[jira] [Resolved] (DIRSERVER-2087) Not all policy state attributes get added to PWD_POLICY_STATE_ATTRIBUTE_TYPES

Fri, 07 Aug 2015 12:00:12 -0700 

     [ 
https://issues.apache.org/jira/browse/DIRSERVER-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lucas theisen resolved DIRSERVER-2087.
--------------------------------------
    Resolution: Fixed

> Not all policy state attributes get added to PWD_POLICY_STATE_ATTRIBUTE_TYPES
> -----------------------------------------------------------------------------
>
>                 Key: DIRSERVER-2087
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2087
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: lucas theisen
>            Priority: Critical
>
> Specifically, only:
> {code:java|title=org.apache.directory.server.core.authn.AuthenticationInterceptor.java}
>     /**
>      * Initialize the PasswordPolicy attributeTypes
>      * 
>      * @throws LdapException If the initialization failed
>      */
>     public void loadPwdPolicyStateAttributeTypes() throws LdapException
>     {
>         AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( 
> PWD_RESET_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );
>         AT_PWD_CHANGED_TIME = schemaManager.lookupAttributeTypeRegistry( 
> PWD_CHANGED_TIME_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_CHANGED_TIME );
>         AT_PWD_HISTORY = schemaManager.lookupAttributeTypeRegistry( 
> PWD_HISTORY_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_HISTORY );
>         AT_PWD_FAILURE_TIME = schemaManager.lookupAttributeTypeRegistry( 
> PWD_FAILURE_TIME_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_FAILURE_TIME );
>         AT_PWD_ACCOUNT_LOCKED_TIME = 
> schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_ACCOUNT_LOCKED_TIME );
>         AT_PWD_LAST_SUCCESS = schemaManager.lookupAttributeTypeRegistry( 
> PWD_LAST_SUCCESS_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_LAST_SUCCESS );
>         AT_PWD_GRACE_USE_TIME = schemaManager.lookupAttributeTypeRegistry( 
> PWD_GRACE_USE_TIME_AT );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );
>         PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( 
> schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT ) );
>     }
> {code}
> Leaving out {{pwdPolicySubentry, pwdStartTime, pwdEndTime, pwdLastSuccess}}.  
> This is important because the {{SchemaInterceptor}} prevents modification of 
> operational attributes that are _NOT_ in this list:
> {code:java|title=org.apache.directory.server.core.schema.SchemaInterceptor.java}
>                 else if( ( !attributeType.equals( MODIFIERS_NAME_AT )
>                     && ( !attributeType.equals( MODIFY_TIMESTAMP_AT ) )
>                     && ( !attributeType.equals( ENTRY_CSN_AT ) )
>                     && ( !PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains( 
> attributeType ) ) ) )
>                 {
>                     String msg = I18n.err( I18n.ERR_52, attributeType );
>                     LOG.error( msg );
>                     throw new LdapNoPermissionException( msg );
>                 }
> {code}
> As for {{pwdPolicySubentry, pwdLastSuccess}}, i'm not sure if they should be 
> allowed, but the other two, {{pwdStartTime, pwdEndTime}}, do need to be 
> modifiable.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to