directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Re: ApacheDS differentiating Authentication Exceptions
Date Thu, 10 Nov 2011 16:10:38 GMT
On 11/10/11 4:55 PM, Carlo.Accorsi@ibs-ag.com wrote:
> Hi, Another question around failed login attempts.
>
> We bind like this. With the env containing the user, pass and all other props.
>
> LdapContext ctx = new InitialLdapContext(env,ctrls);
>
> When the user supplies either an incorrect password or the account is locked, a javax.naming.AuthenticationException
is thrown.
>
> And the resulting ctx is null, so there are no Response Controls available in these cases.
>
> In both failure modes the stack traces are identical except for the value of ex.getMessage().
>
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate
user uid=xyz,o=corp]
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was permanently locked]
>
> Other than comparing the strings above, is there another way to determine which event
occurred?
Sadly, no. The message is a composition between an error code (49 = 
invalid credentials) and a string giving some information about the error.

Each server might provide a different message.

Now, you might create a JIRA requesting that the error message contains 
an error code like :

[LDAP: error code 49 - INVALID_CREDENTIALS: err12345 : Bind failed: account was permanently
locked]



-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com


Mime
View raw message