From ab1a29b5a1cfeda2469f6ca4c3fa86094c83bc58 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Tue, 26 Mar 2013 13:22:14 +0000
Subject: [PATCH] CR-1472 Fix OPENDJ-823 Authz users forced to change their password shouldn't be able to modify entries
---
opends/src/server/org/opends/server/core/DirectoryServer.java | 10
opends/src/server/org/opends/server/util/StaticUtils.java | 27 ++
opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java | 77 ++---
opends/src/messages/messages/core_ja.properties | 4
opends/src/messages/messages/core.properties | 8
opends/src/messages/messages/core_zh_TW.properties | 4
opends/src/messages/messages/core_ko.properties | 4
opends/tests/unit-tests-testng/src/server/org/opends/server/controls/PasswordPolicyControlTestCase.java | 609 +++++++++++++++++++++++++++-------------------
opends/src/messages/messages/core_es.properties | 4
opends/src/messages/messages/core_fr.properties | 4
opends/src/messages/messages/core_zh_CN.properties | 4
opends/src/messages/messages/core_de.properties | 4
12 files changed, 443 insertions(+), 316 deletions(-)
diff --git a/opends/src/messages/messages/core.properties b/opends/src/messages/messages/core.properties
index 670c240..cf9e089 100644
--- a/opends/src/messages/messages/core.properties
+++ b/opends/src/messages/messages/core.properties
@@ -1279,8 +1279,8 @@
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=A bind operation is currently in \
progress on the associated client connection. No other requests may be made \
on this client connection until the bind processing has completed
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=You must change your password \
- before you will be allowed to request any other operations
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=%s must change their password \
+ before it will be allowed to request any other operations
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=An error occurred \
while attempting to decode the ds-pwp-password-policy-dn value "%s" in user \
entry "%s" as a DN: %s
@@ -1374,8 +1374,8 @@
result in multiple password values in the user entry, which is not allowed
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=The provided password value was \
rejected by a password validator: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=You must change your password before \
- you will be allowed to perform any other operations
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=%s must change their password before \
+ it will be allowed to perform any other operations
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=pw-policy
MILD_WARN_BIND_PASSWORD_EXPIRING_547=The user password is about to expire \
(time to expiration: %s)
diff --git a/opends/src/messages/messages/core_de.properties b/opends/src/messages/messages/core_de.properties
index c4e17da..da79855 100644
--- a/opends/src/messages/messages/core_de.properties
+++ b/opends/src/messages/messages/core_de.properties
@@ -515,7 +515,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=Der Passwortwert f\u00fcr Attribut %s stellte sich als nicht akzeptabel heraus: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=Die in Konfigurationseintrag %s definierte Passwortrichtlinie ist so konfiguriert, dass immer mindestens eine Warnbenachrichtigung vor Ablauf des Passworts gesendet wird, es wurde jedoch kein Warnintervall eingestellt. Wenn das Konfigurationsattribut ds-cfg-expire-passwords-without-warning auf "false" gesetzt ist, muss das Konfigurationsattribut ds-cfg-password-expiration-warning-interval einen positiven Wert besitzen
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=Ein Verbindungsvorgang ist derzeit an der zugeh\u00f6rigen Client-Verbindung in Bearbeitung. An dieser Client-Verbindung d\u00fcrfen keine weiteren Anforderungen durchgef\u00fchrt werden, bis der Verbindungsvorgang abgeschlossen wurde
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=Sie m\u00fcssen Ihr Passwort \u00e4ndern, bevor Sie weitere Vorg\u00e4nge anfordern d\u00fcrfen
