[RESOLVED] Re: Migrate to 2.0 API - Help w/ PW Policy Control
> On Jun 23, 2021, at 11:26 PM, Emmanuel Lécharny wrote:
>
>
> On 23/06/2021 17:32, Shawn McKinney wrote:
>> Next up on migration tasks, howto process password policy control returned
>> from the server.
>> The 1.x way
>> [UserDAO](https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/impl/UserDAO.java):
>> ```
>> BindResponse bindResponse = bind( ld, userDn, user.getPassword() );
>> Control cont = bindResponse.getControls().get( (new
>> PasswordPolicyRequestImpl()).getOid() );
>
> better use PasswordPolicyRequest.OID
>
Done
>
>> if ( control == null ){ … }
>> PasswordPolicyResponse respCtrl = ((PasswordPolicyDecorator)control
>> ).getDecorated();
>> if (respCtrl.hasResponse()){
>> ...
>> if (respCtrl.getResponse().getTimeBeforeExpiration() > 0 ){
>> …
>> if (respCtrl.getResponse().getGraceAuthNRemaining() > 0 ){
>> …
>> ```
>> The 2.x way
>> [PasswordPolicyResponseTest](https://github.com/apache/directory-ldap-api/blob/master/ldap/extras/codec/src/test/java/org/apache/directory/api/ldap/extras/controls/ppolicy/PasswordPolicyResponseTest.java):
>> ```
>> PasswordPolicyResponseFactory factory = ( PasswordPolicyResponseFactory )
>> codec.getResponseControlFactories().
>> get( PasswordPolicyResponse.OID );
>> PasswordPolicyResponse passwordPolicyResponse = factory.newControl();
>> factory.decodeValue( passwordPolicyResponse, bb.array() );
>> assertEquals( 1, passwordPolicyResponse.getTimeBeforeExpiration() );
>> assertEquals( 1, passwordPolicyResponse.getPasswordPolicyError().getValue()
>> );
>> ```
>> Before we passed the bind response into the factory.
>
> In 2.0, you should be able to do something like :
>
>
> BindResponse bindResponse = connection.bind( bindRequest );
>
> PasswordPolicyResponse passwordPolicyResp = ( PasswordPolicyResponse )
> bindResponse.getControls().get( PasswordPolicyRequest.OID );
>
> then access the PasswordPolicyResponse fields directly:
>
> passwordPolicyResp.getTimeBeforeExpiration()
>
> etc.
Cool, I’m doing this now and it works great.
Thanks
—
Shawn
-
To unsubscribe, e-mail: api-unsubscr...@directory.apache.org
For additional commands, e-mail: api-h...@directory.apache.org
[RESOLVED] Re: Migration to 2.0 API has moved onto something a bit more relaxing
Changes pushed into api for the new control: https://github.com/apache/directory-ldap-api/commit/12353c1487412b0c7e0d36a68297ab713dd0 Let me know if there’s anything I missed / got wrong. I’ve left the control in fortress for now, until the 2.0.3 release is out. That resolves this issue, thanks for the help. — Shawn - To unsubscribe, e-mail: api-unsubscr...@directory.apache.org For additional commands, e-mail: api-h...@directory.apache.org
Re: Migration to 2.0 API has moved onto something a bit more relaxing
On 24/06/2021 15:57, Shawn McKinney wrote: interfaces should describe a type and hence have methods Whatever. There is a suppressions.xml file in src/checkstyle that list the classes that are to be ignred. here is its content: checks="InterfaceIsType" /> checks="InterfaceIsType" /> files="org.apache.directory.api.ldap.extras.controls.permissiveModify" checks="InterfaceIsType" /> files="org.apache.directory.api.ldap.extras.controls.ppolicy" checks="InterfaceIsType" /> files="org.apache.directory.api.ldap.extras.controls.changeNotifications" checks="InterfaceIsType" /> Add the RelaxControl in this file : checks="InterfaceIsType" /> checks="InterfaceIsType" /> files="org.apache.directory.api.ldap.extras.controls.relax" checks="InterfaceIsType" /> ... -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 emmanuel.lecha...@busit.com https://www.busit.com/ - To unsubscribe, e-mail: api-unsubscr...@directory.apache.org For additional commands, e-mail: api-h...@directory.apache.org
Re: Migration to 2.0 API has moved onto something a bit more relaxing
On 24/06/2021 15:57, Shawn McKinney wrote: interfaces should describe a type and hence have methods Does RelaxControl extends Control ? -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 emmanuel.lecha...@busit.com https://www.busit.com/ - To unsubscribe, e-mail: api-unsubscr...@directory.apache.org For additional commands, e-mail: api-h...@directory.apache.org
Re: Migration to 2.0 API - RBAC Accelerator Extended Operations
On 24/06/2021 20:38, Shawn McKinney wrote: Moving onto the last hurdle for 2.0 migration… To get the accelerator client talking with OpenLDAP RBAC overlay, for extended operations. Emmanuel, as I recall some time ago that the RBAC accelerator client would need to be reworked when we moved to 2.0. Do you recall what the issue was? The ASN.1 encoding has been rewritten from scratch. The idea was to use a preallocated buffer, which get filled from the end, instead of computing the result size, allocate the buffer and fill it. It saves the length computation cost most of the time (if the buffer gets too small, we reallocate it) As it stands, I’m getting server side assertion failure. Before I jump to far into this wanted to check with you. If you want to look at the server side log, it’s here: https://issues.apache.org/jira/browse/FC-238?focusedCommentId=17369035=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17369035 The logs aren't helful, there is not enough data in it (typically the received PDU). Do you have the extended operation code ? -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 emmanuel.lecha...@busit.com https://www.busit.com/ - To unsubscribe, e-mail: api-unsubscr...@directory.apache.org For additional commands, e-mail: api-h...@directory.apache.org
