[ 
https://issues.apache.org/jira/browse/DIRSERVER-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kiran Ayyagari resolved DIRSERVER-1926.
---------------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.0-M16
         Assignee: Kiran Ayyagari

Thanks for the report, committed here http://svn.apache.org/r1549764

> Supply Entry to PasswordValidator instead of username
> -----------------------------------------------------
>
>                 Key: DIRSERVER-1926
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1926
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 2.0.0-M15, 2.0.0-M16
>            Reporter: lucas theisen
>            Assignee: Kiran Ayyagari
>            Priority: Critical
>              Labels: features, patch
>             Fix For: 2.0.0-M16
>
>         Attachments: AuthenticationInterceptor.patch, PasswordValidator2.java
>
>
> It is very common that PasswordValidation has a requirement to ensure a login 
> name is not part of the password.  It is also common to use a 2 phase 
> authentication in which an attribute of the user Entry is used to lookup the 
> DN and then bind against the dn.  Most commonly you see an email based 
> lookup.  Since @ is not allowed in a DN, you cannot use mail as the RDN.  So, 
> if you want to validate the the actual login name is not part of the password 
> you will need the entry (as it could be any attribute that is used for the 
> lookup).  My proposed solution will maintain backwards compatibility while 
> allowing for this new validation at the same time by adding 
> PasswordValidator2 which extends PasswordValidator adding a validate that 
> takes an Entry for the username, then in the AuthenticationInterceptor I 
> change the add and modify methods to supply Entry to the check method which 
> then check the type of PasswordValidator, and if type is PasswordValidator2, 
> then uses the validate with the Entry.  You will find patches attached.
> As a workaround I have to extend your AuthenticationInterceptor, override 
> add, modify, and check with 99% identical code which would be rather 
> unmaintainable as the project moves forward.  So hopefully you will choose to 
> integrate this into the core...



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to