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=Sie m\u00fcssen Ihr Passwort \u00e4ndern, bevor Sie weitere Vorg\u00e4nge anfordern d\u00fcrfen (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=Beim Versuch, den ds-pwp-password-policy-dn-Wert "%s" in Benutzereintrag "%s" als DN zu entschl\u00fcsseln, ist ein Fehler aufgetreten: %s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=Benutzereintrag %s ist so konfiguriert, dass ein Untereintrag der Passwortrichtlinie von %s verwendet wird, aber in der Serverkonfiguration wurde eine solche Passwortrichtlinie nicht festgelegt
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=Beim Versuch, den Wert "%s" f\u00fcr Attribut %s in Benutzereintrag %s in \u00dcbereinstimmung mit dem allgemeinen Zeitformat zu entschl\u00fcsseln, ist ein Fehler aufgetreten: %s
@@ -557,7 +557,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=Die Passwortrichtlinie verlangt, dass \u00c4nderungen des Benutzerpasswortes das aktuelle Passwort in die Anforderung einschlie\u00dfen
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=Die Passwort\u00e4nderung w\u00fcrde zu mehreren Passwortwerten im Benutzereintrag f\u00fchren, was nicht zul\u00e4ssig ist
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=Der angegebene Passwortwert wurde von einem Passwortpr\u00fcfer zur\u00fcckgewiesen: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=Sie m\u00fcssen Ihr Passwort \u00e4ndern, bevor Sie weitere Vorg\u00e4nge durchf\u00fchren d\u00fcrfen
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=Sie m\u00fcssen Ihr Passwort \u00e4ndern, bevor Sie weitere Vorg\u00e4nge durchf\u00fchren d\u00fcrfen (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=pw-policy
MILD_WARN_BIND_PASSWORD_EXPIRING_547=Das Benutzerpasswort l\u00e4uft demn\u00e4chst ab (Zeit bis zum Ablauf: %s)
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=Das Konto wurde infolge zu vieler fehlgeschlagener Authentifizierungsversuche gesperrt (Zeit bis zur Aufhebung der Sperre: %s)
diff --git a/opends/src/messages/messages/core_es.properties b/opends/src/messages/messages/core_es.properties
index 8f49989..836de3c 100644
--- a/opends/src/messages/messages/core_es.properties
+++ b/opends/src/messages/messages/core_es.properties
@@ -515,7 +515,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=Se ha detectado que el valor de contrase\u00f1a del atributo %s no es aceptable: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=La directiva de contrase\u00f1as definida en la entrada de configuraci\u00f3n %s est\u00e1 configurada para enviar siempre al menos una notificaci\u00f3n de advertencia antes de que la contrase\u00f1a caduque, pero no se ha establecido ning\u00fan intervalo de advertencia. Si se establece el atributo de configuraci\u00f3n ds-cfg-expire-passwords-without-warning como "false" (falso), el atributo de configuraci\u00f3n ds-cfg-password-expiration-warning-interval debe tener un valor positivo
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=Se est\u00e1 realizando actualmente una operaci\u00f3n de enlace en la conexi\u00f3n de cliente asociada. No se puede realizar ninguna solicitud adicional en esta conexi\u00f3n de cliente hasta que se haya completado la operaci\u00f3n de enlace
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=Debe cambiar la contrase\u00f1a antes de poder solicitar una operaci\u00f3n adicional
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=Debe cambiar la contrase\u00f1a antes de poder solicitar una operaci\u00f3n adicional (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=Se ha producido un error al intentar decodificar el valor de "ds-pwp-password-policy-dn" "%s" en la entrada de usuario "%s" como ND: %s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=La entrada de usuario %s se ha configurado para que utilice una subentrada de directiva de contrase\u00f1as de %s, pero no se ha definido ninguna directiva de contrase\u00f1as de este tipo en la configuraci\u00f3n del servidor
