directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1028969 [1/2] - in /directory/apacheds/branches/apacheds-config: all/ core-annotations/ core-api/ core-api/src/main/java/org/apache/directory/server/core/ core-api/src/test/java/org/apache/directory/server/core/ core-avl/ core-constants/ c...
Date Sat, 30 Oct 2010 02:08:37 GMT
Author: elecharny
Date: Sat Oct 30 02:08:35 2010
New Revision: 1028969

URL: http://svn.apache.org/viewvc?rev=1028969&view=rev
Log:
Merged the trunk modifications into the branch

Added:
    directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/PasswordPolicyConfiguration.java
      - copied unchanged from r1028958, directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/PasswordPolicyConfiguration.java
    directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/PpolicyConfigContainer.java
      - copied unchanged from r1028958, directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/PpolicyConfigContainer.java
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java
      - copied unchanged from r1028959, directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/EncryptionMethod.java
    directory/apacheds/branches/apacheds-config/jdbm-partition/conf/
    directory/apacheds/branches/apacheds-config/jdbm-partition/log/
    directory/apacheds/branches/apacheds-config/jdbm-partition/partitions/
    directory/apacheds/branches/apacheds-config/jdbm-partition/run/
Removed:
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/PasswordPolicyConfiguration.java
Modified:
    directory/apacheds/branches/apacheds-config/all/   (props changed)
    directory/apacheds/branches/apacheds-config/core/   (props changed)
    directory/apacheds/branches/apacheds-config/core-annotations/   (props changed)
    directory/apacheds/branches/apacheds-config/core-api/   (props changed)
    directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/DirectoryService.java
    directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/EntryToResponseCursor.java
    directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java
    directory/apacheds/branches/apacheds-config/core-api/src/test/java/org/apache/directory/server/core/MockDirectoryService.java
    directory/apacheds/branches/apacheds-config/core-avl/   (props changed)
    directory/apacheds/branches/apacheds-config/core-constants/   (props changed)
    directory/apacheds/branches/apacheds-config/core-integ/   (props changed)
    directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
    directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java   (props changed)
    directory/apacheds/branches/apacheds-config/core-jndi/   (props changed)
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
    directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
    directory/apacheds/branches/apacheds-config/http-directory-bridge/   (props changed)
    directory/apacheds/branches/apacheds-config/http-integration/   (props changed)
    directory/apacheds/branches/apacheds-config/i18n/   (props changed)
    directory/apacheds/branches/apacheds-config/interceptor-kerberos/   (props changed)
    directory/apacheds/branches/apacheds-config/jdbm/   (props changed)
    directory/apacheds/branches/apacheds-config/jdbm-partition/   (props changed)
    directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/   (props changed)
    directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java   (props changed)
    directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/   (props changed)
    directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java   (props changed)
    directory/apacheds/branches/apacheds-config/kerberos-shared/   (props changed)
    directory/apacheds/branches/apacheds-config/kerberos-test/   (props changed)
    directory/apacheds/branches/apacheds-config/ldif-partition/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-changepw/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-dhcp/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-dns/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-kerberos/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-ldap/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-ldap/pom.xml
    directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
    directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/replication/SyncReplConsumer.java   (contents, props changed)
    directory/apacheds/branches/apacheds-config/protocol-ntp/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-shared/   (props changed)
    directory/apacheds/branches/apacheds-config/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/store/LdifFileLoader.java
    directory/apacheds/branches/apacheds-config/server-annotations/   (props changed)
    directory/apacheds/branches/apacheds-config/server-integ/   (props changed)
    directory/apacheds/branches/apacheds-config/server-integ/src/test/java/org/apache/directory/server/operations/add/AddIT.java
    directory/apacheds/branches/apacheds-config/server-integ/src/test/java/org/apache/directory/server/operations/bind/BindIT.java
    directory/apacheds/branches/apacheds-config/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
    directory/apacheds/branches/apacheds-config/server-integ/src/test/java/org/apache/directory/server/operations/search/PersistentSearchIT.java
    directory/apacheds/branches/apacheds-config/server-jndi/   (props changed)
    directory/apacheds/branches/apacheds-config/server-replication/   (props changed)

Propchange: directory/apacheds/branches/apacheds-config/all/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/all:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/all:980138-980938
+/directory/apacheds/trunk/all:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/core/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core:980138-980934
+/directory/apacheds/trunk/core:1023440-1028959

Propchange: directory/apacheds/branches/apacheds-config/core-annotations/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core-annotations:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core-annotations:980138-980934
+/directory/apacheds/trunk/core-annotations:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/core-api/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core-api:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core-api:980138-980934
+/directory/apacheds/trunk/core-api:1023440-1028958

Modified: directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/DirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/DirectoryService.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/DirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/DirectoryService.java Sat Oct 30 02:08:35 2010
@@ -50,6 +50,7 @@ import org.apache.directory.shared.ldap.
  * Provides JNDI service to {@link AbstractContextFactory}.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @param <PasswordPolicyConfiguration>
  */
 public interface DirectoryService extends ServerEntryFactory
 {
@@ -550,4 +551,32 @@ public interface DirectoryService extend
      * @return The TriggerExecution AdministrativePoint cache
      */
     DnNode<TriggerExecutionAdministrativePoint> getTriggerExecutionAPCache();
+    
+    
+    /**
+     * @return true if the password policy is enabled, false otherwise
+     */
+    boolean isPwdPolicyEnabled();
+    
+
+    /**
+     * Gets the effective password policy of the given entry. 
+     * If the entry has defined a custom password policy by setting "pwdPolicySubentry" attribute
+     * then the password policy associated with the DN specified at the above attribute's value will be returned.
+     * Otherwise the default password policy will be returned (if present)
+     * 
+     * @param userEntry the user's entry
+     * @return the associated password policy
+     * @throws LdapException
+     */
+    PasswordPolicyConfiguration getPwdPolicy( Entry userEntry ) throws LdapException;
+    
+    
+    /**
+     * set all the password policies to be used by the server.
+     * This includes a default(i.e applicable to all entries) and custom(a.k.a per user) password policies
+     *  
+     * @param policyContainer the container holding all the password policies
+     */
+    void setPwdPolicies( PpolicyConfigContainer policyContainer );
 }

Modified: directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/EntryToResponseCursor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/EntryToResponseCursor.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/EntryToResponseCursor.java (original)
+++ directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/EntryToResponseCursor.java Sat Oct 30 02:08:35 2010
@@ -27,6 +27,8 @@ import org.apache.directory.server.core.
 import org.apache.directory.shared.i18n.I18n;
 import org.apache.directory.shared.ldap.cursor.ClosureMonitor;
 import org.apache.directory.shared.ldap.cursor.Cursor;
+import org.apache.directory.shared.ldap.cursor.SearchCursor;
+import org.apache.directory.shared.ldap.message.Response;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.message.SearchResultDone;
 import org.apache.directory.shared.ldap.message.SearchResultDoneImpl;
@@ -40,10 +42,10 @@ import org.apache.directory.shared.ldap.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public class EntryToResponseCursor<InternalResponse> implements Cursor<InternalResponse>
+public class EntryToResponseCursor implements SearchCursor
 {
     /** the underlying cursor */
-    private Cursor<InternalResponse> wrapped;
+    private Cursor<ClonedServerEntry> wrapped;
 
     /** a reference to hold the SearchResultDone response */
     private SearchResultDone searchDoneResp;
@@ -53,20 +55,20 @@ public class EntryToResponseCursor<Inter
     private int messageId;
 
 
-    public EntryToResponseCursor( int messageId, Cursor<InternalResponse> wrapped )
+    public EntryToResponseCursor( int messageId, Cursor<ClonedServerEntry> wrapped )
     {
         this.wrapped = wrapped;
         this.messageId = messageId;
     }
 
 
-    public Iterator<InternalResponse> iterator()
+    public Iterator<Response> iterator()
     {
         throw new UnsupportedOperationException();
     }
 
