From 7c30dbb5403772b323df3ad907d9ed15d23b5aee Mon Sep 17 00:00:00 2001
From: ludovicp <ludovicp@localhost>
Date: Thu, 29 Apr 2010 20:35:40 +0000
Subject: [PATCH] Last batch of changes for this week. This adds support for the IETF based Password Policy for LDAP as SubEntry. Also resolves the following issues : - 4544 :  initializeBackend() should not set JE env config params directly. - 4478 : ECL in draft compat mode / search lastchangenumber can be very long - 4538 : Virtual attributes not retrieved when entry cache configured - 4547 : Search Filter Matching differ for cn=Directory Manager and plain user. - 4514 : Logs shows unexpected message with replication monitoring data missing (Partial fix) - 4534 : Replication using security does not work after server restart - 4516 : SEVERE_ERROR: servers (...) have the same ServerId In addition, they also improve reliability and performance in various areas including CollectiveAttributes, Virtual Attributes and Subentries management, Schema loading, Replication...

---
 opends/src/server/org/opends/server/core/PasswordPolicyState.java |   62 ++++++++++++++++++++++++++----
 1 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/PasswordPolicyState.java b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
index b8a9c9c..f66e2ee 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicyState.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2006-2008 Sun Microsystems, Inc.
+ *      Copyright 2006-2010 Sun Microsystems, Inc.
  */
 package org.opends.server.core;
 
@@ -210,8 +210,8 @@
     this.currentTime = currentTime;
 
     userDNString     = userEntry.getDN().toString();
-    passwordPolicy   = getPasswordPolicyInternal(this.userEntry,
-                                                 useDefaultOnError);
+    passwordPolicy   = getPasswordPolicy(this.userEntry,
+                                         useDefaultOnError);
 
     // Get the password changed time for the user.
     AttributeType type
@@ -253,8 +253,9 @@
   /**
    * Retrieves the password policy for the user. If the user entry contains the
    * ds-pwp-password-policy-dn attribute (whether real or virtual), that
-   * password policy is returned, otherwise the default password policy is
-   * returned.
+   * password policy is returned, otherwise applicable to the user entry
+   * subentry password policy is returned, if any, otherwise the default
+   * password policy is returned.
    *
    * @param  userEntry          The user entry.
    * @param  useDefaultOnError  Indicates whether the server should fall back to
@@ -266,15 +267,15 @@
    * @throws  DirectoryException  If a problem occurs while attempting to
    *                              determine the password policy for the user.
    */
-  private static PasswordPolicy getPasswordPolicyInternal(Entry userEntry,
+  public static PasswordPolicy getPasswordPolicy(Entry userEntry,
                                      boolean useDefaultOnError)
        throws DirectoryException
   {
     String userDNString = userEntry.getDN().toString();
-    AttributeType type =
-         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN, true);
-
+    AttributeType type = DirectoryServer.getAttributeType(
+            OP_ATTR_PWPOLICY_POLICY_DN, true);
     List<Attribute> attrList = userEntry.getAttribute(type);
+
     if (attrList != null)
     {
       for (Attribute a : attrList)
@@ -350,6 +351,49 @@
       }
     }
 
+    // No attribute defined password policy: try locating and using the
+    // closest to this entry password policy subentry defined, if any.
+    List<SubEntry> pwpSubEntries =
+            DirectoryServer.getSubentryManager().getSubentries(userEntry);
+    if ((pwpSubEntries != null) && (!pwpSubEntries.isEmpty()))
+    {
+      for (SubEntry subentry : pwpSubEntries)
+      {
+        try
+        {
+          if (subentry.getEntry().isPasswordPolicySubentry())
+          {
+            PasswordPolicy policy = DirectoryServer.getPasswordPolicy(
+                    subentry.getDN());
+            if (policy == null)
+            {
+              // This shouldnt happen but if it does debug log
+              // this problem and fall back to default policy.
+              if (debugEnabled())
+              {
+                TRACER.debugError(
+                        "Found unknown password policy subentry "
+                        + "DN %s for user %s",
+                        subentry.getDN().toString(), userDNString);
+              }
+              break;
+            }
+            return policy;
+          }
+        }
+        catch (Exception e)
+        {
+          if (debugEnabled())
+          {
+            TRACER.debugError("Could not parse password policy subentry "
+                    + "DN %s for user %s: %s",
+                    subentry.getDN().toString(), userDNString,
+                    stackTraceToSingleLineString(e));
+          }
+        }
+      }
+    }
+
     // There is no policy subentry defined: use the default.
     if (debugEnabled())
     {

--
Gitblit v1.10.0