directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1203713 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/ interceptors/authn/src/main/java/org/apache/directory/server/core/authn/ interceptors/operational/src/main/java/org/apache/dir...
Date Fri, 18 Nov 2011 16:11:47 GMT
Author: kayyagari
Date: Fri Nov 18 16:11:46 2011
New Revision: 1203713

URL: http://svn.apache.org/viewvc?rev=1203713&view=rev
Log:
o fixed the failure to modify pwdPolicySubentry by an admin user
o replaced schemav iolation exception with the more appropriate no permission exception

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
    directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
    directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=1203713&r1=1203712&r2=1203713&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
Fri Nov 18 16:11:46 2011
@@ -502,6 +502,52 @@ public class PasswordPolicyTest extends 
     }
 
     
+    @Test
+    public void testModifyPwdSubentry() throws Exception
+    {
+        LdapConnection connection = getAdminNetworkConnection( getLdapServer() );
+        
+        Dn userDn = new Dn( "cn=ppolicySubentry,ou=system" );
+        String password = "12345";
+        Entry userEntry = new DefaultEntry(
+            userDn.toString(),
+            "ObjectClass: top",
+            "ObjectClass: person",
+            "cn: ppolicySubentry",
+            "sn: ppolicySubentry_sn",
+            "userPassword: " + password,
+            "pwdPolicySubEntry:" + userDn.getName() );
+
+        AddRequest addRequest = new AddRequestImpl();
+        addRequest.setEntry( userEntry );
+        addRequest.addControl( PP_REQ_CTRL );
+
+        AddResponse addResp = connection.add( addRequest );
+        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );
+        
+        userEntry = connection.lookup( userDn, "*", "+" );
+        assertEquals( userDn.getName(), userEntry.get( "pwdPolicySubEntry" ).getString()
);
+        
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( userDn );
+        String modSubEntryDn = "cn=policy,ou=system";
+        modReq.replace( "pwdPolicySubEntry", modSubEntryDn );
+        ModifyResponse modResp = connection.modify( modReq );
+        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );
+        
+        userEntry = connection.lookup( userDn, "*", "+" );
+        assertEquals( modSubEntryDn, userEntry.get( "pwdPolicySubEntry" ).getString() );
+        
+        // try to modify the subentry as a non-admin
+        connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
+        connection.bind( userDn.getName(), password );
+        
+        modResp = connection.modify( modReq );
+        modReq.replace( "pwdPolicySubEntry", userDn.getName() );
+        assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modResp.getLdapResult().getResultCode()
);
+    }
+    
+    
     private PasswordPolicy getPwdRespCtrl( Response resp ) throws Exception
     {
         Control control = resp.getControls().get( PP_REQ_CTRL.getOid() );

Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1203713&r1=1203712&r2=1203713&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Fri Nov 18 16:11:46 2011
@@ -29,6 +29,7 @@ import static org.apache.directory.share
 import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
 import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_LAST_SUCCESS_AT;
 import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_RESET_AT;
+import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_POLICY_SUBENTRY_AT;
 import static org.apache.directory.shared.ldap.model.entry.ModificationOperation.ADD_ATTRIBUTE;
 import static org.apache.directory.shared.ldap.model.entry.ModificationOperation.REMOVE_ATTRIBUTE;
 import static org.apache.directory.shared.ldap.model.entry.ModificationOperation.REPLACE_ATTRIBUTE;
@@ -1180,6 +1181,8 @@ public class AuthenticationInterceptor e
 
             AT_PWD_GRACE_USE_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT
);
             PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );
+            
+            PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( schemaManager.lookupAttributeTypeRegistry(
PWD_POLICY_SUBENTRY_AT ) );
         }
     }
 

Modified: directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=1203713&r1=1203712&r2=1203713&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
Fri Nov 18 16:11:46 2011
@@ -55,8 +55,6 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.model.entry.Value;
 import org.apache.directory.shared.ldap.model.exception.LdapException;
 import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException;
-import org.apache.directory.shared.ldap.model.exception.LdapSchemaViolationException;
-import org.apache.directory.shared.ldap.model.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.model.name.Ava;
 import org.apache.directory.shared.ldap.model.name.Dn;
 import org.apache.directory.shared.ldap.model.name.Rdn;
@@ -331,7 +329,7 @@ public class OperationalAttributeInterce
                 {
                     String message = I18n.err( I18n.ERR_31 );
                     LOG.error( message );
-                    throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                    throw new LdapNoPermissionException( message );
                 }
                 else
                 {
@@ -345,7 +343,7 @@ public class OperationalAttributeInterce
                 {
                     String message = I18n.err( I18n.ERR_32 );
                     LOG.error( message );
-                    throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                    throw new LdapNoPermissionException( message );
                 }
                 else
                 {
@@ -359,7 +357,7 @@ public class OperationalAttributeInterce
                 {
                     String message = I18n.err( I18n.ERR_32 );
                     LOG.error( message );
-                    throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                    throw new LdapNoPermissionException( message );
                 }
                 else
                 {
@@ -371,7 +369,7 @@ public class OperationalAttributeInterce
             {
                 String message = I18n.err( I18n.ERR_32 );
                 LOG.error( message );
-                throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
message );
+                throw new LdapNoPermissionException( message );
             }
         }
 



Mime
View raw message