 
-    public void after( InternalResponse resp ) throws Exception
+    public void after( Response resp ) throws Exception
     {
         throw new UnsupportedOperationException();
     }
@@ -84,7 +86,7 @@ public class EntryToResponseCursor<Inter
     }
 
 
-    public void before( InternalResponse resp ) throws Exception
+    public void before( Response resp ) throws Exception
     {
         throw new UnsupportedOperationException();
     }
@@ -114,13 +116,13 @@ public class EntryToResponseCursor<Inter
     }
 
 
-    public InternalResponse get() throws Exception
+    public Response get() throws Exception
     {
         ClonedServerEntry entry = ( ClonedServerEntry ) wrapped.get();
         SearchResultEntry se = new SearchResultEntryImpl( messageId );
         se.setEntry( entry );
 
-        return ( InternalResponse ) se;
+        return se;
     }
 
 
@@ -129,7 +131,7 @@ public class EntryToResponseCursor<Inter
      *
      * @return the SearchResultDone message, null if the search operation fails for any reason
      */
-    public SearchResultDone getSearchDone()
+    public SearchResultDone getSearchResultDone()
     {
         return searchDoneResp;
     }

Modified: directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java (original)
+++ directory/apacheds/branches/apacheds-config/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java Sat Oct 30 02:08:35 2010
@@ -28,12 +28,13 @@ import java.util.List;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.server.core.entry.ClonedServerEntry;
 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.interceptor.context.BindOperationContext;
 import org.apache.directory.shared.asn1.primitives.OID;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.apache.directory.shared.ldap.cursor.Cursor;
 import org.apache.directory.shared.ldap.cursor.EmptyCursor;
+import org.apache.directory.shared.ldap.cursor.SearchCursor;
 import org.apache.directory.shared.ldap.entry.DefaultModification;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
@@ -74,7 +75,6 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.message.ModifyRequestImpl;
 import org.apache.directory.shared.ldap.message.ModifyResponse;
 import org.apache.directory.shared.ldap.message.ModifyResponseImpl;
-import org.apache.directory.shared.ldap.message.Response;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.message.ResultResponseRequest;
 import org.apache.directory.shared.ldap.message.SearchRequest;
@@ -958,7 +958,7 @@ public class LdapCoreSessionConnection i
     /**
      * {@inheritDoc}
      */
-    public Cursor<Response> search( SearchRequest searchRequest ) throws LdapException
+    public SearchCursor search( SearchRequest searchRequest ) throws LdapException
     {
         if ( searchRequest == null )
         {
@@ -984,14 +984,14 @@ public class LdapCoreSessionConnection i
             LOG.warn( e.getMessage(), e );
         }
 
-        return new EntryToResponseCursor<Response>( -1, new EmptyCursor<Response>() );
+        return new EntryToResponseCursor( -1, new EmptyCursor<ClonedServerEntry>() );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public Cursor<Response> search( DN baseDn, String filter, SearchScope scope, String... attributes )
+    public SearchCursor search( DN baseDn, String filter, SearchScope scope, String... attributes )
         throws LdapException
     {
         if ( baseDn == null )
@@ -1016,7 +1016,7 @@ public class LdapCoreSessionConnection i
     /**
      * {@inheritDoc}
      */
-    public Cursor<Response> search( String baseDn, String filter, SearchScope scope, String... attributes )
+    public SearchCursor search( String baseDn, String filter, SearchScope scope, String... attributes )
         throws LdapException
     {
         return search( new DN( baseDn ), filter, scope, attributes );

Modified: directory/apacheds/branches/apacheds-config/core-api/src/test/java/org/apache/directory/server/core/MockDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core-api/src/test/java/org/apache/directory/server/core/MockDirectoryService.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core-api/src/test/java/org/apache/directory/server/core/MockDirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-config/core-api/src/test/java/org/apache/directory/server/core/MockDirectoryService.java Sat Oct 30 02:08:35 2010
@@ -529,4 +529,30 @@ public class MockDirectoryService implem
     public void setInstanceLayout( InstanceLayout instanceLayout )
     {
     }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isPwdPolicyEnabled()
+    {
+        return false;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public PasswordPolicyConfiguration getPwdPolicy( Entry userEntry ) throws LdapException
+    {
+        return null;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setPwdPolicies( PpolicyConfigContainer policyContainer )
+    {
+    }
 }

Propchange: directory/apacheds/branches/apacheds-config/core-avl/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core-avl:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core-avl:980138-980934
+/directory/apacheds/trunk/core-avl:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/core-constants/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core-constants:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core-constants:980138-980934
+/directory/apacheds/trunk/core-constants:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/core-integ/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core-integ:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core-integ:980138-980934
+/directory/apacheds/trunk/core-integ:1023440-1028958

Modified: directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java (original)
+++ directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java Sat Oct 30 02:08:35 2010
@@ -32,11 +32,13 @@ import static org.junit.Assert.assertNul
 import static org.junit.Assert.assertTrue;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
+import org.apache.directory.server.core.PpolicyConfigContainer;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.authn.AuthenticationInterceptor;
-import org.apache.directory.server.core.authn.PasswordPolicyConfiguration;
 import org.apache.directory.server.core.authn.PasswordUtil;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
@@ -61,7 +63,6 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.message.control.Control;
 import org.apache.directory.shared.ldap.name.DN;
-import org.apache.directory.shared.ldap.util.StringTools;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -103,10 +104,13 @@ public class PasswordPolicyTest extends 
         policyConfig.setPwdGraceAuthNLimit( 5 );
         policyConfig.setPwdCheckQuality( 2 ); // DO NOT allow the password if its quality can't be checked
 
+        PpolicyConfigContainer policyContainer = new PpolicyConfigContainer();
+        policyContainer.setDefaultPolicy( policyConfig );
+        service.setPwdPolicies( policyContainer );
+        
         AuthenticationInterceptor authInterceptor = ( AuthenticationInterceptor ) service
-            .getInterceptor( AuthenticationInterceptor.class.getName() );
-        authInterceptor.setPwdPolicyConfig( policyConfig );
-
+        .getInterceptor( AuthenticationInterceptor.class.getName() );
+        
         authInterceptor.loadPwdPolicyStateAtributeTypes();
     }
 
@@ -122,7 +126,7 @@ public class PasswordPolicyTest extends 
     public void testAddUserWithClearTextPwd() throws Exception
     {
         LdapConnection connection = getAdminNetworkConnection( ldapServer );
-
+        
         DN userDn = new DN( "cn=user,ou=system" );
         Entry userEntry = LdifUtils.createEntry( userDn, "ObjectClass: top", "ObjectClass: person", "cn: user",
             "sn: user_sn", "userPassword: 1234" );
@@ -158,10 +162,7 @@ public class PasswordPolicyTest extends 
     {
         LdapConnection connection = getAdminNetworkConnection( ldapServer );
 
-        byte[] password = PasswordUtil.encryptPassword( "12345".getBytes(), LdapSecurityConstants.HASH_METHOD_CRYPT,
-            null );
-        String strPwd = "{crypt}" + StringTools.utf8ToString( password );
-        password = strPwd.getBytes();
+        byte[] password = PasswordUtil.createStoragePassword( "12345", LdapSecurityConstants.HASH_METHOD_CRYPT );
 
         DN userDn = new DN( "cn=hashedpwd,ou=system" );
         Entry userEntry = new DefaultEntry( userDn );
@@ -191,8 +192,7 @@ public class PasswordPolicyTest extends 
         respCtrl = getPwdRespCtrl( addResp );
         assertNull( respCtrl );
 
-        LdapConnection userConnection = getNetworkConnectionAs( ldapServer, userDn.getName(), StringTools
-            .utf8ToString( password ) );
+        LdapConnection userConnection = getNetworkConnectionAs( ldapServer, userDn.getName(), "12345" );
         assertNotNull( userConnection );
         assertTrue( userConnection.isAuthenticated() );
     }

