/** * {@inheritDoc} */ @Override protected void setIntegerValue( int value, Asn1Container container ) { PasswordPolicyContainer ppolicyContainer = ( PasswordPolicyContainer ) container; PasswordPolicyErrorEnum error = PasswordPolicyErrorEnum.get( value ); ppolicyContainer.getPasswordPolicyResponseControl().getResponse().setPasswordPolicyError( error ); ppolicyContainer.setGrammarEndAllowed( true ); } }
/** * {@inheritDoc} */ @Override protected void setIntegerValue( int value, Asn1Container container ) { PasswordPolicyContainer ppolicyContainer = ( PasswordPolicyContainer ) container; PasswordPolicyErrorEnum error = PasswordPolicyErrorEnum.get( value ); ppolicyContainer.getPasswordPolicyResponseControl().getResponse().setPasswordPolicyError( error ); ppolicyContainer.setGrammarEndAllowed( true ); } }
/** * {@inheritDoc} */ @Override protected void setIntegerValue( int value, Asn1Container container ) { PasswordPolicyContainer ppolicyContainer = ( PasswordPolicyContainer ) container; PasswordPolicyErrorEnum error = PasswordPolicyErrorEnum.get( value ); ppolicyContainer.getPasswordPolicyResponseControl().getResponse().setPasswordPolicyError( error ); ppolicyContainer.setGrammarEndAllowed( true ); } }
/** * If the PP config request it, the old password must be supplied in the modifications. Check that it * is present. */ private void checkOldPwdRequired( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( policyConfig.isPwdSafeModify() && !pwdModDetails.isDelete() && pwdModDetails.isAddOrReplace() ) { String msg = "trying to update password attribute without the supplying the old password"; LOG.debug( msg ); if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.MUST_SUPPLY_OLD_PASSWORD ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException( msg ); } }
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY ); modifyContext.addResponseControl( responseControl );
/** * Check if the password has to be changed, but can't. */ private void checkPwdMustChange( ModifyOperationContext modifyContext, CoreSession userSession, PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( userSession.isPwdMustChange() && !pwdModDetails.isDelete() && pwdModDetails.isOtherModExists() ) { if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException( "Password should be reset before making any changes to this entry" ); } }
/** * check that if the password modification is allowed by the PP config, or if the session is * the admin. */ private void checkChangePwdAllowed( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( !policyConfig.isPwdAllowUserChange() && !modifyContext.getSession().isAnAdministrator() ) { if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_MOD_NOT_ALLOWED ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException(); } }
/** * checks to see if the user's password should be changed before performing any operations * other than bind, password update, unbind, abandon or StartTLS * * @param opContext the operation's context * @throws LdapException */ private void checkPwdReset( OperationContext opContext ) throws LdapException { if ( directoryService.isPwdPolicyEnabled() ) { CoreSession session = opContext.getSession(); if ( session.isPwdMustChange() ) { boolean isPPolicyReqCtrlPresent = opContext .hasRequestControl( PasswordPolicy.OID ); if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator pwdRespCtrl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); opContext.addResponseControl( pwdRespCtrl ); } throw new LdapNoPermissionException( "password needs to be reset before performing this operation" ); } } }
pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( ppe.getErrorCode() ) ); bindContext.addResponseControl( pwdRespCtrl ); mods.add( pwdAccountLockedMod ); pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.ACCOUNT_LOCKED ); pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); bindContext.getSession().setPwdMustChange( true );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG ); modifyContext.addResponseControl( responseControl ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) ); modifyContext.addResponseControl( responseControl );
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) ); addContext.addResponseControl( responseControl );