From 0e87ef45f8048b462c14115512671e5db56d4bbe Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 31 Jul 2007 17:31:26 +0000
Subject: [PATCH] Update the password policy code so that the sum of the minimum password age and the password expiration warning interval must always be less than the maximum password age.  This ensures that the minimum password age will itself always be less than the maximum age, and will also prevent a scenario in which the user could receive password expiration warning messages during a period when he/she cannot change the password due to the minimum age.

---
 opends/src/server/org/opends/server/core/PasswordPolicy.java |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/PasswordPolicy.java b/opends/src/server/org/opends/server/core/PasswordPolicy.java
index 37e40a4..20f02bf 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicy.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicy.java
@@ -844,6 +844,30 @@
       String message = getMessage(msgID, String.valueOf(configEntryDN));
       throw new ConfigException(msgID, message);
     }
+
+    // If both a maximum password age and a warning interval are provided, then
+    // ensure that the warning interval is less than the maximum age.  Further,
+    // if a minimum age is specified, then the sum of the minimum age and the
+    // warning interval should be less than the maximum age.
+    if (maximumPasswordAge > 0)
+    {
+      int warnInterval = Math.max(0, warningInterval);
+      if (minimumPasswordAge > 0)
+      {
+        if ((warnInterval + minimumPasswordAge) >= maximumPasswordAge)
+        {
+          msgID = MSGID_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE;
+          String message = getMessage(msgID, String.valueOf(configEntryDN));
+          throw new ConfigException(msgID, message);
+        }
+      }
+      else if (warnInterval >= maximumPasswordAge)
+      {
+        msgID = MSGID_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE;
+        String message = getMessage(msgID, String.valueOf(configEntryDN));
+        throw new ConfigException(msgID, message);
+      }
+    }
   }
 
 

--
Gitblit v1.10.0