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=Se ha producido un error al intentar decodificar el valor "%s" del atributo %s en la entrada de usuario %s de acuerdo con el formato de hora generalizado: %s
@@ -557,7 +557,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=La directiva de contrase\u00f1as requiere que, al cambiar la contrase\u00f1a de usuario, se incluya la contrase\u00f1a actual en la solicitud
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=El cambio de contrase\u00f1a generar\u00e1 varios valores de contrase\u00f1a en la entrada de usuario, lo que no est\u00e1 permitido
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=Un validador de contrase\u00f1as ha rechazado el valor de contrase\u00f1a especificado: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=Debe cambiar la contrase\u00f1a antes de poder realizar cualquier otra operaci\u00f3n
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=Debe cambiar la contrase\u00f1a antes de poder realizar cualquier otra operaci\u00f3n (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=pw-policy
MILD_WARN_BIND_PASSWORD_EXPIRING_547=La contrase\u00f1a de usuario est\u00e1 a punto de caducar (tiempo para su vencimiento: %s)
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=La cuenta se ha bloqueado debido a que se han realizado demasiados intentos de autenticaci\u00f3n fallidos (tiempo para el desbloqueo: %s)
diff --git a/opends/src/messages/messages/core_fr.properties b/opends/src/messages/messages/core_fr.properties
index fb9946a..98970cb 100644
--- a/opends/src/messages/messages/core_fr.properties
+++ b/opends/src/messages/messages/core_fr.properties
@@ -515,7 +515,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=La valeur de mot de passe pour l'attribut %s n'est pas valide\u00a0: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=La strat\u00e9gie de mot de passe d\u00e9finie dans l\u2019entr\u00e9e de configuration %s est configur\u00e9e pour toujours envoyer au moins une notification de type Avertissement avant l\u2019expiration du mot de passe, mais aucun intervalle d\u2019avertissement n\u2019a \u00e9t\u00e9 d\u00e9fini. Si vous d\u00e9finissez l\u2019attribut de configuration ds-cfg-expire-passwords-without-warning sur "false", l\u2019attribut de configuration ds-cfg-password-expiration-warning-interval doit avoir une valeur positive
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=Une connection est en cours d'ex\u00e9cution pour la connexion client correspondante. Aucune autre requ\u00eate ne peut \u00eatre initi\u00e9e pour cette connexion client jusqu'\u00e0 ce que le processus de liaison soit termin\u00e9
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=Vous ne pourrez effectuer aucune autre op\u00e9ration tant que vous n'aurez pas modifi\u00e9 votre mot de passe
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=Vous ne pourrez effectuer aucune autre op\u00e9ration tant que vous n'aurez pas modifi\u00e9 votre mot de passe (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=Une erreur s'est produite lors du d\u00e9codage de la valeur ds-pwp-password-policy-dn "%s" dans l'entr\u00e9e utilisateur "%s" en tant que DN\u00a0: %s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=L'entr\u00e9e utilisateur %s est configur\u00e9e pour l'utilisation de la sous-entr\u00e9e de strat\u00e9gie de mot de passe de %s mais aucune strat\u00e9gie de mot de passe de ce type n'a \u00e9t\u00e9 d\u00e9finie dans la configuration du serveur
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=Une erreur s'est produite lors du d\u00e9codage de la valeur "%s" de l'attribut %s dans l'entr\u00e9e utilisateur %s conform\u00e9ment au format d'heure standard\u00a0: %s
@@ -557,7 +557,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=La strat\u00e9gie de mot de passe requiert que les modifications du mot de passe incluent le mot de passe actuel dans la requ\u00eate
