[jira] [Comment Edited] (DIRAPI-387) More info on PasswordException

Sun, 26 Mar 2023 23:57:09 -0700 


    [ 
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17705201#comment-17705201
 ] 

Emmanuel Lécharny edited comment on DIRAPI-387 at 3/27/23 6:56 AM:
-------------------------------------------------------------------

Hi ! Sorry for the mate comment...

The way it works is that we store whatever the LDAP server returns in the 
Diagnostic message:


{code:java}

/**
 * The action used to set the LdapResult error message.
 *
 * <pre>
 *  LDAPResult ::= SEQUENCE {
 *     ...
 *     errorMessage LDAPString,
 *     ...
 * </pre>
 * @author <a href="mailto:[email protected]";>Apache Directory 
Project</a>
 */
public class StoreErrorMessage extends 
GrammarAction<LdapMessageContainer<Message>>
{
    /** The logger */
    private static final Logger LOG = LoggerFactory.getLogger( 
StoreErrorMessage.class );

    /**
     * Instantiates a new error message action.
     */
    public StoreErrorMessage()
    {
        super( "Store error message" );
    }


    /**
     * {@inheritDoc}
     */
    @Override
    public void action( LdapMessageContainer<Message> container )
    {
        // Get the Value and store it in the BindResponse
        TLV tlv = container.getCurrentTLV();
        String errorMessage;

        // We have to handle the special case of a 0 length error
        // message
        if ( tlv.getLength() == 0 )
        {
            errorMessage = "";
        }
        else
        {
            errorMessage = Strings.utf8ToString( tlv.getValue().getData() );
        }

        LdapResult ldapResult = container.getLdapResult();
        ldapResult.setDiagnosticMessage( errorMessage );

{code}


so we can't provide more than what the remote server gives...

The {{LdapException}} is just encapsulating the result and is thrown, it won't 
bring anything more.


was (Author: elecharny):
Hi ! Sorry for the mate comment...

The way it works is that we store whatever the LDAP server returns in the 
Diagnostic message:

```
/**
 * The action used to set the LdapResult error message.
 *
 * <pre>
 *  LDAPResult ::= SEQUENCE {
 *     ...
 *     errorMessage LDAPString,
 *     ...
 * </pre>
 * @author <a href="mailto:[email protected]";>Apache Directory 
Project</a>
 */
public class StoreErrorMessage extends 
GrammarAction<LdapMessageContainer<Message>>
{
    /** The logger */
    private static final Logger LOG = LoggerFactory.getLogger( 
StoreErrorMessage.class );

    /**
     * Instantiates a new error message action.
     */
    public StoreErrorMessage()
    {
        super( "Store error message" );
    }


    /**
     * {@inheritDoc}
     */
    @Override
    public void action( LdapMessageContainer<Message> container )
    {
        // Get the Value and store it in the BindResponse
        TLV tlv = container.getCurrentTLV();
        String errorMessage;

        // We have to handle the special case of a 0 length error
        // message
        if ( tlv.getLength() == 0 )
        {
            errorMessage = "";
        }
        else
        {
            errorMessage = Strings.utf8ToString( tlv.getValue().getData() );
        }

        LdapResult ldapResult = container.getLdapResult();
        ldapResult.setDiagnosticMessage( errorMessage );
```

so we can't provide more than what the remote server gives...

The ```LdapException``` is just encapsulating the result and is thrown, it 
won't bring anything more.

> More info on PasswordException
> ------------------------------
>
>                 Key: DIRAPI-387
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-387
>             Project: Directory Client API
>          Issue Type: Improvement
>            Reporter: Natan Abolafya
>            Priority: Minor
>         Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>  
> {code:java}
> Message ID : 7
>     BindResponse
>         Ldap Result
>             Result code : (INVALID_CREDENTIALS) invalidCredentials
>             Matched Dn : ''
>             Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: 
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>  
>  
> The information in Diagnostic message can be quite useful sometimes. In this 
> case, the "data 533" means the account is disabled which would be quite 
> useful information for diagnostics. I am attaching how the exception looks 
> like on debugger also.
>  
> Normal LdapExceptions have this information but not the PasswordException. It 
> would be really nice to add it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to