Propchange: directory/apacheds/branches/apacheds-config/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -5,3 +5,4 @@
 /directory/apacheds/branches/apacheds-subtree/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java:965202-966561
 /directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java:599654-600228
 /directory/apacheds/branches/xdbm-refactoring/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java:945827-946347
+/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/collective/CollectiveAttributeServiceIT.java:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/core-jndi/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/core-jndi:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/core-jndi:980138-980935
+/directory/apacheds/trunk/core-jndi:1023440-1028958

Modified: directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Sat Oct 30 02:08:35 2010
@@ -99,6 +99,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.ldif.LdifReader;
 import org.apache.directory.shared.ldap.name.DN;
 import org.apache.directory.shared.ldap.name.RDN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.util.DateUtils;
 import org.apache.directory.shared.ldap.util.StringTools;
@@ -260,6 +261,12 @@ public class DefaultDirectoryService imp
     /** The TriggerExecution AdministrativePoint cache */
     private DnNode<TriggerExecutionAdministrativePoint> triggerExecutionAPCache;
 
+    /** a container to hold all the ppolicies */
+    private PpolicyConfigContainer pwdPolicyContainer;
+    
+    /** the pwdPolicySubentry AT */
+    private AttributeType pwdPolicySubentryAT;
+    
     /**
      * The synchronizer thread. It flush data on disk periodically.
      */
@@ -1474,6 +1481,8 @@ public class DefaultDirectoryService imp
         partitions.add( schemaService.getSchemaPartition() );
         systemPartition.getSuffix().normalize( schemaManager );
 
+        pwdPolicySubentryAT = schemaManager.lookupAttributeTypeRegistry( "pwdPolicySubentry" );
+        
         adminDn = DNFactory.create( ServerDNConstants.ADMIN_SYSTEM_DN, schemaManager );
         adminSession = new DefaultCoreSession( new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), this );
 
@@ -1861,4 +1870,51 @@ public class DefaultDirectoryService imp
     {
         return triggerExecutionAPCache;
     }
+    
+    
+    /**
+     * {@inheritDoc}
+     */
+    public PasswordPolicyConfiguration getPwdPolicy( Entry userEntry ) throws LdapException
+    {
+        if ( pwdPolicyContainer == null )
+        {
+            return null;
+        }
+        
+        if ( pwdPolicyContainer.hasCustomConfigs() )
+        {
+            EntryAttribute pwdPolicySubentry = userEntry.get( pwdPolicySubentryAT );
+            
+            if ( pwdPolicySubentry != null )
+            {
+                DN configDn = DNFactory.create( pwdPolicySubentry.getString(), schemaManager );
+                
+                return pwdPolicyContainer.getPolicyConfig( configDn );
+            }
+        }
+        
+        return pwdPolicyContainer.getDefaultPolicy();
+    }
+
+    
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isPwdPolicyEnabled()
+    {
+        return ( ( pwdPolicyContainer != null ) 
+                && ( ( pwdPolicyContainer.getDefaultPolicy() != null ) 
+                || ( pwdPolicyContainer.hasCustomConfigs() ) ) );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setPwdPolicies( PpolicyConfigContainer policyContainer )
+    {
+        this.pwdPolicyContainer = policyContainer;
+    }
+
 }
\ No newline at end of file

Modified: directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java (original)
+++ directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AbstractAuthenticator.java Sat Oct 30 02:08:35 2010
@@ -33,6 +33,7 @@ import java.util.Collections;
 import java.util.Date;
 
 import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.DefaultModification;
 import org.apache.directory.shared.ldap.entry.Entry;
@@ -60,8 +61,6 @@ public abstract class AbstractAuthentica
     
     /** authenticator type */
     private final AuthenticationLevel authenticatorType;
-
-    private PasswordPolicyConfiguration pPolicyConfig;
     
     /**
      * Creates a new instance.
@@ -153,11 +152,13 @@ public abstract class AbstractAuthentica
      */
     public void checkPwdPolicy( Entry userEntry ) throws LdapException
     {
-        if( pPolicyConfig == null )
+        if( !directoryService.isPwdPolicyEnabled() )
         {
             return;
         }
 
+        PasswordPolicyConfiguration pPolicyConfig = directoryService.getPwdPolicy( userEntry );
+        
         // check for locked out account
         if( pPolicyConfig.isPwdLockout() )
         {
@@ -255,22 +256,4 @@ public abstract class AbstractAuthentica
             }
         }
     }
-    
-    
-    /**
-     * {@inheritDoc}
-     */
-    public void setPwdPolicyConfig( PasswordPolicyConfiguration pPolicyConfig )
-    {
-        this.pPolicyConfig = pPolicyConfig;
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public PasswordPolicyConfiguration getPwdPolicyConfig()
-    {
-        return pPolicyConfig;
-    }
 }

Modified: directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Sat Oct 30 02:08:35 2010
@@ -51,6 +51,8 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.DefaultCoreSession;
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.LdapPrincipal;
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
+import org.apache.directory.server.core.PpolicyConfigContainer;
 import org.apache.directory.server.core.admin.AdministrativePointInterceptor;
 import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
 import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
@@ -132,7 +134,7 @@ public class AuthenticationInterceptor e
     /** A reference to the DirectoryService instance */
     private DirectoryService directoryService;
 
-    private PasswordPolicyConfiguration policyConfig;
+    //private PasswordPolicyConfiguration policyConfig;
 
     /** A reference to the SchemaManager instance */
     private SchemaManager schemaManager;
@@ -156,6 +158,9 @@ public class AuthenticationInterceptor e
 
     private AttributeType AT_PWD_GRACE_USE_TIME;
 
+    //FIXME should be removed after the config branch merge
+    private PpolicyConfigContainer policyContainer;
+    
     /**
      * the set of interceptors we should *not* go through when pwdpolicy state information is being updated
      */
@@ -196,6 +201,8 @@ public class AuthenticationInterceptor e
     {
         this.directoryService = directoryService;
 
+        directoryService.setPwdPolicies( policyContainer );;
+        
         schemaManager = directoryService.getSchemaManager();
 
         adminSession = directoryService.getAdminSession();
@@ -309,18 +316,21 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( addContext );
 
-        if ( policyConfig == null )
+        Entry entry = addContext.getEntry();
+        
+        
+        if ( !directoryService.isPwdPolicyEnabled() )
         {
             next.add( addContext );
             return;
         }
+        
+        PasswordPolicyConfiguration policyConfig = directoryService.getPwdPolicy( entry );
 
         boolean isPPolicyReqCtrlPresent = addContext.hasRequestControl( PasswordPolicyRequestControl.CONTROL_OID );
 
         checkPwdReset( addContext );
 
-        Entry entry = addContext.getEntry();
-
         if ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null )
         {
             String username = null;
@@ -335,7 +345,7 @@ public class AuthenticationInterceptor e
 
             try
             {
-                check( username, userPassword.get() );
+                check( username, userPassword.get(), policyConfig );
             }
             catch ( PasswordPolicyException e )
             {
@@ -468,20 +478,24 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( modifyContext );
 
-        if ( policyConfig == null )
+        
+        if ( ! directoryService.isPwdPolicyEnabled() )
         {
             next.modify( modifyContext );
             invalidateAuthenticatorCaches( modifyContext.getDn() );
             return;
         }
 
+        // handle the case where pwdPolicySubentry AT is about to be deleted in thid modify()
+        PasswordPolicyConfiguration policyConfig = directoryService.getPwdPolicy( modifyContext.getOriginalEntry() );
+        
         boolean isPPolicyReqCtrlPresent = modifyContext.hasRequestControl( PasswordPolicyRequestControl.CONTROL_OID );
         DN userDn = modifyContext.getSession().getAuthenticatedPrincipal().getDN();
 
         PwdModDetailsHolder pwdModDetails = null;
         if ( policyConfig.isPwdSafeModify() || pwdResetSet.contains( userDn ) || ( policyConfig.getPwdMinAge() > 0 ) )
         {
-            pwdModDetails = getPwdModDetails( modifyContext );
+            pwdModDetails = getPwdModDetails( modifyContext, policyConfig );
         }
 
         if ( ( pwdModDetails != null ) && pwdModDetails.isPwdModPresent() )
@@ -532,7 +546,7 @@ public class AuthenticationInterceptor e
 
