From 16a4c18b4c101e8e3dc7b8be756de1807970065f Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 19 Jul 2007 16:12:32 +0000
Subject: [PATCH] Update the server to provide more complete support for the password policy control as described in draft-behera-ldap-password-policy.  In particular, improved support has been provided for all operations for the case in which a user must change his/her password before performing any other types of operations.  These changes also provide enhanced support for add and modify operations that are rejected because a password change is not acceptable for some reason.

---
 opends/src/server/org/opends/server/core/DirectoryServer.java |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/DirectoryServer.java b/opends/src/server/org/opends/server/core/DirectoryServer.java
index 6b7c19c..d1ec034 100644
--- a/opends/src/server/org/opends/server/core/DirectoryServer.java
+++ b/opends/src/server/org/opends/server/core/DirectoryServer.java
@@ -67,6 +67,8 @@
 import org.opends.server.config.ConfigEntry;
 import org.opends.server.config.ConfigException;
 import org.opends.server.config.JMXMBean;
+import org.opends.server.controls.PasswordPolicyErrorType;
+import org.opends.server.controls.PasswordPolicyResponseControl;
 import org.opends.server.extensions.ConfigFileHandler;
 import org.opends.server.extensions.JMXAlertHandler;
 import org.opends.server.loggers.TextErrorLogPublisher;
@@ -7203,6 +7205,18 @@
         case DELETE:
         case MODIFY_DN:
         case SEARCH:
+          // See if the request included the password policy request control.
+          // If it did, then add a corresponding response control.
+          for (Control c : operation.getRequestControls())
+          {
+            if (c.getOID().equals(OID_PASSWORD_POLICY_CONTROL))
+            {
+              operation.addResponseControl(new PasswordPolicyResponseControl(
+                   null, 0, PasswordPolicyErrorType.CHANGE_AFTER_RESET));
+              break;
+            }
+          }
+
           int    msgID   = MSGID_ENQUEUE_MUST_CHANGE_PASSWORD;
           String message = getMessage(msgID);
           throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message,
@@ -7217,6 +7231,18 @@
               ((! requestOID.equals(OID_PASSWORD_MODIFY_REQUEST)) &&
                (! requestOID.equals(OID_START_TLS_REQUEST))))
           {
+            // See if the request included the password policy request control.
+            // If it did, then add a corresponding response control.
+            for (Control c : operation.getRequestControls())
+            {
+              if (c.getOID().equals(OID_PASSWORD_POLICY_CONTROL))
+              {
+                operation.addResponseControl(new PasswordPolicyResponseControl(
+                     null, 0, PasswordPolicyErrorType.CHANGE_AFTER_RESET));
+                break;
+              }
+            }
+
             msgID   = MSGID_ENQUEUE_MUST_CHANGE_PASSWORD;
             message = getMessage(msgID);
             throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,

--
Gitblit v1.10.0