/** * If the PP config request it, the old password must be supplied in the modifications. Check that it * is present. */ private void checkOldPwdRequired( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( policyConfig.isPwdSafeModify() && !pwdModDetails.isDelete() && pwdModDetails.isAddOrReplace() ) { String msg = "trying to update password attribute without the supplying the old password"; LOG.debug( msg ); if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.MUST_SUPPLY_OLD_PASSWORD ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException( msg ); } }
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY ); modifyContext.addResponseControl( responseControl );
/** * Check if the password has to be changed, but can't. */ private void checkPwdMustChange( ModifyOperationContext modifyContext, CoreSession userSession, PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( userSession.isPwdMustChange() && !pwdModDetails.isDelete() && pwdModDetails.isOtherModExists() ) { if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException( "Password should be reset before making any changes to this entry" ); } }
/** * check that if the password modification is allowed by the PP config, or if the session is * the admin. */ private void checkChangePwdAllowed( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, boolean isPPolicyReqCtrlPresent ) throws LdapNoPermissionException { if ( !policyConfig.isPwdAllowUserChange() && !modifyContext.getSession().isAnAdministrator() ) { if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator responseControl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_MOD_NOT_ALLOWED ); modifyContext.addResponseControl( responseControl ); } throw new LdapNoPermissionException(); } }
responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG ); modifyContext.addResponseControl( responseControl ); responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) ); modifyContext.addResponseControl( responseControl );