directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Extending Authentication for Bind
Date Thu, 21 Feb 2013 17:59:28 GMT
Le 2/21/13 6:54 PM, Kiran Ayyagari a écrit :
> On Thu, Feb 21, 2013 at 11:10 PM, Emmanuel Lécharny <elecharny@gmail.com>wrote:
>
>> Le 2/21/13 5:25 PM, Kiran Ayyagari a écrit :
>>> don't think we have such a support right now do we? is that looping of
>>> authenticators makes this a possibility?
>> I see that the Authenticator interface provide a checkPwdPolicy() method :
>>
>>     /**
>>      *  performs checks on the given entry based on the specified
>> password policy configuration
>>      *
>>      * @param userEntry the user entry to be checked for authentication
>>      * @throws PasswordPolicyException
>>      */
>>     void checkPwdPolicy( Entry userEntry ) throws LdapException;
>>
>> Why can't we do all the passwordPolicy checks in the authenticator,
>> instead of the interceptor ?
>>
>> The only pb is that we need the user entry at this point, but couldn't
>> we pass the BindContext, so for the checkPwdPolicy() to fetch the entry
>> from the DS instead ?
>>
>> Does it make sense ?
>>
>> password policy is enforced not only during authentication but also after
> authentication and while doing modify operation

Absolutly, but here, I'm just mentioning the check when doing a bind.
Every other operation should be done in the interceptors.

Btw, I'm mocing the PPolicy test which is in core-integ into
server-integ, as it requires a LdapNetworkConnection, and not a
LdapCoreSessionConnection.

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 


Mime
View raw message