             Entry entry = modifyContext.getEntry();
 
-            if ( isPwdTooYoung( entry ) )
+            if ( isPwdTooYoung( entry, policyConfig ) )
             {
                 if ( isPPolicyReqCtrlPresent )
                 {
@@ -558,7 +572,7 @@ public class AuthenticationInterceptor e
                 newPassword = pwdModDetails.getNewPwd();
                 try
                 {
-                    check( userName, newPassword );
+                    check( userName, newPassword, policyConfig );
                 }
                 catch ( PasswordPolicyException e )
                 {
@@ -849,8 +863,6 @@ public class AuthenticationInterceptor e
         {
             try
             {
-                authenticator.setPwdPolicyConfig( policyConfig );
-
                 // perform the authentication
                 LdapPrincipal principal = authenticator.authenticate( bindContext );
 
@@ -903,6 +915,8 @@ public class AuthenticationInterceptor e
         DN dn = bindContext.getDn();
         Entry userEntry = bindContext.getEntry();
         
+        PasswordPolicyConfiguration policyConfig = directoryService.getPwdPolicy( userEntry );
+        
         // check if the user entry is null, it will be null
         // in cases of anonymous bind
         if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess() ) 
@@ -1045,7 +1059,7 @@ public class AuthenticationInterceptor e
 
             if ( isPPolicyReqCtrlPresent )
             {
-                int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry );
+                int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
                 if ( expiryWarnTime > 0 )
                 {
                     pwdRespCtrl.setTimeBeforeExpiration( expiryWarnTime );
@@ -1069,22 +1083,29 @@ public class AuthenticationInterceptor e
         super.unbind( next, unbindContext );
 
         // remove the DN from the password reset Set
-        if ( ( policyConfig != null ) && ( policyConfig.isPwdMustChange() ) )
+        // we do not perform a check to see if the reset flag in the associated ppolicy is enabled
+        // cause that requires fetching the ppolicy first, which requires a lookup for user entry
+        if ( !directoryService.isPwdPolicyEnabled() )
         {
             pwdResetSet.remove( unbindContext.getDn() );
         }
     }
 
 
+    /**
+     * a temporary hack to set the ppolicies in the DS
+     * @deprecated this method will be removed after the config branch gets merged in trunk
+     */
     public void setPwdPolicyConfig( PasswordPolicyConfiguration policyConfig )
     {
-        this.policyConfig = policyConfig;
+        policyContainer = new PpolicyConfigContainer();
+        policyContainer.setDefaultPolicy( policyConfig );
     }
 
 
     public void loadPwdPolicyStateAtributeTypes() throws LdapException
     {
-        if ( policyConfig != null )
+        if ( directoryService.isPwdPolicyEnabled() )
         {
             AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT );
             PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );
@@ -1112,7 +1133,7 @@ public class AuthenticationInterceptor e
 
     // ---------- private methods ----------------
 
-    private void check( String username, byte[] password ) throws LdapException
+    private void check( String username, byte[] password, PasswordPolicyConfiguration policyConfig ) throws LdapException
     {
         final int qualityVal = policyConfig.getPwdCheckQuality();
 
@@ -1139,8 +1160,8 @@ public class AuthenticationInterceptor e
         }
 
         String strPassword = StringTools.utf8ToString( password );
-        validatePasswordLength( strPassword );
-        checkUsernameSubstring( username, strPassword );
+        validatePasswordLength( strPassword, policyConfig );
+        checkUsernameSubstring( username, strPassword, policyConfig );
         //        checkPasswordChars( strPassword );
     }
 
@@ -1148,7 +1169,7 @@ public class AuthenticationInterceptor e
     /**
      * validates the length of the password
      */
-    private void validatePasswordLength( String password ) throws PasswordPolicyException
+    private void validatePasswordLength( String password, PasswordPolicyConfiguration policyConfig ) throws PasswordPolicyException
     {
         int maxLen = policyConfig.getPwdMaxLength();
         int minLen = policyConfig.getPwdMinLength();
@@ -1238,7 +1259,7 @@ public class AuthenticationInterceptor e
      * "first" or "last" as a substring anywhere in the password. All of these checks are
      * case-insensitive.
      */
-    private void checkUsernameSubstring( String username, String password ) throws PasswordPolicyException
+    private void checkUsernameSubstring( String username, String password, PasswordPolicyConfiguration policyConfig ) throws PasswordPolicyException
     {
         if ( username == null || username.trim().length() == 0 )
         {
@@ -1258,7 +1279,7 @@ public class AuthenticationInterceptor e
     }
 
 
-    private int getPwdTimeBeforeExpiry( Entry userEntry ) throws LdapException
+    private int getPwdTimeBeforeExpiry( Entry userEntry, PasswordPolicyConfiguration policyConfig ) throws LdapException
     {
         if ( policyConfig.getPwdMaxAge() == 0 )
         {
@@ -1299,7 +1320,7 @@ public class AuthenticationInterceptor e
      * @return true if the password is young, false otherwise
      * @throws LdapException
      */
-    private boolean isPwdTooYoung( Entry userEntry ) throws LdapException
+    private boolean isPwdTooYoung( Entry userEntry, PasswordPolicyConfiguration policyConfig ) throws LdapException
     {
         if ( policyConfig.getPwdMinAge() == 0 )
         {
@@ -1340,7 +1361,7 @@ public class AuthenticationInterceptor e
     }
 
 
-    private PwdModDetailsHolder getPwdModDetails( ModifyOperationContext modifyContext ) throws LdapException
+    private PwdModDetailsHolder getPwdModDetails( ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig ) throws LdapException
     {
         PwdModDetailsHolder pwdModDetails = new PwdModDetailsHolder();
 
@@ -1383,7 +1404,7 @@ public class AuthenticationInterceptor e
      */
     private void checkPwdReset( OperationContext opContext ) throws LdapException
     {
-        if ( policyConfig != null )
+        if ( ! directoryService.isPwdPolicyEnabled() )
         {
             CoreSession session = opContext.getSession();
 
@@ -1405,6 +1426,7 @@ public class AuthenticationInterceptor e
         }
     }
 
+    
     private class PwdModDetailsHolder
     {
         private boolean pwdModPresent = false;

Modified: directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java (original)
+++ directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/Authenticator.java Sat Oct 30 02:08:35 2010
@@ -88,18 +88,6 @@ public interface Authenticator
     
     
     /**
-     * @param pPolicyConfig the password policy configuration to be used while authenticating
-     */
-    void setPwdPolicyConfig( PasswordPolicyConfiguration pPolicyConfig );
-    
-    
-    /**
-     * @return the pwdpolicy configuration, can be null if pwdpolicy wasn't enabled
-     */
-    PasswordPolicyConfiguration getPwdPolicyConfig();
-    
-    
-    /**
      *  performs checks on the given entry based on the specified password policy configuration
      *
      * @param userEntry the user entry to be checked for authentication

Modified: directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java (original)
+++ directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java Sat Oct 30 02:08:35 2010
@@ -21,21 +21,26 @@
 package org.apache.directory.server.core.authn;
 
 
+import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
 import org.apache.directory.shared.ldap.constants.LdapSecurityConstants;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Value;
+import org.apache.directory.shared.ldap.util.Base64;
 import org.apache.directory.shared.ldap.util.DateUtils;
 import org.apache.directory.shared.ldap.util.StringTools;
 import org.apache.directory.shared.ldap.util.UnixCrypt;
 
