directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: Server does not allow anymore simple password
Date Mon, 04 Jun 2007 19:07:55 GMT
On 6/3/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> ...
> since the last addition of the PasswordPolicyService interceptor in
> trunk, the server does not accept anymore passwords which are supposly
> violating a policy : "Password violates policy:  insufficient character
> mix".

You have several good points about the new PasswordPolicyService.  I
am sorry I committed the server.xml with the interceptors enabled and
you are correct to disable them.

> ...
>     void check( String username, String password ) throws NamingException
>     {
>         int passwordLength = 6;
>         int categoryCount = 2;
>         int tokenSize = 3;

I was unsure how to pass configuration to interceptors but I believe I
now understand how to do so.  I will update this in the
PasswordPolicyService interceptor.

> ...
>             else if ( attr instanceof byte[] )
>             {
>                 String string = StringTools.utf8ToString( ( byte[] ) attr
> );
>
>                 StringBuffer sb = new StringBuffer();
>                 sb.append( "'" + string + "' ( " );
>                 sb.append( StringTools.dumpBytes( ( byte[] ) attr
> ).trim() );
>                 log.debug( "Adding Attribute id : 'userPassword',
> Values : [ " + sb.toString() + " ) ]" );
>
>                 userPassword = string;
>             }
>
> This is another example of what should not be done : there is no reason
> for debug specific code to be found in the normal flow. Moreoever, I
> have told Enrique the day before to not using such a pattern.

This is a new "best practice" for me and I will strive to use it in
the future.  Your comments last month on my bad debugging practices
are legitimate and I will begin to review code this month to improve
this situation for existing commits and to make sure any new commits
do not threaten the performance of the server.

FWIW, the PasswordPolicyService has an integration test in server-unit
called 'PasswordPolicyServiceITest'.

Enrique

Mime
View raw message