[jira] [Created] (DIRSERVER-2087) Not all policy state attributes get added to PWD_POLICY_STATE_ATTRIBUTE_TYPES

Fri, 07 Aug 2015 10:14:31 -0700 

lucas theisen created DIRSERVER-2087:
----------------------------------------

             Summary: Not all policy state attributes get added to 
PWD_POLICY_STATE_ATTRIBUTE_TYPES
                 Key: DIRSERVER-2087
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2087
             Project: Directory ApacheDS
          Issue Type: Bug
            Reporter: lucas theisen
            Priority: Critical


Specifically, only:
{code:java|title=org.apache.directory.server.core.authn.AuthenticationInterceptor.java}
    /**
     * Initialize the PasswordPolicy attributeTypes
     * 
     * @throws LdapException If the initialization failed
     */
    public void loadPwdPolicyStateAttributeTypes() throws LdapException
    {
        AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT 
);
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );

        AT_PWD_CHANGED_TIME = schemaManager.lookupAttributeTypeRegistry( 
PWD_CHANGED_TIME_AT );
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_CHANGED_TIME );

        AT_PWD_HISTORY = schemaManager.lookupAttributeTypeRegistry( 
PWD_HISTORY_AT );
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_HISTORY );

        AT_PWD_FAILURE_TIME = schemaManager.lookupAttributeTypeRegistry( 
PWD_FAILURE_TIME_AT );
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_FAILURE_TIME );

        AT_PWD_ACCOUNT_LOCKED_TIME = schemaManager.lookupAttributeTypeRegistry( 
PWD_ACCOUNT_LOCKED_TIME_AT );
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_ACCOUNT_LOCKED_TIME );

        AT_PWD_LAST_SUCCESS = schemaManager.lookupAttributeTypeRegistry( 
PWD_LAST_SUCCESS_AT );
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_LAST_SUCCESS );

        AT_PWD_GRACE_USE_TIME = schemaManager.lookupAttributeTypeRegistry( 
PWD_GRACE_USE_TIME_AT );
        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );

        PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( 
schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT ) );
    }
{code}

Leaving out {{pwdPolicySubentry, pwdStartTime, pwdEndTime, pwdLastSuccess}}.  

This is important because the {{SchemaInterceptor}} prevents modification of 
operational attributes that are _NOT_ in this list:

{code:java|title=org.apache.directory.server.core.schema.SchemaInterceptor.java}
                else if( ( !attributeType.equals( MODIFIERS_NAME_AT )
                    && ( !attributeType.equals( MODIFY_TIMESTAMP_AT ) )
                    && ( !attributeType.equals( ENTRY_CSN_AT ) )
                    && ( !PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains( 
attributeType ) ) ) )
                {
                    String msg = I18n.err( I18n.ERR_52, attributeType );
                    LOG.error( msg );
                    throw new LdapNoPermissionException( msg );
                }
{code}

As for {{pwdPolicySubentry, pwdLastSuccess}}, i'm not sure if they should be 
allowed, but the other two, {{pwdStartTime, pwdEndTime}}, do need to be 
modifiable.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to