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=Plusieurs valeurs de mot de passe sont cr\u00e9\u00e9es suite \u00e0 la modification de mot de passe dans l'entr\u00e9e utilisateur, ce qui n'est pas autoris\u00e9
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=La valeur de mot de passe fournie a \u00e9t\u00e9 refus\u00e9e par le valideur de mot de passe\u00a0: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=Vous devez modifier votre mot de passe avant de pouvoir effectuer d'autres op\u00e9rations
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=Vous devez modifier votre mot de passe avant de pouvoir effectuer d'autres op\u00e9rations (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=strat\u00e9gie de mot de passe
MILD_WARN_BIND_PASSWORD_EXPIRING_547=Le mot de passe utilisateur est sur le point d'expirer (temps avant expiration\u00a0: %s)
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=Le compte a \u00e9t\u00e9 verrouill\u00e9 en raison de nombreux \u00e9checs d'authentification (temps avant le d\u00e9verrouillage\u00a0: %s)
diff --git a/opends/src/messages/messages/core_ja.properties b/opends/src/messages/messages/core_ja.properties
index 925c786..0a30c25 100644
--- a/opends/src/messages/messages/core_ja.properties
+++ b/opends/src/messages/messages/core_ja.properties
@@ -512,7 +512,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=\u5c5e\u6027 %s \u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u5024\u304c\u53d7\u3051\u5165\u308c\u3089\u308c\u306a\u3044\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u304c\u691c\u51fa\u3055\u308c\u307e\u3057\u305f: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=\u69cb\u6210\u30a8\u30f3\u30c8\u30ea %s \u5185\u3067\u5b9a\u7fa9\u3055\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306f\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u671f\u9650\u5207\u308c\u306b\u306a\u308b\u524d\u306b 1 \u3064\u4ee5\u4e0a\u306e\u8b66\u544a\u901a\u77e5\u3092\u5fc5\u305a\u9001\u4fe1\u3059\u308b\u3088\u3046\u306b\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u8b66\u544a\u306e\u9593\u9694\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u8a2d\u5b9a\u5c5e\u6027 ds-cfg-expire-passwords-without-warning \u304c "false" \u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u8a2d\u5b9a\u5c5e\u6027 ds-cfg-password-expiration-warning-interval \u306f\u6b63\u306e\u5024\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=\u30d0\u30a4\u30f3\u30c9\u64cd\u4f5c\u304c\u3001\u95a2\u9023\u4ed8\u3051\u3089\u308c\u3066\u3044\u308b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u63a5\u7d9a\u3067\u9032\u884c\u4e2d\u3067\u3059\u3002 \u3053\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u63a5\u7d9a\u4e0a\u3067\u306f\u3001\u30d0\u30a4\u30f3\u30c9\u51e6\u7406\u304c\u5b8c\u4e86\u3059\u308b\u307e\u3067\u307b\u304b\u306e\u8981\u6c42\u3092\u4f5c\u6210\u3067\u304d\u307e\u305b\u3093
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\u307b\u304b\u306e\u64cd\u4f5c\u3092\u8981\u6c42\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\u306b\u306f\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\u307b\u304b\u306e\u64cd\u4f5c\u3092\u8981\u6c42\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\u306b\u306f\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059 (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=\u30e6\u30fc\u30b6\u30fc\u30a8\u30f3\u30c8\u30ea "%2$s" \u5185\u306e ds-pwp-password-policy-dn \u5024 "%1$s" \u3092 DN \u3068\u3057\u3066\u5fa9\u53f7\u5316\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f: %3$s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=\u30e6\u30fc\u30b6\u30fc\u30a8\u30f3\u30c8\u30ea %s \u306f %s \u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u30b5\u30d6\u30a8\u30f3\u30c8\u30ea\u3092\u4f7f\u7528\u3059\u308b\u3088\u3046\u306b\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u30b5\u30fc\u30d0\u30fc\u69cb\u6210\u5185\u306b\u306f\u3053\u306e\u3088\u3046\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306f\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u305b\u3093
