From 53d48707db58d3ef95e4cc672ffc94093da69e62 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Wed, 27 Jan 2016 13:53:27 +0000
Subject: [PATCH] OPENDJ-2036: add separate messages for authzID account problems

---
 opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java |   18 ++++++++++++++----
 1 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java b/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java
index dcfb261..0da30ab 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/controls/ProxiedAuthV2Control.java
@@ -22,7 +22,7 @@
  *
  *
  *      Copyright 2006-2008 Sun Microsystems, Inc.
- *      Portions Copyright 2011-2015 ForgeRock AS.
+ *      Portions Copyright 2011-2016 ForgeRock AS.
  */
 package org.opends.server.controls;
 
@@ -301,16 +301,26 @@
 
     if (state.isDisabled())
     {
-      LocalizableMessage message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(userEntry.getName());
+      LocalizableMessage message = ERR_PROXYAUTH2_ACCOUNT_DISABLED.get(userEntry.getName());
       throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
     }
 
     if (state.isPasswordPolicy())
     {
       PasswordPolicyState pwpState = (PasswordPolicyState) state;
-      if (pwpState.isAccountExpired() || pwpState.isLocked() || pwpState.isPasswordExpired())
+      if (pwpState.isAccountExpired())
       {
-        LocalizableMessage message = ERR_PROXYAUTH2_UNUSABLE_ACCOUNT.get(userEntry.getName());
+        LocalizableMessage message = ERR_PROXYAUTH2_ACCOUNT_EXPIRED.get(userEntry.getName());
+        throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
+      }
+      if (pwpState.isLocked())
+      {
+        LocalizableMessage message = ERR_PROXYAUTH2_ACCOUNT_LOCKED.get(userEntry.getName());
+        throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
+      }
+      if (pwpState.isPasswordExpired())
+      {
+        LocalizableMessage message = ERR_PROXYAUTH2_PASSWORD_EXPIRED.get(userEntry.getName());
         throw new DirectoryException(ResultCode.AUTHORIZATION_DENIED, message);
       }
     }

--
Gitblit v1.10.0