From 87a32e534959a6ffaf12c6d69ce98197f7bee596 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Tue, 20 Sep 2011 11:29:12 +0000
Subject: [PATCH] Issue OPENDJ-262: Implement pass through authentication (PTA)

---
 opends/src/server/org/opends/server/extensions/PlainSASLMechanismHandler.java |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/PlainSASLMechanismHandler.java b/opends/src/server/org/opends/server/extensions/PlainSASLMechanismHandler.java
index aa06ad0..c835838 100644
--- a/opends/src/server/org/opends/server/extensions/PlainSASLMechanismHandler.java
+++ b/opends/src/server/org/opends/server/extensions/PlainSASLMechanismHandler.java
@@ -29,6 +29,7 @@
 
 
 
+import static org.opends.messages.CoreMessages.*;
 import static org.opends.messages.ExtensionMessages.*;
 import static org.opends.server.loggers.debug.DebugLogger.debugEnabled;
 import static org.opends.server.loggers.debug.DebugLogger.getTracer;
@@ -504,6 +505,17 @@
       // the user's entry when the bind completes.
       AuthenticationPolicyState authState = AuthenticationPolicyState.forUser(
           userEntry, false);
+
+      if (authState.isDisabled())
+      {
+        // Check to see if the user is administratively disabled or locked.
+        bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
+        Message message = ERR_BIND_OPERATION_ACCOUNT_DISABLED.get(String
+            .valueOf(userEntry.getDN()));
+        bindOperation.setAuthFailureReason(message);
+        return;
+      }
+
       if (!authState.passwordMatches(ByteString.valueOf(password)))
       {
         bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);

--
Gitblit v1.10.0