directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] Never reaching PasswordPolicyImpl in custom server
Date Thu, 21 Feb 2013 15:03:54 GMT
ok, I see why they are not active, in embed mode the policy is not loaded
by default

It is a little more involved if you want to load them using config
partition. Take a look at method createPwdPolicyConfig() and
createInterceptors() method in [1]

If you want to do it in a truly embedded fashion then create

PasswordPolicyConfiguration passwordPolicy = new
PasswordPolicyConfiguration();
// set all the policy config values like
// passwordPolicy.setPwdLockout(true)

PpolicyConfigContainer ppolicyContainer = new PpolicyConfigContainer();
ppolicyContainer.setDefaultPolicy( ppolicyConfig );

// then set this container in authentication interceptor
AuthenticationInterceptor interceptor = ( AuthenticationInterceptor )
getDirectoryService().getInterceptor(
InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName() )
interceptor.setPwdPolicies( ppolicyContainer );

let us know if you have any issues

[1]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java

On Thu, Feb 21, 2013 at 6:20 PM, Patricio Demitrio
<pdemitrio@scoop-gmbh.de>wrote:

> Yes, it is in enabled. Remember that password policies and users are equal
> in both my configurations. I'm guessing that it has something to do woth
> how I'm loading the config partition, or maybe how I'm processing the
> bindings/searches.
> Thanks
> --------------------------------------------------------------
> 2013.02.21 11:34:39,994 DEBUG [main]
> org.apache.directory.api.ldap.model.ldif.LdifReader [] - Read an entry :
> dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationI
>  nterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> ads-pwdexpirewarning: 600
> ads-pwdmaxfailure: 5
> ads-pwdgraceexpire: 0
> entryparentid: 92ad55fe-9a98-45a2-be5e-04237981d6dd
> ads-pwdgraceauthnlimit: 5
> ads-pwdsafemodify: FALSE
> ads-pwdlockout: TRUE
> ads-pwdid: default
> ads-pwdminage: 0
> ads-pwdinhistory: 5
> ads-pwdmaxidle: 0
> ads-pwdmindelay: 0
> objectclass: top
> objectclass: ads-base
> objectclass: ads-passwordPolicy
> ads-enabled: TRUE
> entryuuid: 386bf5c1-547e-4cd1-ab28-432ebbac1bab
> modifiersname: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> ads-pwdfailurecountinterval: 30
> ads-pwdattribute: userPassword
> ads-pwdmustchange: TRUE
> ads-pwdlockoutduration: 0
> ads-pwdallowuserchange: TRUE
> ads-pwdmaxdelay: 0
> ads-pwdcheckquality: 1
> modifytimestamp: 20130215105701.444Z
> entrycsn: 20130215105701.444000Z#000000#001#000000
> ads-pwdminlength: 5
> ads-pwdmaxage: 0
> ads-pwdmaxlength: 0
>
>
>
> On Thu, Feb 21, 2013 at 1:25 PM, Emmanuel Lécharny <elecharny@gmail.com
> >wrote:
>
> > Le 2/21/13 1:13 PM, Patricio Demitrio a écrit :
> > > I'm using the grep command to search in the log files, but the results
> > are
> > > way too much to analyze. Can you tell me specifically what to look?
> > > Thanks
> > Look at dn:
> >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> >
> >
> > the ads-enabled value should be TRUE
> >
> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel Lécharny
> > www.iktek.com
> >
> >
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message