directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Dobrinic <mark.dobri...@twobotechnologies.com>
Subject ModifyPassword extended operation issue
Date Mon, 03 Oct 2016 11:09:28 GMT
Hi api @directory.apache.org,

When using Apache Directory API to send out a ModifyPassword request to
a non-Apache LDAP server, I stumbled upon an issue when processing the
response of the request.

The specification ( https://tools.ietf.org/html/rfc3062#section-2.2 ;
RFC 3062 section 2.2), states

" Password Modify response is an ExtendedResponse where the responseName
field is absent and the response field is optional."

But PasswordModifyFactory#decorate() instead assumes there will always
be a response field.


I was able to override PasswordModifyFactory and implement a fix by
changing the decorate() method in the subclass, but I think it's
actually a bug in the library, so I'd like to propose to change it in
Apache Directory API instead.

The change in PasswordModifyFactory.java is minimal:

Line 133, from
        byte[] value = response.getResponseValue();

        ByteBuffer buffer = ByteBuffer.wrap( value );
to
        byte[] value = response.getResponseValue();

        if (value == null)
        {
            value = new byte[0];
        }

        ByteBuffer buffer = ByteBuffer.wrap(value);


and line 143, from

            pwdModifyResponse = container.getPwdModifyResponse();
to

            pwdModifyResponse = container.getPwdModifyResponse();

            if (pwdModifyResponse == null)
            {
                pwdModifyResponse = new
PasswordModifyResponseImpl(decoratedResponse.getMessageId());
            }


This will allow empty response field values.


Can any of you experts take a look and confirm?


Thanks!


-- 
Regards,

Mark Dobrinic
Software Engineer and Identity Specialist
Twobo Technologies AB

mark.dobrinic@twobotechnologies.com
www.twobotechnologies.com


Mime
View raw message