You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "lucas theisen (JIRA)" <ji...@apache.org> on 2015/08/07 20:59:47 UTC
[jira] [Resolved] (DIRSERVER-2087) Not all policy state attributes
get added to PWD_POLICY_STATE_ATTRIBUTE_TYPES
[ https://issues.apache.org/jira/browse/DIRSERVER-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lucas theisen resolved DIRSERVER-2087.
--------------------------------------
Resolution: Fixed
> Not all policy state attributes get added to PWD_POLICY_STATE_ATTRIBUTE_TYPES
> -----------------------------------------------------------------------------
>
> Key: DIRSERVER-2087
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2087
> Project: Directory ApacheDS
> Issue Type: Bug
> Reporter: lucas theisen
> Priority: Critical
>
> Specifically, only:
> {code:java|title=org.apache.directory.server.core.authn.AuthenticationInterceptor.java}
> /**
> * Initialize the PasswordPolicy attributeTypes
> *
> * @throws LdapException If the initialization failed
> */
> public void loadPwdPolicyStateAttributeTypes() throws LdapException
> {
> AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry( PWD_RESET_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );
> AT_PWD_CHANGED_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_CHANGED_TIME_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_CHANGED_TIME );
> AT_PWD_HISTORY = schemaManager.lookupAttributeTypeRegistry( PWD_HISTORY_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_HISTORY );
> AT_PWD_FAILURE_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_FAILURE_TIME_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_FAILURE_TIME );
> AT_PWD_ACCOUNT_LOCKED_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_ACCOUNT_LOCKED_TIME );
> AT_PWD_LAST_SUCCESS = schemaManager.lookupAttributeTypeRegistry( PWD_LAST_SUCCESS_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_LAST_SUCCESS );
> AT_PWD_GRACE_USE_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );
> PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT ) );
> }
> {code}
> Leaving out {{pwdPolicySubentry, pwdStartTime, pwdEndTime, pwdLastSuccess}}.
> This is important because the {{SchemaInterceptor}} prevents modification of operational attributes that are _NOT_ in this list:
> {code:java|title=org.apache.directory.server.core.schema.SchemaInterceptor.java}
> else if( ( !attributeType.equals( MODIFIERS_NAME_AT )
> && ( !attributeType.equals( MODIFY_TIMESTAMP_AT ) )
> && ( !attributeType.equals( ENTRY_CSN_AT ) )
> && ( !PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains( attributeType ) ) ) )
> {
> String msg = I18n.err( I18n.ERR_52, attributeType );
> LOG.error( msg );
> throw new LdapNoPermissionException( msg );
> }
> {code}
> As for {{pwdPolicySubentry, pwdLastSuccess}}, i'm not sure if they should be allowed, but the other two, {{pwdStartTime, pwdEndTime}}, do need to be modifiable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Re: [jira] [Resolved] (DIRSERVER-2087) Not all policy state
attributes get added to PWD_POLICY_STATE_ATTRIBUTE_TYPES
Posted by Joseph king <ki...@gmail.com>.
Unsubscribe
On Fri, Aug 7, 2015 at 2:59 PM, lucas theisen (JIRA) <ji...@apache.org>
wrote:
>
> [
> https://issues.apache.org/jira/browse/DIRSERVER-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
>
> lucas theisen resolved DIRSERVER-2087.
> --------------------------------------
> Resolution: Fixed
>
> > Not all policy state attributes get added to
> PWD_POLICY_STATE_ATTRIBUTE_TYPES
> >
> -----------------------------------------------------------------------------
> >
> > Key: DIRSERVER-2087
> > URL:
> https://issues.apache.org/jira/browse/DIRSERVER-2087
> > Project: Directory ApacheDS
> > Issue Type: Bug
> > Reporter: lucas theisen
> > Priority: Critical
> >
> > Specifically, only:
> >
> {code:java|title=org.apache.directory.server.core.authn.AuthenticationInterceptor.java}
> > /**
> > * Initialize the PasswordPolicy attributeTypes
> > *
> > * @throws LdapException If the initialization failed
> > */
> > public void loadPwdPolicyStateAttributeTypes() throws LdapException
> > {
> > AT_PWD_RESET = schemaManager.lookupAttributeTypeRegistry(
> PWD_RESET_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_RESET );
> > AT_PWD_CHANGED_TIME = schemaManager.lookupAttributeTypeRegistry(
> PWD_CHANGED_TIME_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_CHANGED_TIME );
> > AT_PWD_HISTORY = schemaManager.lookupAttributeTypeRegistry(
> PWD_HISTORY_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_HISTORY );
> > AT_PWD_FAILURE_TIME = schemaManager.lookupAttributeTypeRegistry(
> PWD_FAILURE_TIME_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_FAILURE_TIME );
> > AT_PWD_ACCOUNT_LOCKED_TIME =
> schemaManager.lookupAttributeTypeRegistry( PWD_ACCOUNT_LOCKED_TIME_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_ACCOUNT_LOCKED_TIME
> );
> > AT_PWD_LAST_SUCCESS = schemaManager.lookupAttributeTypeRegistry(
> PWD_LAST_SUCCESS_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_LAST_SUCCESS );
> > AT_PWD_GRACE_USE_TIME =
> schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );
> > PWD_POLICY_STATE_ATTRIBUTE_TYPES.add(
> schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT ) );
> > }
> > {code}
> > Leaving out {{pwdPolicySubentry, pwdStartTime, pwdEndTime,
> pwdLastSuccess}}.
> > This is important because the {{SchemaInterceptor}} prevents
> modification of operational attributes that are _NOT_ in this list:
> >
> {code:java|title=org.apache.directory.server.core.schema.SchemaInterceptor.java}
> > else if( ( !attributeType.equals( MODIFIERS_NAME_AT )
> > && ( !attributeType.equals( MODIFY_TIMESTAMP_AT ) )
> > && ( !attributeType.equals( ENTRY_CSN_AT ) )
> > && ( !PWD_POLICY_STATE_ATTRIBUTE_TYPES.contains(
> attributeType ) ) ) )
> > {
> > String msg = I18n.err( I18n.ERR_52, attributeType );
> > LOG.error( msg );
> > throw new LdapNoPermissionException( msg );
> > }
> > {code}
> > As for {{pwdPolicySubentry, pwdLastSuccess}}, i'm not sure if they
> should be allowed, but the other two, {{pwdStartTime, pwdEndTime}}, do need
> to be modifiable.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.3.4#6332)
>