+
 /**
  * A utility class containing methods related to processing passwords.
  *
@@ -43,6 +48,23 @@ import org.apache.directory.shared.ldap.
  */
 public class PasswordUtil
 {
+
+    /** The SHA1 hash length */
+    public static final int SHA1_LENGTH = 20;
+
+    /** The SHA256 hash length */
+    public static final int SHA256_LENGTH = 32;
+
+    /** The SHA384 hash length */
+    public static final int SHA384_LENGTH = 48;
+
+    /** The SHA512 hash length */
+    public static final int SHA512_LENGTH = 64;
+
+    /** The MD5 hash length */
+    public static final int MD5_LENGTH = 16;
+
+
     /**
      * Get the algorithm from the stored password. 
      * It can be found on the beginning of the stored password, between 
@@ -97,7 +119,147 @@ public class PasswordUtil
         }
     }
 
+
+    /**
+     * create a hashed password in a format that can be stored in the server.
+     * If the specified algorithm requires a salt then a random salt of 8 byte size is used
+     *  
+     * @param credentials the plain text password
+     * @param algorithm the hashing algorithm to be applied
+     * @return the password after hashing with the given algorithm 
+     */
+    public static byte[] createStoragePassword( String credentials, LdapSecurityConstants algorithm )
+    {
+        byte[] salt;
+        
+        switch( algorithm )
+        {
+            case HASH_METHOD_SSHA:
+            case HASH_METHOD_SSHA256:
+            case HASH_METHOD_SSHA384:
+            case HASH_METHOD_SSHA512:
+            case HASH_METHOD_SMD5:
+                salt = new byte[8]; // we use 8 byte salt always except for "crypt" which needs 2 byte salt
+                new SecureRandom().nextBytes( salt );
+                break;
+                
+            case HASH_METHOD_CRYPT:
+                salt = new byte[2];
+                SecureRandom sr = new SecureRandom();
+                int i1 = sr.nextInt( 64 );
+                int i2 = sr.nextInt( 64 );
+                
+                salt[0] = ( byte ) ( i1 < 12 ? ( i1 + '.' ) : i1 < 38 ? ( i1 + 'A' - 12 ) : ( i1 + 'a' - 38 ) );
+                salt[1] = ( byte ) ( i2 < 12 ? ( i2 + '.' ) : i2 < 38 ? ( i2 + 'A' - 12 ) : ( i2 + 'a' - 38 ) );
+                break;
+                
+            default:
+                salt = null;
+        }
+        
+        byte[] hashedPassword = encryptPassword( StringTools.getBytesUtf8( credentials ), algorithm, salt );
+        StringBuffer sb = new StringBuffer();
+
+        if ( algorithm != null )
+        {
+            sb.append( '{' ).append( algorithm.getName().toUpperCase() ).append( '}' );
+
+            if ( algorithm == LdapSecurityConstants.HASH_METHOD_CRYPT )
+            {
+                sb.append( StringTools.utf8ToString( salt ) );
+                sb.append( StringTools.utf8ToString( hashedPassword ) );
+            }
+            else if ( salt != null )
+            {
+                byte[] hashedPasswordWithSaltBytes = new byte[hashedPassword.length + salt.length];
+                merge( hashedPasswordWithSaltBytes, hashedPassword, salt );
+                sb.append( String.valueOf( Base64.encode( hashedPasswordWithSaltBytes ) ) );
+            }
+            else
+            {
+                sb.append( String.valueOf( Base64.encode( hashedPassword ) ) );
+            }
+        }
+        else
+        {
+            sb.append( StringTools.utf8ToString( hashedPassword ) );
+        }
+        
+        return StringTools.getBytesUtf8( sb.toString() );
+    }
+    
+
+    /**
+     * 
+     * Compare the credentials.
+     * We have at least 6 algorithms to encrypt the password :
+     * <ul>
+     * <li>- SHA</li>
+     * <li>- SSHA (salted SHA)</li>
+     * <li>- SHA-2(256, 384 and 512 and their salted versions)</li>
+     * <li>- MD5</li>
+     * <li>- SMD5 (slated MD5)</li>
+     * <li>- crypt (unix crypt)</li>
+     * <li>- plain text, ie no encryption.</li>
+     * </ul>
+     * <p>
+     *  If we get an encrypted password, it is prefixed by the used algorithm, between
+     *  brackets : {SSHA}password ...
+     *  </p>
+     *  If the password is using SSHA, SMD5 or crypt, some 'salt' is added to the password :
+     *  <ul>
+     *  <li>- length(password) - 20, starting at 21th position for SSHA</li>
+     *  <li>- length(password) - 16, starting at 16th position for SMD5</li>
+     *  <li>- length(password) - 2, starting at 3rd position for crypt</li>
+     *  </ul>
+     *  <p>
+     *  For (S)SHA, SHA-256 and (S)MD5, we have to transform the password from Base64 encoded text
+     *  to a byte[] before comparing the password with the stored one.
+     *  </p>
+     *  <p>
+     *  For crypt, we only have to remove the salt.
+     *  </p>
+     *  <p>
+     *  At the end, we use the digest() method for (S)SHA and (S)MD5, the crypt() method for
+     *  the CRYPT algorithm and a straight comparison for PLAIN TEXT passwords.
+     *  </p>
+     *  <p>
+     *  The stored password is always using the unsalted form, and is stored as a bytes array.
+     *  </p>
+     *
+     * @param receivedCredentials the credentials provided by user
+     * @param storedCredentials the credentials stored in the server
+     * @return true if they are equal, false otherwise
+     */
+    public static boolean compareCredentials( byte[] receivedCredentials, byte[] storedCredentials )
+    {
+        LdapSecurityConstants algorithm = findAlgorithm( storedCredentials );
+        
+        if ( algorithm != null )
+        {
+            EncryptionMethod encryptionMethod = new EncryptionMethod( algorithm, null );
+            
+            // Let's get the encrypted part of the stored password
+            // We should just keep the password, excluding the algorithm
+            // and the salt, if any.
+            // But we should also get the algorithm and salt to
+            // be able to encrypt the submitted user password in the next step
+            byte[] encryptedStored = PasswordUtil.splitCredentials( storedCredentials, encryptionMethod );
+            
+            // Reuse the saltedPassword informations to construct the encrypted
+            // password given by the user.
+            byte[] userPassword = PasswordUtil.encryptPassword( receivedCredentials, encryptionMethod.getAlgorithm(), encryptionMethod.getSalt() );
+            
+            // Now, compare the two passwords.
+            return Arrays.equals( userPassword, encryptedStored );
+        }
+        else
+        {
+            return Arrays.equals( storedCredentials, receivedCredentials );
+        }
+    }
     
+
     /**
      * encrypts the given credentials based on the algorithm name and optional salt
      *
@@ -115,24 +277,22 @@ public class PasswordUtil
                 return digest( LdapSecurityConstants.HASH_METHOD_SHA, credentials, salt );
 
             case HASH_METHOD_SHA256:
+            case HASH_METHOD_SSHA256:
                 return digest( LdapSecurityConstants.HASH_METHOD_SHA256, credentials, salt );
-                
+
+            case HASH_METHOD_SHA384:
+            case HASH_METHOD_SSHA384:
+                return digest( LdapSecurityConstants.HASH_METHOD_SHA384, credentials, salt );
+
+            case HASH_METHOD_SHA512:
+            case HASH_METHOD_SSHA512:
+                return digest( LdapSecurityConstants.HASH_METHOD_SHA512, credentials, salt );
+
             case HASH_METHOD_MD5:
             case HASH_METHOD_SMD5:
                 return digest( LdapSecurityConstants.HASH_METHOD_MD5, credentials, salt );
 
             case HASH_METHOD_CRYPT:
-                if ( salt == null )
-                {
-                    salt = new byte[2];
-                    SecureRandom sr = new SecureRandom();
-                    int i1 = sr.nextInt( 64 );
-                    int i2 = sr.nextInt( 64 );
-
-                    salt[0] = ( byte ) ( i1 < 12 ? ( i1 + '.' ) : i1 < 38 ? ( i1 + 'A' - 12 ) : ( i1 + 'a' - 38 ) );
-                    salt[1] = ( byte ) ( i2 < 12 ? ( i2 + '.' ) : i2 < 38 ? ( i2 + 'A' - 12 ) : ( i2 + 'a' - 38 ) );
-                }
-
                 String saltWithCrypted = UnixCrypt.crypt( StringTools.utf8ToString( credentials ), StringTools
                     .utf8ToString( salt ) );
                 String crypted = saltWithCrypted.substring( 2 );
@@ -179,7 +339,143 @@ public class PasswordUtil
         }
     }
 
