mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: ec61e846 | patch | commit | ignore whitespace
neil_a_wilson
15.25.2006 9d690194a88200c47b3a1d7ed64efe5890c2943b 
Update the password policy implementation to use ds-pwp-password-policy-dn
instead of pwdPolicySubentry for indicating which password policy should be
applied for a given user.  The new attribute is not marked NO-USER-MODIFICATION
so that it can be directly altered by administrators in addition to having a
value populated by a virtual attribute.  The pwdPolicySubentry attribute is
defined in the IETF draft as NO-USER-MODIFICATION and is only intended to be
virtually defined, making it more difficult to configure a special policy for
an individual user.

This also eliminates the possibility that clients will see this attribute and
will expect the corresponding password policy configuration to be based on the
specification in the IETF draft, which is not the case for OpenDS.

OpenDS Issue Number:  1003
16 files modified
118 ■■■■ changed files
opends/resource/config/config.ldif 4 ●●●● patch | view | raw | blame | history
opends/resource/schema/02-config.ldif 3 ●●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/config/ConfigConstants.java 13 ●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/core/AddOperation.java 2 ●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/core/PasswordPolicyState.java 10 ●●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/messages/CoreMessages.java 4 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/api/PasswordValidatorTestCase.java 16 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/core/AddOperationTestCase.java 2 ●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandlerTestCase.java 10 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/DigestMD5SASLMechanismHandlerTestCase.java 10 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java 2 ●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java 6 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPAuthenticationHandlerTestCase.java 24 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPCompareTestCase.java 4 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPModifyTestCase.java 4 ●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPSearchTestCase.java 4 ●●●● patch | view | raw | blame | history 
 opends/resource/config/config.ldif


@@ -854,7 +854,7 @@


objectClass: ds-cfg-password-policy


cn: Root Password Policy


ds-cfg-password-attribute: userPassword


ds-cfg-default-password-storage-scheme: SSHA512


ds-cfg-default-password-storage-scheme: SSHA


ds-cfg-allow-expired-password-changes: false


ds-cfg-allow-multiple-password-values: false


ds-cfg-allow-pre-encoded-passwords: false


@@ -1030,7 +1030,7 @@


ds-rlim-size-limit: 0


ds-rlim-time-limit: 0


ds-rlim-lookthrough-limit: 0


pwdPolicySubentry: cn=Root Password Policy,cn=Password Policies,cn=config


ds-pwp-password-policy-dn: cn=Root Password Policy,cn=Password Policies,cn=config




dn: cn=Root DSE,cn=config


objectClass: top




 opends/resource/schema/02-config.ldif


@@ -988,6 +988,9 @@


attributeTypes: ( 1.3.6.1.4.1.26027.1.1.287 NAME 'ds-cfg-backend-mode'


  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE


  X-ORIGIN 'OpenDS Directory Server' )


attributeTypes: ( 1.3.6.1.4.1.26027.1.1.288 NAME 'ds-pwp-password-policy-dn'


  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directoryOperation


  X-ORIGIN 'OpenDS Directory Server' )


objectClasses: ( 1.3.6.1.4.1.26027.1.2.1


  NAME 'ds-cfg-access-control-handler' SUP top STRUCTURAL


  MUST ( cn $ ds-cfg-acl-handler-class $ ds-cfg-acl-handler-enabled )




 opends/src/server/org/opends/server/config/ConfigConstants.java


@@ -3176,17 +3176,8 @@


   * The name of the operational attribute that will appear in a user's entry to


   * indicate which password policy should be used.


   */


  public static final String OP_ATTR_PWPOLICY_SUBENTRY =


       "pwdPolicySubentry";








  /**


   * The name of the password policy subentry attribute, in all lowercase


   * characters.


   */


  public static final String OP_ATTR_PWPOLICY_SUBENTRY_LC =


       "pwdpolicysubentry";


  public static final String OP_ATTR_PWPOLICY_POLICY_DN =


       "ds-pwp-password-policy-dn";










 opends/src/server/org/opends/server/core/AddOperation.java


@@ -1408,7 +1408,7 @@


          //          attribute.


          PasswordPolicy pwPolicy = null;


          List<Attribute> pwAttrList =


               entry.getAttribute(OP_ATTR_PWPOLICY_SUBENTRY_LC);


               entry.getAttribute(OP_ATTR_PWPOLICY_POLICY_DN);


          if ((pwAttrList != null) && (! pwAttrList.isEmpty()))


          {


            Attribute a = pwAttrList.get(0);




 opends/src/server/org/opends/server/core/PasswordPolicyState.java


@@ -298,14 +298,10 @@


    assert debugEnter(CLASS_NAME, "getPasswordPolicy");






    // See if the user entry contains the pwdPolicySubentry attribute to select


    // a custom objectclass (whether real or virtual).


