Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 89299E0C2 for ; Thu, 21 Feb 2013 17:54:42 +0000 (UTC) Received: (qmail 72906 invoked by uid 500); 21 Feb 2013 17:54:42 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 72883 invoked by uid 500); 21 Feb 2013 17:54:42 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 72871 invoked by uid 99); 21 Feb 2013 17:54:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 17:54:42 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ayyagarikiran@gmail.com designates 209.85.210.174 as permitted sender) Received: from [209.85.210.174] (HELO mail-ia0-f174.google.com) (209.85.210.174) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 17:54:37 +0000 Received: by mail-ia0-f174.google.com with SMTP id u20so4191478iag.5 for ; Thu, 21 Feb 2013 09:54:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=gLhlvjMJ1ZX7jN+r1LKCqvCHZLJ6EWljtuGDgnPn+Kg=; b=kguv9Pxg4jRxeoFr64oGE1WZ6/XvDysQcVt8LdwlMjqsE18w+qhaeqRkc4512YmWFY rmCqiztbtzZJmetEcvT9c/YTQBFwe8ICtnNkmC7Rg6gV/IFSGstH53wDW9wMrniOZWLC 4rNy3/BknCz5wTE4DRqdlETI9sRpbD2nWnbzcImRLfiTXfPdw4y9dLwuLMFhfOKIE2+c VkqineoPO5pCyo3wyunIZQz3iT+L71Z1ruOPVxq1pFpDKtCNT2nYQfP3hMZVrw7tgDJH jTlscy/I+TymJJHlGWMPCZAikoeS5UwuVVrWvwZnTOLwHB/aIP/TKEQuyQKvicc1pCdB 4uYQ== MIME-Version: 1.0 X-Received: by 10.50.195.231 with SMTP id ih7mr12861033igc.55.1361469256927; Thu, 21 Feb 2013 09:54:16 -0800 (PST) Sender: ayyagarikiran@gmail.com Received: by 10.231.72.67 with HTTP; Thu, 21 Feb 2013 09:54:16 -0800 (PST) In-Reply-To: <51265C2B.1020904@gmail.com> References: <51261A6D.8080202@gmail.com> <51264902.1020508@gmail.com> <512649FA.7020709@gmail.com> <51265C2B.1020904@gmail.com> Date: Thu, 21 Feb 2013 23:24:16 +0530 X-Google-Sender-Auth: 0x0xzWSZJg9VBGXOqpuRcxQab5A Message-ID: Subject: Re: Extending Authentication for Bind From: Kiran Ayyagari To: users@directory.apache.org, elecharny@apache.org Content-Type: multipart/alternative; boundary=14dae9340cfb6e88a404d63fc3ee X-Virus-Checked: Checked by ClamAV on apache.org --14dae9340cfb6e88a404d63fc3ee Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Thu, Feb 21, 2013 at 11:10 PM, Emmanuel L=E9charny = wrote: > Le 2/21/13 5:25 PM, Kiran Ayyagari a =E9crit : > > don't think we have such a support right now do we? is that looping of > > authenticators makes this a possibility? > > I see that the Authenticator interface provide a checkPwdPolicy() method = : > > /** > * performs checks on the given entry based on the specified > password policy configuration > * > * @param userEntry the user entry to be checked for authentication > * @throws PasswordPolicyException > */ > void checkPwdPolicy( Entry userEntry ) throws LdapException; > > Why can't we do all the passwordPolicy checks in the authenticator, > instead of the interceptor ? > > The only pb is that we need the user entry at this point, but couldn't > we pass the BindContext, so for the checkPwdPolicy() to fetch the entry > from the DS instead ? > > Does it make sense ? > > password policy is enforced not only during authentication but also after authentication and while doing modify operation > > -- > Regards, > Cordialement, > Emmanuel L=E9charny > www.iktek.com > > --=20 Kiran Ayyagari http://keydap.com --14dae9340cfb6e88a404d63fc3ee--