPermissionException( "password needs to be reset before performing this operation" ); } } }
throw new LdapNoPermissionException( I18n.err( I18n.ERR_312 ) );