[
https://issues.apache.org/jira/browse/DIRSERVER-1676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910332#comment-13910332
]
Carlo Accorsi commented on DIRSERVER-1676:
------------------------------------------
Hi, when I created this JIRA, the password policy code was not totally
functional.
Using 2.0.0-M16, we have the ability to capture all login failure scenarios. I
don't need anything fixed here. Thanks!
We add a password policy control to the bind request.
Then we check the the PasswordPolicyResponse and from there we can handle the
different failure cases by comparing the responses to the
PasswordPolicyErrorEnum.
Map<String,Control> mapControls = bindResponse.getControls();
....
Control ctrl = mapControls.get(PasswordPolicy.OID);
.....
PasswordPolicyResponse pw = null;
PasswordPolicy pwPolicy =
((PasswordPolicyDecorator)ctrl).getDecorated();
if (pwPolicy.hasResponse())
pw = pwPolicy.getResponse();
// process response codes to capture and raise errors. one
example method is below
}
/**Determine if user account is locked from PasswordPolicyResponse
code.
* @param ctrl The PasswordPolicyResponse object containing the
response code
* @return true when account is locked, false otherwise.
*/
public boolean isAccountLocked(PasswordPolicyResponse ctrl)
{
if (PasswordPolicyErrorEnum.ACCOUNT_LOCKED ==
ctrl.getPasswordPolicyError())
{
return true;
}
return false;
}
> Provide a set of error codes along with an AuthenticationException to
> indicate its root cause.
> ----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-1676
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1676
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: core
> Affects Versions: 2.0.0-M4
> Environment: 64bit Windows, using 32 bit jvm to support wrapper.dll
> Reporter: Carlo Accorsi
> Priority: Minor
> Labels: apacheds
> Fix For: 2.0.0-RC1
>
>
> There may be more cases to consider but when a user supplies an incorrect
> password or the account is locked,
> a javax.naming.AuthenticationException is thrown. Currently comparing the
> strings returned by ex.getMessage() is
> the only way to determine which event occurred.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=xyz,o=corp]
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
> permanently locked]
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)