-    
+
+    /**
+     * Decompose the stored password in an algorithm, an eventual salt
+     * and the password itself.
+     *
+     * If the algorithm is SHA, SSHA, MD5 or SMD5, the part following the algorithm
+     * is base64 encoded
+     *
+     * @param encryptionMethod The structure to feed
+     * @return The password
+     * @param credentials the credentials to split
+     */
+    public static byte[] splitCredentials( byte[] credentials, EncryptionMethod encryptionMethod )
+    {
+        int algoLength = encryptionMethod.getAlgorithm().getName().length() + 2;
+
+        int hashLen = 0;
+        
+        switch ( encryptionMethod.getAlgorithm() )
+        {
+            case HASH_METHOD_MD5:
+            case HASH_METHOD_SHA:
+                try
+                {
+                    // We just have the password just after the algorithm, base64 encoded.
+                    // Just decode the password and return it.
+                    return Base64
+                        .decode( new String( credentials, algoLength, credentials.length - algoLength, "UTF-8" )
+                            .toCharArray() );
+                }
+                catch ( UnsupportedEncodingException uee )
+                {
+                    // do nothing
+                    return credentials;
+                }
+
+            case HASH_METHOD_SMD5:
+                try
+                {
+                    // The password is associated with a salt. Decompose it
+                    // in two parts, after having decoded the password.
+                    // The salt will be stored into the EncryptionMethod structure
+                    // The salt is at the end of the credentials, and is 8 bytes long
+                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength, credentials.length
+                        - algoLength, "UTF-8" ).toCharArray() );
+
+                    int saltLength = passwordAndSalt.length - MD5_LENGTH;
+                    encryptionMethod.setSalt( new byte[saltLength] );
+                    byte[] password = new byte[MD5_LENGTH];
+                    split( passwordAndSalt, 0, password, encryptionMethod.getSalt() );
+
+                    return password;
+                }
+                catch ( UnsupportedEncodingException uee )
+                {
+                    // do nothing
+                    return credentials;
+                }
+
+            case HASH_METHOD_SSHA:
+                hashLen = SHA1_LENGTH;
+            
+            case HASH_METHOD_SHA256:
+            case HASH_METHOD_SSHA256:
+                if ( hashLen == 0 )
+                {
+                    hashLen = SHA256_LENGTH;
+                }
+            
+            case HASH_METHOD_SHA384:
+            case HASH_METHOD_SSHA384:
+                if ( hashLen == 0 )
+                {
+                    hashLen = SHA384_LENGTH;
+                }
+                
+            case HASH_METHOD_SHA512:
+            case HASH_METHOD_SSHA512:
+                if ( hashLen == 0 )
+                {
+                    hashLen = SHA512_LENGTH;
+                }
+                
+                try
+                {
+                    // The password is associated with a salt. Decompose it
+                    // in two parts, after having decoded the password.
+                    // The salt will be stored into the EncryptionMethod structure
+                    // The salt is at the end of the credentials, and is 8 bytes long
+                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength, credentials.length
+                        - algoLength, "UTF-8" ).toCharArray() );
+
+                    int saltLength = passwordAndSalt.length - hashLen;
+                    encryptionMethod.setSalt( new byte[saltLength] );
+                    byte[] password = new byte[hashLen];
+                    split( passwordAndSalt, 0, password, encryptionMethod.getSalt() );
+
+                    return password;
+                }
+                catch ( UnsupportedEncodingException uee )
+                {
+                    // do nothing
+                    return credentials;
+                }
+
+            case HASH_METHOD_CRYPT:
+                // The password is associated with a salt. Decompose it
+                // in two parts, storing the salt into the EncryptionMethod structure.
+                // The salt comes first, not like for SSHA and SMD5, and is 2 bytes long
+                encryptionMethod.setSalt( new byte[2] );
+                byte[] password = new byte[credentials.length - encryptionMethod.getSalt().length - algoLength];
+                split( credentials, algoLength, encryptionMethod.getSalt(), password );
+
+                return password;
+
+            default:
+                // unknown method
+                return credentials;
+
+        }
+    }
+
+
+    private static void split( byte[] all, int offset, byte[] left, byte[] right )
+    {
+        System.arraycopy( all, offset, left, 0, left.length );
+        System.arraycopy( all, offset + left.length, right, 0, right.length );
+    }
+
+
+    private static void merge( byte[] all, byte[] left, byte[] right )
+    {
+        System.arraycopy( left, 0, all, 0, left.length );
+        System.arraycopy( right, 0, all, left.length, right.length );
+    }
+
+
     /**
      * checks if the given password's change time is older than the max age 
      *
@@ -193,21 +489,21 @@ public class PasswordUtil
 
         long time = pwdMaxAgeSec * 1000;
         time += pwdChangeDate.getTime();
-        
+
         Date expiryDate = new Date( time );
         Date now = new Date();
-        
+
         boolean expired = false;
-        
-        if( expiryDate.equals( now ) || expiryDate.after( now ) )
+
+        if ( expiryDate.equals( now ) || expiryDate.after( now ) )
         {
-           expired = true;
+            expired = true;
         }
-        
+
         return expired;
     }
-    
-    
+
+
     /**
      * purges failure timestamps which are older than the configured interval
      * (section 7.6 in the draft)
@@ -216,34 +512,33 @@ public class PasswordUtil
     {
         long interval = config.getPwdFailureCountInterval();
 
-        if( interval == 0 )
+        if ( interval == 0 )
         {
             return;
         }
-        
+
         Iterator<Value<?>> itr = pwdFailTimeAt.getAll();
         interval *= 1000;
-        
+
         long currentTime = System.currentTimeMillis();
         List<Value<?>> valList = new ArrayList<Value<?>>();
-        
-        while( itr.hasNext() )
+
+        while ( itr.hasNext() )
         {
             Value<?> val = itr.next();
             String failureTime = val.getString();
             long time = DateUtils.getDate( failureTime ).getTime();
             time += interval;
-            
-            if(  currentTime > time )
+
+            if ( currentTime > time )
             {
                 valList.add( val );
             }
         }
-        
-        for( Value<?> val : valList )
+
+        for ( Value<?> val : valList )
         {
             pwdFailTimeAt.remove( val );
         }
     }
-
 }

Modified: directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/branches/apacheds-config/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Sat Oct 30 02:08:35 2010
@@ -20,7 +20,6 @@
 package org.apache.directory.server.core.authn;
 
 
-import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
@@ -78,12 +77,6 @@ public class SimpleAuthenticator extends
     /** A speedup for logger in debug mode */
     private static final boolean IS_DEBUG = LOG.isDebugEnabled();
 
-    /** The SHA1 hash length */
-    private static final int SHA1_LENGTH = 20;
-
-    /** The MD5 hash length */
-    private static final int MD5_LENGTH = 16;
-
     /**
      * A cache to store passwords. It's a speedup, we will be able to avoid backend lookups.
      *
@@ -152,37 +145,6 @@ public class SimpleAuthenticator extends
         credentialCache = new LRUMap( cacheSize > 0 ? cacheSize : DEFAULT_CACHE_SIZE );
     }
 
-    /**
-     * A private class to store all informations about the existing
-     * password found in the cache or get from the backend.
-     *
-     * This is necessary as we have to compute :
-     * - the used algorithm
-     * - the salt if any
-     * - the password itself.
-     *
-     * If we have a on-way encrypted password, it is stored using this
-     * format :
-     * {<algorithm>}<encrypted password>
-     * where the encrypted password format can be :
-     * - MD5/SHA : base64([<salt (4 or 8 bytes)>]<password>)
-     * - crypt : <salt (2 btytes)><password>
-     *
-     * Algorithm are currently MD5, SMD5, SHA, SSHA, CRYPT and empty
-     */
-    private class EncryptionMethod
-    {
-        private byte[] salt;
-        private LdapSecurityConstants algorithm;
-
-
-        private EncryptionMethod( LdapSecurityConstants algorithm, byte[] salt )
-        {
-            this.algorithm = algorithm;
-            this.salt = salt;
-        }
-    }
-
 
