From dd80dce4110fec321d23d7536dba069d10bd7014 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 30 Jul 2007 01:05:28 +0000
Subject: [PATCH] Provide a configuration option that makes it possible for the administrator to control whether responses to failed bind operations include an error message that explains the problem.  By default, failed bind operations will return a response that indicates the operation failed, but will not include any error message (although it will be written to the access log).  However, if the administrator decides that the benefit of providing this information to the client outweighs any potential security risk, then this option may be used to include that message in the response to the client as well as having it written to the access log.

---
 opends/src/server/org/opends/server/core/DirectoryServer.java |   33 +++++++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/DirectoryServer.java b/opends/src/server/org/opends/server/core/DirectoryServer.java
index 3388200..de50e2b 100644
--- a/opends/src/server/org/opends/server/core/DirectoryServer.java
+++ b/opends/src/server/org/opends/server/core/DirectoryServer.java
@@ -255,6 +255,9 @@
   // Indicates whether the server should reject unauthenticated requests.
   private boolean rejectUnauthenticatedRequests;
 
+  // Indicates whether bind responses should include failure reason messages.
+  private boolean returnBindErrorMessages;
+
   // The configuration manager that will handle the certificate mapper.
   private CertificateMapperConfigManager certificateMapperConfigManager;
 
@@ -726,6 +729,7 @@
          new CopyOnWriteArrayList<ImportTaskListener>();
     directoryServer.allowedTasks = new LinkedHashSet<String>(0);
     directoryServer.disabledPrivileges = new LinkedHashSet<Privilege>(0);
+    directoryServer.returnBindErrorMessages = false;
   }
 
 
@@ -7467,6 +7471,35 @@
 
 
   /**
+   * Indicates whether responses to failed bind operations should include a
+   * message explaining the reason for the failure.
+   *
+   * @return  {@code true} if bind responses should include error messages, or
+   *          {@code false} if not.
+   */
+  public static boolean returnBindErrorMessages()
+  {
+    return directoryServer.returnBindErrorMessages;
+  }
+
+
+
+  /**
+   * Specifies whether responses to failed bind operations should include a
+   * message explaining the reason for the failure.
+   *
+   * @param  returnBindErrorMessages  Specifies whether responses to failed bind
+   *                                  operations should include a message
+   *                                  explaining the reason for the failure.
+   */
+  public static void setReturnBindErrorMessages(boolean returnBindErrorMessages)
+  {
+    directoryServer.returnBindErrorMessages = returnBindErrorMessages;
+  }
+
+
+
+  /**
    * Registers the provided backup task listener with the Directory Server.
    *
    * @param  listener  The backup task listener to register with the Directory

--
Gitblit v1.10.0