Hi guys, I'm currently reviewing Lucas' patches, which sounds good so far. But...
I'm a bit annoyed by the existing code, and I think we have been sloppy for years. This is an accumulation of use cases, piling into the code as we found new things to check. The modify() operation is more than 300 lines long, for instance, and it's hard to know what is being checked. Also I found that the fix I applied to allow another Attribute to be used instead of userPassword is not good enough : see https://issues.apache.org/jira/browse/DIRSERVER-2085 for a clear description of what I have missed. Bottom line, this interceptor requires some love. This is one critical part of the security system, we should review it. I'm currently 'fragmenting' the modify operation so that we don't have anymore a monolitic method, but many smaller ones, easier to grasp. Thanks !