     /**
      * Get the password either from cache or from backend.
@@ -195,7 +157,7 @@ public class SimpleAuthenticator extends
         LdapPrincipal principal = null;
 
         // use cache only if pwdpolicy is not enabled
-        if( getPwdPolicyConfig() == null )
+        if( !getDirectoryService().isPwdPolicyEnabled() )
         {
             synchronized ( credentialCache )
             {
@@ -224,7 +186,7 @@ public class SimpleAuthenticator extends
             principal = new LdapPrincipal( bindContext.getDn(), AuthenticationLevel.SIMPLE, storedPassword );
 
             // Now, update the local cache ONLY if pwdpolicy is not enabled.
-            if( getPwdPolicyConfig() == null )
+            if( !getDirectoryService().isPwdPolicyEnabled() )
             {
                 synchronized ( credentialCache )
                 {
@@ -243,40 +205,6 @@ public class SimpleAuthenticator extends
      * value of {@link Context#SECURITY_PRINCIPAL} environment variable, and
      * authenticates a user with the plain-text password.
      * </p>
-     * We have at least 6 algorithms to encrypt the password :
-     * <ul>
-     * <li>- SHA</li>
-     * <li>- SHA-256</li>
-     * <li>- SSHA (salted SHA)</li>
-     * <li>- MD5</li>
-     * <li>- SMD5 (slated MD5)</li>
-     * <li>- crypt (unix crypt)</li>
-     * <li>- plain text, ie no encryption.</li>
-     * </ul>
-     * <p>
-     *  If we get an encrypted password, it is prefixed by the used algorithm, between
-     *  brackets : {SSHA}password ...
-     *  </p>
-     *  If the password is using SSHA, SMD5 or crypt, some 'salt' is added to the password :
-     *  <ul>
-     *  <li>- length(password) - 20, starting at 21th position for SSHA</li>
-     *  <li>- length(password) - 16, starting at 16th position for SMD5</li>
-     *  <li>- length(password) - 2, starting at 3rd position for crypt</li>
-     *  </ul>
-     *  <p>
-     *  For (S)SHA, SHA-256 and (S)MD5, we have to transform the password from Base64 encoded text
-     *  to a byte[] before comparing the password with the stored one.
-     *  </p>
-     *  <p>
-     *  For crypt, we only have to remove the salt.
-     *  </p>
-     *  <p>
-     *  At the end, we use the digest() method for (S)SHA and (S)MD5, the crypt() method for
-     *  the CRYPT algorithm and a straight comparison for PLAIN TEXT passwords.
-     *  </p>
-     *  <p>
-     *  The stored password is always using the unsalted form, and is stored as a bytes array.
-     *  </p>
      */
     public LdapPrincipal authenticate( BindOperationContext bindContext ) throws LdapException
     {
@@ -293,167 +221,22 @@ public class SimpleAuthenticator extends
         // Get the stored password, either from cache or from backend
         byte[] storedPassword = principal.getUserPassword();
 
-        // Let's see if the stored password was encrypted
-        LdapSecurityConstants algorithm = PasswordUtil.findAlgorithm( storedPassword );
-
-        if ( algorithm != null )
+        // Now, compare the two passwords.
+        if ( PasswordUtil.compareCredentials( credentials, storedPassword ) )
         {
-            EncryptionMethod encryptionMethod = new EncryptionMethod( algorithm, null );
-
-            // Let's get the encrypted part of the stored password
-            // We should just keep the password, excluding the algorithm
-            // and the salt, if any.
-            // But we should also get the algorithm and salt to
-            // be able to encrypt the submitted user password in the next step
-            byte[] encryptedStored = splitCredentials( storedPassword, encryptionMethod );
-
-            // Reuse the saltedPassword informations to construct the encrypted
-            // password given by the user.
-            byte[] userPassword = PasswordUtil.encryptPassword( credentials, encryptionMethod.algorithm, encryptionMethod.salt );
-
-            // Now, compare the two passwords.
-            if ( Arrays.equals( userPassword, encryptedStored ) )
-            {
-                if ( IS_DEBUG )
-                {
-                    LOG.debug( "{} Authenticated", bindContext.getDn() );
-                }
-
-                return principal;
-            }
-            else
+            if ( IS_DEBUG )
             {
-                // Bad password ...
-                String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
-                LOG.info( message );
-                throw new LdapAuthenticationException( message );
+                LOG.debug( "{} Authenticated", bindContext.getDn() );
             }
-        }
-        else
-        {
-            // PLAIN TEXT passwords : we compare the byte array directly
-            // Are the passwords equal ?
-            if ( Arrays.equals( credentials, storedPassword ) )
-            {
-                if ( IS_DEBUG )
-                {
-                    LOG.debug( "{} Authenticated", bindContext.getDn() );
-                }
 
-                return principal;
-            }
-            else
-            {
-                // Bad password ...
-                String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
-                LOG.info( message );
-                throw new LdapAuthenticationException( message );
-            }
+            return principal;
         }
-    }
-
-
-    private static void split( byte[] all, int offset, byte[] left, byte[] right )
-    {
-        System.arraycopy( all, offset, left, 0, left.length );
-        System.arraycopy( all, offset + left.length, right, 0, right.length );
-    }
-
-
-    /**
-     * Decompose the stored password in an algorithm, an eventual salt
-     * and the password itself.
-     *
-     * If the algorithm is SHA, SSHA, MD5 or SMD5, the part following the algorithm
-     * is base64 encoded
-     *
-     * @param encryptionMethod The structure to feed
-     * @return The password
-     * @param credentials the credentials to split
-     */
-    private byte[] splitCredentials( byte[] credentials, EncryptionMethod encryptionMethod )
-    {
-        int algoLength = encryptionMethod.algorithm.getName().length() + 2;
-
-        switch ( encryptionMethod.algorithm )
+        else
         {
-            case HASH_METHOD_MD5:
-            case HASH_METHOD_SHA:
-            case HASH_METHOD_SHA256:
-                try
-                {
-                    // We just have the password just after the algorithm, base64 encoded.
-                    // Just decode the password and return it.
-                    return Base64
-                        .decode( new String( credentials, algoLength, credentials.length - algoLength, "UTF-8" )
-                            .toCharArray() );
-                }
-                catch ( UnsupportedEncodingException uee )
-                {
-                    // do nothing
-                    return credentials;
-                }
-
-            case HASH_METHOD_SMD5:
-                try
-                {
-                    // The password is associated with a salt. Decompose it
-                    // in two parts, after having decoded the password.
-                    // The salt will be stored into the EncryptionMethod structure
-                    // The salt is at the end of the credentials, and is 8 bytes long
-                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength, credentials.length
-                        - algoLength, "UTF-8" ).toCharArray() );
-
-                    int saltLength = passwordAndSalt.length - MD5_LENGTH;
-                    encryptionMethod.salt = new byte[saltLength];
-                    byte[] password = new byte[MD5_LENGTH];
-                    split( passwordAndSalt, 0, password, encryptionMethod.salt );
-
-                    return password;
-                }
-                catch ( UnsupportedEncodingException uee )
-                {
-                    // do nothing
-                    return credentials;
-                }
-
-            case HASH_METHOD_SSHA:
-                try
-                {
-                    // The password is associated with a salt. Decompose it
-                    // in two parts, after having decoded the password.
-                    // The salt will be stored into the EncryptionMethod structure
-                    // The salt is at the end of the credentials, and is 8 bytes long
-                    byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength, credentials.length
-                        - algoLength, "UTF-8" ).toCharArray() );
-
-                    int saltLength = passwordAndSalt.length - SHA1_LENGTH;
-                    encryptionMethod.salt = new byte[saltLength];
-                    byte[] password = new byte[SHA1_LENGTH];
-                    split( passwordAndSalt, 0, password, encryptionMethod.salt );
-
-                    return password;
-                }
-                catch ( UnsupportedEncodingException uee )
-                {
-                    // do nothing
-                    return credentials;
-                }
-
-            case HASH_METHOD_CRYPT:
-                // The password is associated with a salt. Decompose it
-                // in two parts, storing the salt into the EncryptionMethod structure.
-                // The salt comes first, not like for SSHA and SMD5, and is 2 bytes long
-                encryptionMethod.salt = new byte[2];
-                byte[] password = new byte[credentials.length - encryptionMethod.salt.length - algoLength];
-                split( credentials, algoLength, encryptionMethod.salt, password );
-
-                return password;
-
-            default:
-                // unknown method
-                return credentials;
-
+            // Bad password ...
+            String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
+            LOG.info( message );
+            throw new LdapAuthenticationException( message );
         }
     }
 

