You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2011/11/18 17:11:47 UTC
svn commit: r1203713 - in /directory/apacheds/trunk:
core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/
interceptors/authn/src/main/java/org/apache/directory/server/core/authn/
interceptors/operational/src/main/java/org/apache/dir...
Author: kayyagari
Date: Fri Nov 18 16:11:46 2011
New Revision: 1203713
URL: http://svn.apache.org/viewvc?rev=1203713&view=rev
Log:
o fixed the failure to modify pwdPolicySubentry by an admin user
o replaced schemav iolation exception with the more appropriate no permission exception
Modified:
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java?rev=1203713&r1=1203712&r2=1203713&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authn/ppolicy/PasswordPolicyTest.java Fri Nov 18 16:11:46 2011
@@ -502,6 +502,52 @@ public class PasswordPolicyTest extends
}
+ @Test
+ public void testModifyPwdSubentry() throws Exception
+ {
+ LdapConnection connection = getAdminNetworkConnection( getLdapServer() );
+
+ Dn userDn = new Dn( "cn=ppolicySubentry,ou=system" );
+ String password = "12345";
+ Entry userEntry = new DefaultEntry(
+ userDn.toString(),
+ "ObjectClass: top",
+ "ObjectClass: person",
+ "cn: ppolicySubentry",
+ "sn: ppolicySubentry_sn",
+ "userPassword: " + password,
+ "pwdPolicySubEntry:" + userDn.getName() );
+
+ AddRequest addRequest = new AddRequestImpl();
+ addRequest.setEntry( userEntry );
+ addRequest.addControl( PP_REQ_CTRL );
+
+ AddResponse addResp = connection.add( addRequest );
+ assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );
+
+ userEntry = connection.lookup( userDn, "*", "+" );
+ assertEquals( userDn.getName(), userEntry.get( "pwdPolicySubEntry" ).getString() );
+
+ ModifyRequest modReq = new ModifyRequestImpl();
+ modReq.setName( userDn );
+ String modSubEntryDn = "cn=policy,ou=system";
+ modReq.replace( "pwdPolicySubEntry", modSubEntryDn );
+ ModifyResponse modResp = connection.modify( modReq );
+ assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );
+
+ userEntry = connection.lookup( userDn, "*", "+" );
+ assertEquals( modSubEntryDn, userEntry.get( "pwdPolicySubEntry" ).getString() );
+
+ // try to modify the subentry as a non-admin
+ connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
+ connection.bind( userDn.getName(), password );
+
+ modResp = connection.modify( modReq );
+ modReq.replace( "pwdPolicySubEntry", userDn.getName() );
+ assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modResp.getLdapResult().getResultCode() );
+ }
+
+
private PasswordPolicy getPwdRespCtrl( Response resp ) throws Exception
{
Control control = resp.getControls().get( PP_REQ_CTRL.getOid() );
Modified: directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1203713&r1=1203712&r2=1203713&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Fri Nov 18 16:11:46 2011
@@ -29,6 +29,7 @@ import static org.apache.directory.share
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_HISTORY_AT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_LAST_SUCCESS_AT;
import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_RESET_AT;
+import static org.apache.directory.shared.ldap.model.constants.PasswordPolicySchemaConstants.PWD_POLICY_SUBENTRY_AT;
import static org.apache.directory.shared.ldap.model.entry.ModificationOperation.ADD_ATTRIBUTE;
import static org.apache.directory.shared.ldap.model.entry.ModificationOperation.REMOVE_ATTRIBUTE;
import static org.apache.directory.shared.ldap.model.entry.ModificationOperation.REPLACE_ATTRIBUTE;
@@ -1180,6 +1181,8 @@ public class AuthenticationInterceptor e
AT_PWD_GRACE_USE_TIME = schemaManager.lookupAttributeTypeRegistry( PWD_GRACE_USE_TIME_AT );
PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( AT_PWD_GRACE_USE_TIME );
+
+ PWD_POLICY_STATE_ATTRIBUTE_TYPES.add( schemaManager.lookupAttributeTypeRegistry( PWD_POLICY_SUBENTRY_AT ) );
}
}
Modified: directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=1203713&r1=1203712&r2=1203713&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java Fri Nov 18 16:11:46 2011
@@ -55,8 +55,6 @@ import org.apache.directory.shared.ldap.
import org.apache.directory.shared.ldap.model.entry.Value;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.exception.LdapNoPermissionException;
-import org.apache.directory.shared.ldap.model.exception.LdapSchemaViolationException;
-import org.apache.directory.shared.ldap.model.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.model.name.Ava;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.apache.directory.shared.ldap.model.name.Rdn;
@@ -331,7 +329,7 @@ public class OperationalAttributeInterce
{
String message = I18n.err( I18n.ERR_31 );
LOG.error( message );
- throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, message );
+ throw new LdapNoPermissionException( message );
}
else
{
@@ -345,7 +343,7 @@ public class OperationalAttributeInterce
{
String message = I18n.err( I18n.ERR_32 );
LOG.error( message );
- throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, message );
+ throw new LdapNoPermissionException( message );
}
else
{
@@ -359,7 +357,7 @@ public class OperationalAttributeInterce
{
String message = I18n.err( I18n.ERR_32 );
LOG.error( message );
- throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, message );
+ throw new LdapNoPermissionException( message );
}
else
{
@@ -371,7 +369,7 @@ public class OperationalAttributeInterce
{
String message = I18n.err( I18n.ERR_32 );
LOG.error( message );
- throw new LdapSchemaViolationException( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, message );
+ throw new LdapNoPermissionException( message );
}
}