Unsubscribe On Fri, Aug 7, 2015 at 2:59 PM, lucas theisen (JIRA) <[email protected]> wrote:
> > [ > https://issues.apache.org/jira/browse/DIRSERVER-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > lucas theisen resolved DIRSERVER-2087. > -------------------------------------- > Resolution: Fixed > > > Not all policy state attributes get added to > PWD_POLICY_STATE_ATTRIBUTE_TYPES > > > ----------------------------------------------------------------------------- > > > > Key: DIRSERVER-2087 > > URL: > https://issues.apache.org/jira/browse/DIRSERVER-2087 > > Project: Directory ApacheDS > > Issue Type: Bug > > Reporter: lucas theisen > > Priority: Critical > > > > Specifically, only: > > > {code:java|title=org.apache.directory.server.core.authn.AuthenticationInterceptor.java} > > /** > > * Initialize the PasswordPolicy attributeTypes > > * > > * @throws LdapException If the initialization failed > > */ > > public void loadPwdPolicyStateAttributeTypes() throws LdapException > > { > > AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( > PWD_RESET_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET ); > > AT_PWD_CHANGED_TIME = schemaManager.lookupAttributeTypeRegistry( > PWD_CHANGED_TIME_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_CHANGED_TIME ); > > AT_PWD_HISTORY = schemaManager.lookupAttributeTypeRegistry( > PWD_HISTORY_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_HISTORY ); > > AT_PWD_FAILURE_TIME = schemaManager.lookupAttributeTypeRegistry( > PWD_FAILURE_TIME_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_FAILURE_TIME ); > > AT_PWD_ACCOUNT_LOCKED_TIME = > schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_ACCOUNT_LOCKED_TIME > ); > > AT_PWD_LAST_SUCCESS = schemaManager.lookupAttributeTypeRegistry( > PWD_LAST_SUCCESS_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_LAST_SUCCESS ); > > AT_PWD_GRACE_USE_TIME = > schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME ); > > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( > schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT ) ); > > } > > {code} > > Leaving out {{pwdPolicySubentry, pwdStartTime, pwdEndTime, > pwdLastSuccess}}. > > This is important because the {{SchemaInterceptor}} prevents > modification of operational attributes that are _NOT_ in this list: > > > {code:java|title=org.apache.directory.server.core.schema.SchemaInterceptor.java} > > else if( ( !attributeType.equals( MODIFIERS_NAME_AT ) > > && ( !attributeType.equals( MODIFY_TIMESTAMP_AT ) ) > > && ( !attributeType.equals( ENTRY_CSN_AT ) ) > > && ( !PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains( > attributeType ) ) ) ) > > { > > String msg = I18n.err( I18n.ERR_52, attributeType ); > > LOG.error( msg ); > > throw new LdapNoPermissionException( msg ); > > } > > {code} > > As for {{pwdPolicySubentry, pwdLastSuccess}}, i'm not sure if they > should be allowed, but the other two, {{pwdStartTime, pwdEndTime}}, do need > to be modifiable. > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) >