Propchange: directory/apacheds/branches/apacheds-config/http-directory-bridge/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -0,0 +1,6 @@
+/directory/apacheds/branches/apacheds-codec-merge/http-directory-bridge:982369-987590
+/directory/apacheds/branches/apacheds-replication/http-directory-bridge:749790-764110
+/directory/apacheds/branches/apacheds-schema/http-directory-bridge:806623-896441
+/directory/apacheds/branches/apacheds-subtree/http-directory-bridge:965203-965686
+/directory/apacheds/branches/xdbm-refactoring/http-directory-bridge:945827-946347
+/directory/apacheds/trunk/http-directory-bridge:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/http-integration/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/http-integration:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/http-integration:980138-980935
+/directory/apacheds/trunk/http-integration:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/i18n/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/i18n:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/i18n:980138-980935
+/directory/apacheds/trunk/i18n:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/interceptor-kerberos/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/interceptor-kerberos:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/interceptor-kerberos:980138-980935
+/directory/apacheds/trunk/interceptor-kerberos:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/jdbm/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/jdbm:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/jdbm:980138-980935
+/directory/apacheds/trunk/jdbm:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/jdbm-partition/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/jdbm-partition:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/jdbm-partition:980138-980935
+/directory/apacheds/trunk/jdbm-partition:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -4,4 +4,4 @@
 /directory/apacheds/branches/apacheds-schema/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree:806623-810034
 /directory/apacheds/branches/apacheds-subtree/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree:965203-965686
 /directory/apacheds/branches/xdbm-refactoring/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree:945827-946347
-/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree:498338-580500,806623-894866*
+/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree:498338-580500,806623-894866*,1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -4,4 +4,4 @@
 /directory/apacheds/branches/apacheds-schema/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java:809853-810034
 /directory/apacheds/branches/apacheds-subtree/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java:965203-965686
 /directory/apacheds/branches/xdbm-refactoring/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java:945827-946347
-/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java:498338-580500,806623-894866
+/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/partition/tree/PartitionTreeTest.java:498338-580500,806623-894866,1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -4,4 +4,4 @@
 /directory/apacheds/branches/apacheds-schema/jdbm-partition/src/test/java/org/apache/directory/server/core/schema:806623-810034
 /directory/apacheds/branches/apacheds-subtree/jdbm-partition/src/test/java/org/apache/directory/server/core/schema:965203-965686
 /directory/apacheds/branches/xdbm-refactoring/jdbm-partition/src/test/java/org/apache/directory/server/core/schema:945827-946347
-/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/schema:498338-580500,806623-894866*
+/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/schema:498338-580500,806623-894866*,1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -4,4 +4,4 @@
 /directory/apacheds/branches/apacheds-schema/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java:806623-810034
 /directory/apacheds/branches/apacheds-subtree/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java:965203-965686
 /directory/apacheds/branches/xdbm-refactoring/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java:945827-946347
-/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java:498338-580500,806623-894866
+/directory/apacheds/trunk/jdbm-partition/src/test/java/org/apache/directory/server/core/schema/PartitionSchemaLoaderTest.java:498338-580500,806623-894866,1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/kerberos-shared/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/kerberos-shared:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/kerberos-shared:980138-980936
+/directory/apacheds/trunk/kerberos-shared:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/kerberos-test/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/kerberos-test:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/kerberos-test:980138-980936
+/directory/apacheds/trunk/kerberos-test:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/ldif-partition/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/ldif-partition:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/ldif-partition:980138-980936
+/directory/apacheds/trunk/ldif-partition:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/protocol-changepw/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/protocol-changepw:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-changepw:980138-980936
+/directory/apacheds/trunk/protocol-changepw:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/protocol-dhcp/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/protocol-dhcp:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-dhcp:980138-980936
+/directory/apacheds/trunk/protocol-dhcp:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/protocol-dns/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/protocol-dns:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-dns:980138-980936
+/directory/apacheds/trunk/protocol-dns:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/protocol-kerberos/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/protocol-kerberos:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-kerberos:980138-980936
+/directory/apacheds/trunk/protocol-kerberos:1023440-1028958

Propchange: directory/apacheds/branches/apacheds-config/protocol-ldap/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Oct 30 02:08:35 2010
@@ -1,2 +1,3 @@
 /directory/apacheds/branches/apacheds-codec-merge/protocol-ldap:982369-987590
 /directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-ldap:980138-980936
+/directory/apacheds/trunk/protocol-ldap:1023440-1028958

Modified: directory/apacheds/branches/apacheds-config/protocol-ldap/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/protocol-ldap/pom.xml?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/protocol-ldap/pom.xml (original)
+++ directory/apacheds/branches/apacheds-config/protocol-ldap/pom.xml Sat Oct 30 02:08:35 2010
@@ -99,6 +99,11 @@
       <artifactId>ldap-client-api</artifactId>
     </dependency>
 
+    <dependency>
+        <groupId>bouncycastle</groupId>
+        <artifactId>bcprov-jdk15</artifactId>
+    </dependency>
+    
     <!-- just have the dependency on activemq core components alone excluding
          the spring and OSGi related jars, cause we use *only* the QueueS nothing else -->
     <dependency>

Modified: directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java (original)
+++ directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java Sat Oct 30 02:08:35 2010
@@ -241,6 +241,14 @@ public class BindHandler extends LdapReq
             bindRequest.getResultResponse().addAllControls( bindContext.getResponseControls() );
             ldapSession.getIoSession().write( bindRequest.getResultResponse() );
         }
+        finally
+        {
+            // Reset LDAP session bind status to anonymous if authentication failed
+            if ( !ldapSession.isAuthenticated() )
+            {
+                ldapSession.setAnonymous();
+            }
+        }
     }
 
 

Modified: directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/replication/SyncReplConsumer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/replication/SyncReplConsumer.java?rev=1028969&r1=1028968&r2=1028969&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/replication/SyncReplConsumer.java (original)
+++ directory/apacheds/branches/apacheds-config/protocol-ldap/src/main/java/org/apache/directory/server/ldap/replication/SyncReplConsumer.java Sat Oct 30 02:08:35 2010
@@ -230,19 +230,12 @@ public class SyncReplConsumer implements
             // Do a bind
             BindResponse bindResponse = connection.bind( config.getReplUserDn(), config.getReplUserPassword() );
 
-            // Check that it is not null and valid
-            if ( bindResponse == null )
-            {
-                LOG.error( "Failed to bind with the given bindDN and credentials" );
-                return false;
-            }
-
             // Now get the result
             LdapResult ldapResult = bindResponse.getLdapResult();
 
             if ( ldapResult.getResultCode() != ResultCodeEnum.SUCCESS )
             {
-                LOG.warn( "Failed to bind on the server : {}", ldapResult );
+                LOG.warn( "Failed to bind to the server with the given bind DN {} and credentials: {}", config.getReplUserDn(), ldapResult );
             }
             else
             {



Mime
View raw message