On 11/15/11 7:11 PM, [email protected] wrote:
Ok, when I try and bind with an expired password and all grace logins are
spent, this exception is thrown:
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
INVALID_CREDENTIALS: Bind failed: paasword expired and max grace logins were
used]
And in the LdapContext. getResponseControls() encodedValue there is this
small byte array:
[48, 3, -127, 1, 0]
Does anyone know how to interpret or decode this?
This stands for
0x30 0x03
0x81 0x01 0x00
which means, when correlated with the ASN.1 grammar :
PasswordPolicyResponseValue ::= SEQUENCE {
warning [0] CHOICE {
timeBeforeExpiration [0] INTEGER (0 .. maxInt),
graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
error [1] ENUMERATED {
passwordExpired (0),
accountLocked (1),
changeAfterReset (2),
passwordModNotAllowed (3),
mustSupplyOldPassword (4),
insufficientPasswordQuality (5),
passwordTooShort (6),
passwordTooYoung (7),
passwordInHistory (8) } OPTIONAL }
0x30 0x03 : SEQUENCE, 3 bytes length
0x81 : error [1] (would have been 0x80 for a warning)
0x01 : one byte length
0x00 : passwordExpired.
ASN1 can be fun, but only for people who like this part of Pulp Fiction
: http://www.youtube.com/watch?v=wN2-I31Imis&feature=player_detailpage
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