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=\u30e6\u30fc\u30b6\u30fc\u30a8\u30f3\u30c8\u30ea %3$s \u5185\u306e\u5c5e\u6027 %2$s \u306e\u5024 "%1$s" \u3092\u4e00\u822c\u7684\u306a\u6642\u523b\u5f62\u5f0f\u3067\u5fa9\u53f7\u5316\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f: %4$s
@@ -546,7 +546,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u3067\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4\u6642\u306b\u73fe\u5728\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8981\u6c42\u306b\u542b\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4\u306b\u3088\u308a\u30e6\u30fc\u30b6\u30fc\u30a8\u30f3\u30c8\u30ea\u5185\u306b\u8907\u6570\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u5024\u304c\u751f\u6210\u3055\u308c\u307e\u3059\u304c\u3001\u3053\u308c\u306f\u8a31\u53ef\u3055\u308c\u307e\u305b\u3093
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=\u6307\u5b9a\u3055\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u5024\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u30d0\u30ea\u30c7\u30fc\u30bf\u306b\u3088\u308a\u62d2\u5426\u3055\u308c\u307e\u3057\u305f: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\u307b\u304b\u306e\u64cd\u4f5c\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\u306b\u306f\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\u307b\u304b\u306e\u64cd\u4f5c\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\u306b\u306f\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059 (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=pw-policy
MILD_WARN_BIND_PASSWORD_EXPIRING_547=\u9593\u3082\u306a\u304f\u30e6\u30fc\u30b6\u30fc\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u671f\u9650\u304c\u5207\u308c\u307e\u3059 (\u671f\u9650\u5207\u308c\u306e\u6642\u523b: %s)
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=\u5931\u6557\u3057\u305f\u8a8d\u8a3c\u8a66\u884c\u304c\u591a\u904e\u304e\u305f\u305f\u3081\u306b\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u307e\u3059 (\u30ed\u30c3\u30af\u304c\u89e3\u9664\u3055\u308c\u308b\u6642\u523b: %s)
diff --git a/opends/src/messages/messages/core_ko.properties b/opends/src/messages/messages/core_ko.properties
index c5b233e..5e8ab7f 100644
--- a/opends/src/messages/messages/core_ko.properties
+++ b/opends/src/messages/messages/core_ko.properties
@@ -512,7 +512,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=%s \uc18d\uc131\uc5d0 \ub300\ud55c \ube44\ubc00\ubc88\ud638 \uac12\uc744 \ud5c8\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=\uad6c\uc131 \ud56d\ubaa9 %s\uc5d0 \uc815\uc758\ub41c \ube44\ubc00\ubc88\ud638 \uc815\ucc45\uc740 \ube44\ubc00\ubc88\ud638\uac00 \ub9cc\ub8cc\ub418\uae30 \uc774\uc804\uc5d0 \ucd5c\uc18c\ud55c \ud55c \ubc88\uc758 \uacbd\uace0 \uc54c\ub9bc\uc744 \ubcf4\ub0b4\ub3c4\ub85d \uad6c\uc131\ub418\uc5b4 \uc788\uc9c0\ub9cc \uacbd\uace0 \uac04\uaca9\uc774 \uc124\uc815\ub418\uc5b4 \uc788\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. ds-cfg-expire-passwords-without-warning \uad6c\uc131 \uc18d\uc131\uc774 "false"\ub85c \uc124\uc815\ub418\uc5b4 \uc788\ub294 \uacbd\uc6b0 ds-cfg-password-expiration-warning-interval \uad6c\uc131 \uc18d\uc131 \uac12\uc774 \uc591\uc218\uc5ec\uc57c \ud569\ub2c8\ub2e4.
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=\ubc14\uc778\ub4dc \uc791\uc5c5\uc774 \ud604\uc7ac \uad00\ub828 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc5f0\uacb0\uc5d0\uc11c \uc9c4\ud589 \uc911\uc785\ub2c8\ub2e4. \ubc14\uc778\ub4dc \ucc98\ub9ac\uac00 \uc644\ub8cc\ub420 \ub54c\uae4c\uc9c0\ub294 \uc774 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc5f0\uacb0\uc5d0 \ub300\ud574 \ub2e4\ub978 \uc694\uccad\uc744 \uc0dd\uc131\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\ub2e4\ub978 \uc791\uc5c5\uc744 \uc694\uccad\ud558\ub824\uba74 \ube44\ubc00\ubc88\ud638\ub97c \ubcc0\uacbd\ud574\uc57c \ud569\ub2c8\ub2e4.
