directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carlo Accorsi (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1676) Provide a set of error codes along with an AuthenticationException to indicate its root cause.
Date Mon, 24 Feb 2014 14:17:23 GMT


Carlo Accorsi commented on DIRSERVER-1676:

Hi, when I created this JIRA, the password policy code was not totally functional. 

Using 2.0.0-M16, we have the ability to capture all login failure scenarios. I don't need
anything fixed here. Thanks!

We add a password policy control to the bind request. 
Then we check the the PasswordPolicyResponse and from there we can handle the different failure
cases by comparing the responses to the PasswordPolicyErrorEnum. 

       Map<String,Control> mapControls =  bindResponse.getControls();
        Control ctrl = mapControls.get(PasswordPolicy.OID);
        PasswordPolicyResponse pw = null;
	PasswordPolicy pwPolicy = ((PasswordPolicyDecorator)ctrl).getDecorated();
	if (pwPolicy.hasResponse())
		pw = pwPolicy.getResponse();
                // process response codes to capture and raise errors. one example method
is below

	/**Determine if user account is locked from PasswordPolicyResponse code. 
	 * @param ctrl The PasswordPolicyResponse object containing the response code
	 * @return true when account is locked, false otherwise.
	public boolean isAccountLocked(PasswordPolicyResponse ctrl)
		if (PasswordPolicyErrorEnum.ACCOUNT_LOCKED == ctrl.getPasswordPolicyError())
			return true;
		return false;

> Provide a set of error codes along with an AuthenticationException to indicate its root
> ----------------------------------------------------------------------------------------------
>                 Key: DIRSERVER-1676
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 2.0.0-M4
>         Environment: 64bit Windows, using 32 bit jvm to support wrapper.dll
>            Reporter: Carlo Accorsi
>            Priority: Minor
>              Labels: apacheds
>             Fix For: 2.0.0-RC1
> There may be more cases to consider but when a user supplies an incorrect password or
the account is locked, 
> a javax.naming.AuthenticationException is thrown. Currently comparing the strings returned
by ex.getMessage() is 
> the only way to determine which event occurred. 
>  [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229  Cannot authenticate
user uid=xyz,o=corp]
>  [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was permanently locked]

This message was sent by Atlassian JIRA

View raw message