Directory ApacheDS
  1. Directory ApacheDS
  2. DIRSERVER-1676

Provide a set of error codes along with an AuthenticationException to indicate its root cause.

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.0-M4
    • Fix Version/s: 2.0.0-M16
    • Component/s: core
    • Labels:
    • Environment:
      64bit Windows, using 32 bit jvm to support wrapper.dll

      Description

      There may be more cases to consider but when a user supplies an incorrect password or the account is locked,
      a javax.naming.AuthenticationException is thrown. Currently comparing the strings returned by ex.getMessage() is
      the only way to determine which event occurred.

      [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=xyz,o=corp]
      [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was permanently locked]

        Activity

        Hide
        Kiran Ayyagari added a comment -

        There are no standard codes defined for any password policy violations, probably ApacheDS should define custom codes.

        Show
        Kiran Ayyagari added a comment - There are no standard codes defined for any password policy violations, probably ApacheDS should define custom codes.
        Hide
        Carlo Accorsi added a comment -

        Hi, when I created this JIRA, the password policy code was not totally functional.

        Using 2.0.0-M16, we have the ability to capture all login failure scenarios. I don't need anything fixed here. Thanks!

        We add a password policy control to the bind request.
        Then we check the the PasswordPolicyResponse and from there we can handle the different failure cases by comparing the responses to the PasswordPolicyErrorEnum.

        Map<String,Control> mapControls = bindResponse.getControls();
        ....
        Control ctrl = mapControls.get(PasswordPolicy.OID);
        .....
        PasswordPolicyResponse pw = null;
        PasswordPolicy pwPolicy = ((PasswordPolicyDecorator)ctrl).getDecorated();
        if (pwPolicy.hasResponse())
        pw = pwPolicy.getResponse();
        // process response codes to capture and raise errors. one example method is below
        }

        /**Determine if user account is locked from PasswordPolicyResponse code.

        • @param ctrl The PasswordPolicyResponse object containing the response code
        • @return true when account is locked, false otherwise.
          */
          public boolean isAccountLocked(PasswordPolicyResponse ctrl)
          Unknown macro: { if (PasswordPolicyErrorEnum.ACCOUNT_LOCKED == ctrl.getPasswordPolicyError()) { return true; } return false; }
        Show
        Carlo Accorsi added a comment - Hi, when I created this JIRA, the password policy code was not totally functional. Using 2.0.0-M16, we have the ability to capture all login failure scenarios. I don't need anything fixed here. Thanks! We add a password policy control to the bind request. Then we check the the PasswordPolicyResponse and from there we can handle the different failure cases by comparing the responses to the PasswordPolicyErrorEnum. Map<String,Control> mapControls = bindResponse.getControls(); .... Control ctrl = mapControls.get(PasswordPolicy.OID); ..... PasswordPolicyResponse pw = null; PasswordPolicy pwPolicy = ((PasswordPolicyDecorator)ctrl).getDecorated(); if (pwPolicy.hasResponse()) pw = pwPolicy.getResponse(); // process response codes to capture and raise errors. one example method is below } /**Determine if user account is locked from PasswordPolicyResponse code. @param ctrl The PasswordPolicyResponse object containing the response code @return true when account is locked, false otherwise. */ public boolean isAccountLocked(PasswordPolicyResponse ctrl) Unknown macro: { if (PasswordPolicyErrorEnum.ACCOUNT_LOCKED == ctrl.getPasswordPolicyError()) { return true; } return false; }
        Hide
        Carlo Accorsi added a comment -

        Oh one more thing.. this JIRA was posted before our code was ported from JNDI to the ApacheDS API

        Show
        Carlo Accorsi added a comment - Oh one more thing.. this JIRA was posted before our code was ported from JNDI to the ApacheDS API
        Hide
        Kiran Ayyagari added a comment -

        Thanks for confirming, and I totally forgot about the ppolicy enum, that is the way to compare.

        Show
        Kiran Ayyagari added a comment - Thanks for confirming, and I totally forgot about the ppolicy enum, that is the way to compare.

          People

          • Assignee:
            Kiran Ayyagari
            Reporter:
            Carlo Accorsi
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development