[
https://issues.apache.org/jira/browse/DIRSERVER-1935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13847601#comment-13847601
]
lucas theisen commented on DIRSERVER-1935:
------------------------------------------
This additional unit test (in PwdModifyIT) will demonstrate the issue:
{code:java}
/**
* Attempt to modify an existing user password and fail. Then process the
* password policy control from the response.
*/
@Test
public void testModifyUserPasswordWithPasswordPolicyControl() throws
Exception
{
policyConfig.setPwdCheckQuality( CheckQualityEnum.CHECK_ACCEPT ); //
allow the password if its quality can't be checked
policyConfig.setPwdMinLength( 5 );
LdapConnection adminConnection = null;
LdapConnection userConnection = null;
try {
adminConnection = getAdminNetworkConnection( getLdapServer() );
addUser( adminConnection, "User3", "secret3" );
Dn userDn = new Dn( "cn=User3,ou=system" );
userConnection = getNetworkConnectionAs( ldapServer,
userDn.toString(), "secret3" );
PasswordPolicyDecorator passwordPolicyRequestControl =
new PasswordPolicyDecorator(
LdapApiServiceFactory.getSingleton(), new PasswordPolicyImpl() );
PwdModifyRequestImpl pwdModifyRequest = new PwdModifyRequestImpl();
pwdModifyRequest.setUserIdentity( Dn.getBytes( userDn ) );
pwdModifyRequest.setOldPassword( Strings.getBytesUtf8( "secret3" )
);
pwdModifyRequest.setNewPassword( Strings.getBytesUtf8( "1234" ) );
pwdModifyRequest.addControl( passwordPolicyRequestControl );
// Send the request
PwdModifyResponse pwdModifyResponse = ( PwdModifyResponse )
userConnection.extended( pwdModifyRequest );
// passwordTooShort is a contstraint violation
assertEquals( ResultCodeEnum.CONSTRAINT_VIOLATION,
pwdModifyResponse.getLdapResult().getResultCode() );
Control passwordPolicyResponseControl =
pwdModifyResponse.getControl( passwordPolicyRequestControl.getOid() );
assertNotNull( passwordPolicyResponseControl );
assertEquals( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG,
((PasswordPolicyDecorator)passwordPolicyResponseControl)
.getDecorated().getResponse().getPasswordPolicyError() );
}
finally {
adminConnection.close();
userConnection.close();
}
}
{code}
> Include password policy control in the password modify extended operation
> response if requested
> -----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-1935
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1935
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 2.0.0-M16
> Reporter: lucas theisen
>
> Adding the password policy control to a PwdModifyRequest results in slightly
> strange behavior. Without the control, if a failure occurs, an exception is
> thrown as expected. With the control, no exception is thrown, but the
> LdapResponse ResultCode is set to INVALID_CREDENTIALS instead of the expected
> CONSTRAINT_VIOLATION, and no controls are included in the response. The
> diagnostic message on the LdapResultDecorator in the response shows that of
> my constraint violation, so I think there are some crossed wires somewhere.
> Workaround: if using a password attribute on an entry (and not a password
> stored outside of the directory), then use a ModifyRequest with just that
> attribute.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
