From af1b4bead731b2dc8f25e4db507afab0428054d0 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Tue, 20 Sep 2011 11:29:12 +0000
Subject: [PATCH] Issue OPENDJ-262: Implement pass through authentication (PTA)

---
 opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java |   21 ++++++++++++++-------
 1 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java b/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
index 079bceb..0a916a8 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/controls/ProxiedAuthV2Control.java
@@ -33,7 +33,7 @@
 import java.util.concurrent.locks.Lock;
 import java.io.IOException;
 
-import org.opends.server.api.AuthenticationPolicy;
+import org.opends.server.api.AuthenticationPolicyState;
 import org.opends.server.api.IdentityMapper;
 import org.opends.server.core.DirectoryServer;
 import org.opends.server.core.PasswordPolicyState;
@@ -333,13 +333,20 @@
   private void checkAccountIsUsable(Entry userEntry)
       throws DirectoryException
   {
-    AuthenticationPolicy policy = AuthenticationPolicy.forUser(userEntry,
-        false);
-    if (policy.isPasswordPolicy())
+    AuthenticationPolicyState state = AuthenticationPolicyState.forUser(
+        userEntry, false);
+
+    if (state.isDisabled())
     {
-      PasswordPolicyState pwpState = (PasswordPolicyState) policy
-          .createAuthenticationPolicyState(userEntry);
-      if (pwpState.isDisabled() || pwpState.isAccountExpired() ||
+      Message message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(String
+          .valueOf(userEntry.getDN()));
+      throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
+    }
+
+    if (state.isPasswordPolicy())
+    {
+      PasswordPolicyState pwpState = (PasswordPolicyState) state;
+      if (pwpState.isAccountExpired() ||
           pwpState.lockedDueToFailures() ||
           pwpState.lockedDueToIdleInterval() ||
           pwpState.lockedDueToMaximumResetAge() ||

--
Gitblit v1.10.0