    // See if the user entry contains the ds-pwp-password-policy-dn attribute to


    // select a custom objectclass (whether real or virtual).


    AttributeType type =


         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_SUBENTRY_LC);


    if (type == null)


    {


      type = DirectoryServer.getDefaultAttributeType(OP_ATTR_PWPOLICY_SUBENTRY);


    }


         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN, true);




    List<Attribute> attrList = userEntry.getAttribute(type);


    if ((attrList == null) || attrList.isEmpty())




 opends/src/server/org/opends/server/messages/CoreMessages.java


@@ -7945,8 +7945,8 @@




    registerMessage(MSGID_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN,


                    "An error occurred while attempting to decode the " +


                    OP_ATTR_PWPOLICY_SUBENTRY + " value \"%s\" in user entry " +


                    "\"%s\" as a DN:  %s.");


                    OP_ATTR_PWPOLICY_POLICY_DN + " value \"%s\" in user " +


                    "entry \"%s\" as a DN:  %s.");


    registerMessage(MSGID_PWPSTATE_NO_SUCH_POLICY,


                    "User entry %s is configured to use a password policy " +


                    "subentry of %s but no such password policy has been " +




 opends/tests/unit-tests-testng/src/server/org/opends/server/api/PasswordValidatorTestCase.java


@@ -355,8 +355,8 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy,cn=Password " +


              "Policies,cn=config");


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");






    InternalClientConnection conn =


@@ -416,8 +416,8 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy,cn=Password " +


              "Policies,cn=config");


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");






    InternalClientConnection conn =


@@ -721,8 +721,8 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy,cn=Password " +


              "Policies,cn=config");


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");






    InternalClientConnection conn =


@@ -804,8 +804,8 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy,cn=Password " +


              "Policies,cn=config");


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");






    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/core/AddOperationTestCase.java


@@ -931,7 +931,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandlerTestCase.java


@@ -209,7 +209,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -258,7 +258,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -310,7 +310,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: " + password,


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -359,7 +359,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -408,7 +408,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/DigestMD5SASLMechanismHandlerTestCase.java


@@ -210,7 +210,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -261,7 +261,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -312,7 +312,7 @@


              "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -363,7 +363,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -778,7 +778,7 @@


         "cn: Second Root DN",


         "ds-cfg-alternate-bind-dn: cn=Second Root DN",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/PasswordModifyExtendedOperationTestCase.java


@@ -2378,7 +2378,7 @@


         "cn: Test User",


         "authPassword: password",


         "authPassword: password2",


         "pwdPolicySubentry: cn=SHA1 AuthPassword Policy," +


         "ds-pwp-password-policy-dn: cn=SHA1 AuthPassword Policy," +


              "cn=Password Policies,cn=config");








 opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java


@@ -273,7 +273,7 @@


      "sn: User2",


      "cn: Test User2",


      "userPassword: password",


      "pwdPolicySubentry: cn=SSHA512 UserPassword Policy," +


      "ds-pwp-password-policy-dn: cn=SSHA512 UserPassword Policy," +


           "cn=Password Policies,cn=config",


      "",


      "dn: uid=test.user3,o=test",


@@ -287,8 +287,8 @@


      "sn: User3",


      "cn: Test User3",


      "authPassword: password",


      "pwdPolicySubentry: cn=SHA1 AuthPassword Policy,cn=Password Policies," +


           "cn=config"


      "ds-pwp-password-policy-dn: cn=SHA1 AuthPassword Policy," +


           "cn=Password Policies,cn=config"


    };




    String ldifString = TestCaseUtils.makeLdif(entryLines);




 opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPAuthenticationHandlerTestCase.java


@@ -727,7 +727,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -799,7 +799,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -947,7 +947,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -1248,7 +1248,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -1310,7 +1310,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -1387,7 +1387,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -1451,7 +1451,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -1767,7 +1767,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -2244,7 +2244,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -2385,7 +2385,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -4063,7 +4063,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -4125,7 +4125,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPCompareTestCase.java


@@ -709,7 +709,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -758,7 +758,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPModifyTestCase.java


@@ -634,7 +634,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -682,7 +682,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =




 opends/tests/unit-tests-testng/src/server/org/opends/server/tools/LDAPSearchTestCase.java


@@ -789,7 +789,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =


@@ -839,7 +839,7 @@


         "sn: User",


         "cn: Test User",


         "userPassword: password",


         "pwdPolicySubentry: cn=Clear UserPassword Policy," +


         "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +


              "cn=Password Policies,cn=config");




    InternalClientConnection conn =