From 95e73eb3bdab96363e6bd01c48203336782f6a5e Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 08 Sep 2011 12:03:54 +0000
Subject: [PATCH] Issue OPENDJ-262: Implement pass through authentication (PTA)

---
 opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java |   39 +++++++++++++++++++++++++++------------
 opends/src/messages/messages/extension.properties                                              |   12 ++++++++++++
 2 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/opends/src/messages/messages/extension.properties b/opends/src/messages/messages/extension.properties
index 77a7be7..bf80d19 100644
--- a/opends/src/messages/messages/extension.properties
+++ b/opends/src/messages/messages/extension.properties
@@ -1486,3 +1486,15 @@
 MILD_ERR_LDAP_PTA_CONNECTION_BIND_FAILED_602=The remote LDAP server at %s:%d \
  for LDAP PTA policy "%s" has failed to authenticate user "%s", returning the \
  response code %d (%s) and error message "%s"
+MILD_ERR_LDAP_PTA_CONNECTION_SEARCH_SIZE_LIMIT_603=The remote LDAP server at %s:%d \
+ for LDAP PTA policy "%s" returned multiple matching entries while searching \
+ "%s" using the filter "%s"
+MILD_ERR_LDAP_PTA_CONNECTION_SEARCH_TIME_LIMIT_604=The remote LDAP server at %s:%d \
+ for LDAP PTA policy "%s" failed to return any matching entries within the timeout \
+ while  searching "%s" using the filter "%s"
+MILD_ERR_LDAP_PTA_CONNECTION_SEARCH_NO_MATCHES_605=The remote LDAP server at %s:%d \
+ for LDAP PTA policy "%s" did not return any matching entries while searching \
+ "%s" using the filter "%s"
+MILD_ERR_LDAP_PTA_CONNECTION_SEARCH_FAILED_606=The remote LDAP server at %s:%d \
+ for LDAP PTA policy "%s" returned an error while searching "%s" using the \
+ filter "%s": response code %d (%s) and error message "%s"
diff --git a/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java b/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
index 41077a6..a27f7b8 100644
--- a/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
+++ b/opends/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java
@@ -316,8 +316,8 @@
             break;
 
           case OP_TYPE_SEARCH_RESULT_REFERENCE:
-            // Count this as a result.
-            resultCount++;
+            // The reference does not necessarily mean that there would have
+            // been any matching results, so lets ignore it.
             break;
 
           case OP_TYPE_SEARCH_RESULT_DONE:
@@ -334,19 +334,28 @@
               break;
 
             case SIZE_LIMIT_EXCEEDED:
-              // TODO: Too many entries would have been returned.
+              // Multiple matching candidates.
               throw new DirectoryException(
                   ResultCode.CLIENT_SIDE_MORE_RESULTS_TO_RETURN,
-                  (Message) null);
+                  ERR_LDAP_PTA_CONNECTION_SEARCH_SIZE_LIMIT.get(host, port,
+                      String.valueOf(options.dn()), String.valueOf(baseDN),
+                      String.valueOf(filter)));
 
             case TIME_LIMIT_EXCEEDED:
-              // FIXME: search timed out.
+              // The server timed out the search.
               throw new DirectoryException(ResultCode.CLIENT_SIDE_TIMEOUT,
-                  (Message) null);
+                  ERR_LDAP_PTA_CONNECTION_SEARCH_TIME_LIMIT.get(host, port,
+                      String.valueOf(options.dn()), String.valueOf(baseDN),
+                      String.valueOf(filter)));
 
             default:
-              // FIXME: The search failed for some reason.
-              throw new DirectoryException(resultCode, (Message) null);
+              // The search failed for some reason.
+              throw new DirectoryException(resultCode,
+                  ERR_LDAP_PTA_CONNECTION_SEARCH_FAILED.get(host, port,
+                      String.valueOf(options.dn()), String.valueOf(baseDN),
+                      String.valueOf(filter), resultCode.getIntValue(),
+                      resultCode.getResultCodeName(),
+                      searchResult.getErrorMessage()));
             }
 
             break;
@@ -361,16 +370,22 @@
 
         if (resultCount > 1)
         {
-          // FIXME: too many matching entries found.
+          // Multiple matching candidates.
           throw new DirectoryException(
-              ResultCode.CLIENT_SIDE_MORE_RESULTS_TO_RETURN, (Message) null);
+              ResultCode.CLIENT_SIDE_MORE_RESULTS_TO_RETURN,
+              ERR_LDAP_PTA_CONNECTION_SEARCH_SIZE_LIMIT.get(host, port,
+                  String.valueOf(options.dn()), String.valueOf(baseDN),
+                  String.valueOf(filter)));
         }
 
         if (username == null)
         {
-          // FIXME: no matching entries found.
+          // No matching entries found.
           throw new DirectoryException(
-              ResultCode.CLIENT_SIDE_NO_RESULTS_RETURNED, (Message) null);
+              ResultCode.CLIENT_SIDE_NO_RESULTS_RETURNED,
+              ERR_LDAP_PTA_CONNECTION_SEARCH_NO_MATCHES.get(host, port,
+                  String.valueOf(options.dn()), String.valueOf(baseDN),
+                  String.valueOf(filter)));
         }
 
         return username;

--
Gitblit v1.10.0