mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
@@ -23,6 +23,7 @@ * * * Copyright 2006-2008 Sun Microsystems, Inc. * Portions copyright 2011 ForgeRock AS. */ package org.opends.server.controls; import org.opends.messages.Message; @@ -31,6 +32,7 @@ import java.util.concurrent.locks.Lock; import java.io.IOException; import org.opends.server.api.AuthenticationPolicy; import org.opends.server.core.DirectoryServer; import org.opends.server.core.PasswordPolicyState; import org.opends.server.protocols.asn1.*; @@ -323,19 +325,25 @@ // FIXME -- We should provide some mechanism for enabling debug // processing. PasswordPolicyState pwpState = new PasswordPolicyState(userEntry, false); if (pwpState.isDisabled() || pwpState.isAccountExpired() || pwpState.lockedDueToFailures() || pwpState.lockedDueToIdleInterval() || pwpState.lockedDueToMaximumResetAge() || pwpState.isPasswordExpired()) AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry, false); if (policy.isPasswordPolicy()) { Message message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(String.valueOf(authzDN)); throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message); PasswordPolicyState pwpState = (PasswordPolicyState) policy .createAuthenticationPolicyState(userEntry); if (pwpState.isDisabled() || pwpState.isAccountExpired() || pwpState.lockedDueToFailures() || pwpState.lockedDueToIdleInterval() || pwpState.lockedDueToMaximumResetAge() || pwpState.isPasswordExpired()) { Message message = ERR_PROXYAUTH1_UNUSABLE_ACCOUNT.get(String .valueOf(authzDN)); throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message); } } // If we've made it here, then the user is acceptable. return userEntry; }
