You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pa...@apache.org on 2013/03/22 15:52:27 UTC
svn commit: r1459818 -
/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Author: pamarcelot
Date: Fri Mar 22 14:52:27 2013
New Revision: 1459818
URL: http://svn.apache.org/r1459818
Log:
Fix for DIRSERVER-1812 (The default admin account should never get locked forever)
Modified:
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1459818&r1=1459817&r2=1459818&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Fri Mar 22 14:52:27 2013
@@ -71,6 +71,7 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.api.util.DateUtils;
import org.apache.directory.api.util.StringConstants;
import org.apache.directory.api.util.Strings;
+import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InterceptorEnum;
@@ -535,22 +536,28 @@ public class AuthenticationInterceptor e
if ( policyConfig.isPwdLockout() && ( numFailures >= policyConfig.getPwdMaxFailure() ) )
{
- Attribute pwdAccountLockedTimeAt = new DefaultAttribute( AT_PWD_ACCOUNT_LOCKED_TIME );
-
- // if zero, lockout permanently, only admin can unlock it
- if ( policyConfig.getPwdLockoutDuration() == 0 )
- {
- pwdAccountLockedTimeAt.add( "000001010000Z" );
- }
- else
+ // Checking that we're not locking the admin user of the system partition
+ // See DIRSERVER-1812 (The default admin account should never get locked forever)
+ if ( !userEntry.getDn().equals( new Dn( schemaManager, ServerDNConstants.ADMIN_SYSTEM_DN ) ) )
{
- pwdAccountLockedTimeAt.add( failureTime );
- }
+ Attribute pwdAccountLockedTimeAt = new DefaultAttribute( AT_PWD_ACCOUNT_LOCKED_TIME );
+
+ // if zero, lockout permanently, only admin can unlock it
+ if ( policyConfig.getPwdLockoutDuration() == 0 )
+ {
+ pwdAccountLockedTimeAt.add( "000001010000Z" );
+ }
+ else
+ {
+ pwdAccountLockedTimeAt.add( failureTime );
+ }
- Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE, pwdAccountLockedTimeAt );
- mods.add( pwdAccountLockedMod );
+ Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE,
+ pwdAccountLockedTimeAt );
+ mods.add( pwdAccountLockedMod );
- pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.ACCOUNT_LOCKED );
+ pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.ACCOUNT_LOCKED );
+ }
}
else if ( policyConfig.getPwdMinDelay() > 0 )
{