From 16d7cd4b4b74fba87b1d9a8e79a77100414c9f26 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Tue, 03 Apr 2012 15:49:23 +0000
Subject: [PATCH] Fix OPENDJ-463: Unable to remove userPassword;deleted attributes

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java |   28 +++++++++++++++++++++-------
 1 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index 98ee77f..609c59b 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -23,7 +23,7 @@
  *
  *
  *      Copyright 2008-2011 Sun Microsystems, Inc.
- *      Portions Copyright 2011 ForgeRock AS
+ *      Portions Copyright 2011-2012 ForgeRock AS
  */
 package org.opends.server.workflowelement.localbackend;
 
@@ -1098,18 +1098,32 @@
       {
         if (!isSynchronizationOperation())
         {
-          // If the attribute contains any options, then reject it.  Passwords
-          // will not be allowed to have options.
-          // Skipped for internal operations.
+          // If the attribute contains any options and new values are going to
+          // be added, then reject it. Passwords will not be allowed to have
+          // options. Skipped for internal operations.
           if (!isInternalOperation())
           {
             if (a.hasOptions())
             {
-              throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
-                  ERR_MODIFY_PASSWORDS_CANNOT_HAVE_OPTIONS.get());
+              switch (m.getModificationType())
+              {
+              case REPLACE:
+                if (!a.isEmpty())
+                {
+                  throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
+                      ERR_MODIFY_PASSWORDS_CANNOT_HAVE_OPTIONS.get());
+                }
+                // Allow delete operations to clean up after import.
+                break;
+              case ADD:
+                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
+                    ERR_MODIFY_PASSWORDS_CANNOT_HAVE_OPTIONS.get());
+              default:
+                // Allow delete operations to clean up after import.
+                break;
+              }
             }
 
-
             // If it's a self change, then see if that's allowed.
             if (selfChange
                 && (!pwPolicyState.getAuthenticationPolicy()

--
Gitblit v1.10.0