directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: [ApacheDS] changes to Authenticator interface for password policy
Date Thu, 01 Jul 2010 08:07:09 GMT
On Wed, Jun 30, 2010 at 4:16 PM, Kiran Ayyagari <>wrote:

> hello guys,
>  Its been a while since I started working on implementing password
> policy[1].
>  Here are a few things I wanted to let you know about the implementation
>   1. The PasswordPolicyInterceptor cannot be used to enforce this
> policy cause we need access to the
>       userpassword and other special attributes before the
> authentication process starts, so am removing this
>       interceptor

You can access those elements in the intereceptor : the modified entry is
already loaded when the interceptor is processed (we do a load of all the
modified entry fields before going through the chain).

I'm not sure that removing the interceptor is necessary at this point.

>   2. Am planning to make some changes to the Authenticator interface
> to inject the password policy configuration
>       so that the authenticator can have access to this config which
> needs to be used to determine whether a
>       user can be authenticated based on the policy state information
> present in the user's entry.

The authentication is not impacted by the passwordPolicy AFAICT.

PP is a matter of controlling that the password respect some conditions when
added or modified (it's controlled for the Add and Modify operation only).
Otherwise, the PP is transparent.

Emmanuel L├ęcharny

View raw message