Thank you all for the clarification, very usefull. Just a question on the ApacheDS side. When I modify the password policy on Apache DS, not via code, I need to re-start the server for apply them? And the T0 for the password policy is the restarting time? Or is enough to save the configuration, and the To is the saving time? Regards, Pasquale
Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge. Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente. The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “ This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender -----Messaggio originale----- Da: Stefan Seelmann [mailto:[email protected]] Inviato: lunedì 10 aprile 2017 23:11 A: [email protected] Oggetto: Re: LDAPConnection seems not raise the LDAPException On 04/10/2017 02:25 PM, Emmanuel Lécharny wrote: > > > Le 10/04/2017 à 12:46, Maiorano Pasquale a écrit : >> Dear Sirs, >> I have the following problem: If I bind a user with a wrong password the >> method bind of the class LDAConnection does not raise any excpetion even if >> investigating in the “bindResp.getLdapResult().getDiagnosticMessage()” >> actually it returns the following string “Diagnostic message >> :INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user >> cn=Antonio Valentino,o=DEM.” >> Is it the correct behavior of the LDAPConnection bind method not returning >> any Exception? > > Yes. It was a design decision. Exception are for exceptional > conditions (like a timeout, or any other error that we can't control). > > When you have a success, or a failure, the BindResponse convey the > reason, and this is where you are going to have the best possible > explanation about the bind error. > > Grab the ldapResult, and check the error code, which should be SUCCESS. > > LdapResponse bindResponse = connection.bind( blah ); > > if ( bindResponse.getLdapResult().getResultCode() != > ResultCodeEnum.SUCCESS ) > { > // Deal with the error... > } But there are two different type of methods: LdapConnection.bind(String name, String credentials) - this throws e.g. LdapAuthenticationException if you provide the wrong password LdapConnection.bind(BindRequest bindRequest) - this only throws an exception if e.g. an I/O error occurs, otherwise returns a BindResponse object with LDAP response code etc. I think that's consistent with other LDAP operations: The methods that take a dedicated "Request" object and return a "Response" object don't throw an exception for LDAP results != "SUCCESS". The other simple methods throw an LdapOperationException if the LDAP operation was not successful. That's also described here (WIP): https://directory.apache.org/api/user-guide/2-basic-ldap-api-usage.html Kind Regards, Stefan
