have checked the code but didn't find any obvious issue, do you have a test case that I can use to reproduce?
On Fri, Nov 18, 2011 at 9:02 AM, Kiran Ayyagari <[email protected]> wrote: > most likely it could be a bug, will check that > > On Fri, Nov 18, 2011 at 6:09 AM, <[email protected]> wrote: >> Hi again. I'm getting and handling the ASN.1 messages for when a password is >> about to expire, and grace logins left and cases where there's no exception. >> However, if there's an exception, the response controls are null. In the >> debugger, I see my response control present in the LdapContext but the >> moment, I step over >> ctx.modifyAttributes(strDn, mods); >> >> and for example an javax.naming.directory.InvalidAttributeValueException is >> thrown for: >> >> : Password should have a minmum of 6 characters >> Or >> : invalid reuse of password present in password history] >> >> The LdapContext is still valid but the response controls are set null? I've >> observed this by stepping through the code. >> I was hoping to catch the reason in the ASN message and handle the failure >> appropriately from there. >> >> >> Thank you, >> Carlo Accorsi >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf Of >> Kiran Ayyagari >> Sent: Tuesday, November 15, 2011 1:57 PM >> To: [email protected] >> Subject: Re: ApacheDS differentiating Authentication Exceptions >> >> On Tue, Nov 15, 2011 at 1:47 PM, Emmanuel Lecharny <[email protected]> >> wrote: >>> On 11/15/11 7:11 PM, [email protected] wrote: >>>> >>>> Ok, when I try and bind with an expired password and all grace logins >>>> are spent, this exception is thrown: >>>> >>>> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 >>>> - >>>> INVALID_CREDENTIALS: Bind failed: paasword expired and max grace >>>> logins were used] >>>> >>>> >>>> And in the LdapContext. getResponseControls() encodedValue there is >>>> this small byte array: >>>> >>>> [48, 3, -127, 1, 0] >>>> >>>> Does anyone know how to interpret or decode this? >>> >>> This stands for >>> 0x30 0x03 >>> 0x81 0x01 0x00 >>> >>> which means, when correlated with the ASN.1 grammar : >>> >>> PasswordPolicyResponseValue ::= SEQUENCE { >>> warning [0] CHOICE { >>> timeBeforeExpiration [0] INTEGER (0 .. maxInt), >>> graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL, >>> error [1] ENUMERATED { >>> passwordExpired (0), >>> accountLocked (1), >>> changeAfterReset (2), >>> passwordModNotAllowed (3), >>> mustSupplyOldPassword (4), >>> insufficientPasswordQuality (5), >>> passwordTooShort (6), >>> passwordTooYoung (7), >>> passwordInHistory (8) } OPTIONAL } >>> >>> 0x30 0x03 : SEQUENCE, 3 bytes length >>> 0x81 : error [1] (would have been 0x80 for a warning) >>> 0x01 : one byte length >>> 0x00 : passwordExpired. >>> >>> ASN1 can be fun, but only for people who like this part of Pulp Fiction : >>> http://www.youtube.com/watch?v=wN2-I31Imis&feature=player_detailpage >>> >> there goes the Christopher Nolan of ASN1 :) thanks for putting many details >> than the one I was about to send. >> >> OTOH, Carlo - >> take a look at the control's source present here [1], you need not(and might >> not) use all of it, but some parts can be reused >> >> [1] >> http://svn.apache.org/repos/asf/directory/shared/trunk/ldap/extras/codec-api/src/main/java/org/apache/directory/shared/ldap/extras/controls/ppolicy >>> >>> -- >>> Regards, >>> Cordialement, >>> Emmanuel Lécharny >>> www.iktek.com >>> >>> >> >> >> >> -- >> Kiran Ayyagari >> > > > > -- > Kiran Ayyagari > -- Kiran Ayyagari
