[ 
https://issues.apache.org/jira/browse/DIRSERVER-1676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910332#comment-13910332
 ] 

Carlo Accorsi commented on DIRSERVER-1676:
------------------------------------------

Hi, when I created this JIRA, the password policy code was not totally 
functional. 

Using 2.0.0-M16, we have the ability to capture all login failure scenarios. I 
don't need anything fixed here. Thanks!

We add a password policy control to the bind request. 
Then we check the the PasswordPolicyResponse and from there we can handle the 
different failure cases by comparing the responses to the 
PasswordPolicyErrorEnum. 

       Map<String,Control> mapControls =  bindResponse.getControls();
        ....
        Control ctrl = mapControls.get(PasswordPolicy.OID);
        .....
        PasswordPolicyResponse pw = null;
        PasswordPolicy pwPolicy = 
((PasswordPolicyDecorator)ctrl).getDecorated();
        if (pwPolicy.hasResponse())
                pw = pwPolicy.getResponse();
                // process response codes to capture and raise errors. one 
example method is below
        }

        /**Determine if user account is locked from PasswordPolicyResponse 
code. 
         * @param ctrl The PasswordPolicyResponse object containing the 
response code
         * @return true when account is locked, false otherwise.
         */
        public boolean isAccountLocked(PasswordPolicyResponse ctrl)
        {
                if (PasswordPolicyErrorEnum.ACCOUNT_LOCKED == 
ctrl.getPasswordPolicyError())
                {
                        return true;
                }
                return false;
        }

> Provide a set of error codes along with an AuthenticationException to 
> indicate its root cause.
> ----------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1676
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1676
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 2.0.0-M4
>         Environment: 64bit Windows, using 32 bit jvm to support wrapper.dll
>            Reporter: Carlo Accorsi
>            Priority: Minor
>              Labels: apacheds
>             Fix For: 2.0.0-RC1
>
>
> There may be more cases to consider but when a user supplies an incorrect 
> password or the account is locked, 
> a javax.naming.AuthenticationException is thrown. Currently comparing the 
> strings returned by ex.getMessage() is 
> the only way to determine which event occurred. 
>  [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229  Cannot 
> authenticate user uid=xyz,o=corp]
>  [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was 
> permanently locked]



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to