From e627deb0b7849bb8119b9566dd093b92ce9a2dbd Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 02 Aug 2006 20:31:50 +0000
Subject: [PATCH] Add a new account expiration feature to the password policy.  This will make it possible for accounts to be given an expiration time, after which it will not be possible to authenticate as that user or target that user with the proxied authorization control.

---
 opends/src/server/org/opends/server/core/BindOperation.java |   21 +++++++++++++++++++--
 1 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/BindOperation.java b/opends/src/server/org/opends/server/core/BindOperation.java
index 82544a9..8a0fb50 100644
--- a/opends/src/server/org/opends/server/core/BindOperation.java
+++ b/opends/src/server/org/opends/server/core/BindOperation.java
@@ -1165,6 +1165,15 @@
               setAuthFailureReason(msgID, message);
               break bindProcessing;
             }
+            else if (pwPolicyState.isAccountExpired())
+            {
+              int    msgID   = MSGID_BIND_OPERATION_ACCOUNT_EXPIRED;
+              String message = getMessage(msgID, String.valueOf(bindDN));
+
+              setResultCode(ResultCode.INVALID_CREDENTIALS);
+              setAuthFailureReason(msgID, message);
+              break bindProcessing;
+            }
             else if (pwPolicyState.lockedDueToFailures())
             {
               int    msgID   = MSGID_BIND_OPERATION_ACCOUNT_FAILURE_LOCKED;
@@ -1211,7 +1220,7 @@
 
             // Determine whether the password is expired, or whether the user
             // should be warned about an upcoming expiration.
-            if (pwPolicyState.isExpired())
+            if (pwPolicyState.isPasswordExpired())
             {
               if (pwPolicyErrorType == null)
               {
@@ -1547,6 +1556,14 @@
               appendErrorMessage(getMessage(msgID, userDNString));
               break bindProcessing;
             }
+            else if (pwPolicyState.isAccountExpired())
+            {
+              setResultCode(ResultCode.INVALID_CREDENTIALS);
+
+              int msgID = MSGID_BIND_OPERATION_ACCOUNT_EXPIRED;
+              appendErrorMessage(getMessage(msgID, userDNString));
+              break bindProcessing;
+            }
 
             if (pwPolicyState.requireSecureAuthentication() &&
                 (! clientConnection.isSecure()) &&
@@ -1605,7 +1622,7 @@
                 break bindProcessing;
               }
 
-              if (pwPolicyState.isExpired())
+              if (pwPolicyState.isPasswordExpired())
               {
                 if (pwPolicyErrorType == null)
                 {

--
Gitblit v1.10.0