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\ub2e4\ub978 \uc791\uc5c5\uc744 \uc694\uccad\ud558\ub824\uba74 \ube44\ubc00\ubc88\ud638\ub97c \ubcc0\uacbd\ud574\uc57c \ud569\ub2c8\ub2e4 (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=\uc0ac\uc6a9\uc790 \ud56d\ubaa9 \"%2$s\"\uc5d0\uc11c ds-pwp-password-policy-dn \uac12 \"%1$s\"\uc744(\ub97c) DN\uc73c\ub85c \ud574\ub3c5\ud558\ub294 \ub3d9\uc548 \uc624\ub958\uac00 \ubc1c\uc0dd\ud588\uc2b5\ub2c8\ub2e4: %3$s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=\uc0ac\uc6a9\uc790 \ud56d\ubaa9 %s\uc740(\ub294) %s\uc758 \ube44\ubc00\ubc88\ud638 \uc815\ucc45 \ud558\uc704 \ud56d\ubaa9\uc744 \uc0ac\uc6a9\ud558\ub3c4\ub85d \uad6c\uc131\ub418\uc5b4 \uc788\uc9c0\ub9cc \uadf8\ub7ec\ud55c \ube44\ubc00\ubc88\ud638 \uc815\ucc45\uc774 \uc11c\ubc84 \uad6c\uc131\uc5d0 \uc815\uc758\ub418\uc5b4 \uc788\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=\uc0ac\uc6a9\uc790 \ud56d\ubaa9 %3$s\uc5d0\uc11c %2$s \uc18d\uc131\uc5d0 \ub300\ud55c \uac12 \"%1$s\"\uc744(\ub97c) \uc77c\ubc18 \uc2dc\uac04 \ud615\uc2dd\uc73c\ub85c \ud574\ub3c5\ud558\ub294 \ub3d9\uc548 \uc624\ub958\uac00 \ubc1c\uc0dd\ud588\uc2b5\ub2c8\ub2e4: %4$s
@@ -546,7 +546,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=\ube44\ubc00\ubc88\ud638 \uc815\ucc45\uc5d0 \ub530\ub77c \uc0ac\uc6a9\uc790 \ube44\ubc00\ubc88\ud638 \ubcc0\uacbd \uc694\uccad\uc5d0 \ud604\uc7ac \ube44\ubc00\ubc88\ud638\ub97c \ud3ec\ud568\ud574\uc57c \ud569\ub2c8\ub2e4.
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=\ube44\ubc00\ubc88\ud638 \ubcc0\uacbd\uc73c\ub85c \uc778\ud574 \uc0ac\uc6a9\uc790 \ud56d\ubaa9\uc5d0 \uc5ec\ub7ec \ube44\ubc00\ubc88\ud638 \uac12\uc774 \uc788\uc2b5\ub2c8\ub2e4. \uc774\ub294 \ud5c8\uc6a9\ub418\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=\ube44\ubc00\ubc88\ud638 \uac80\uc99d\uc790\uac00 \uc81c\uacf5\ub41c \ube44\ubc00\ubc88\ud638\ub97c \uac70\ubd80\ud588\uc2b5\ub2c8\ub2e4: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\ub2e4\ub978 \uc791\uc5c5\uc744 \uc218\ud589\ud558\ub824\uba74 \ube44\ubc00\ubc88\ud638\ub97c \ubcc0\uacbd\ud574\uc57c \ud569\ub2c8\ub2e4.
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\ub2e4\ub978 \uc791\uc5c5\uc744 \uc218\ud589\ud558\ub824\uba74 \ube44\ubc00\ubc88\ud638\ub97c \ubcc0\uacbd\ud574\uc57c \ud569\ub2c8\ub2e4 (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=\ube44\ubc00\ubc88\ud638 \uc815\ucc45
MILD_WARN_BIND_PASSWORD_EXPIRING_547=\uc0ac\uc6a9\uc790 \ube44\ubc00\ubc88\ud638\uac00 \uace7 \ub9cc\ub8cc\ub429\ub2c8\ub2e4(\ub9cc\ub8cc \uc2dc\uac04: %s).
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=\uc778\uc99d \uc2dc\ub3c4\uac00 \ub108\ubb34 \ub9ce\uc774 \uc2e4\ud328\ud558\uc5ec \uacc4\uc815\uc774 \uc7a0\uacbc\uc2b5\ub2c8\ub2e4(\uc7a0\uae08 \ud574\uc81c \uc2dc\uac04: %s).
diff --git a/opends/src/messages/messages/core_zh_CN.properties b/opends/src/messages/messages/core_zh_CN.properties
index 8513a32..77a8345 100644
--- a/opends/src/messages/messages/core_zh_CN.properties
+++ b/opends/src/messages/messages/core_zh_CN.properties
@@ -512,7 +512,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=\u53d1\u73b0\u65e0\u6cd5\u63a5\u53d7\u5c5e\u6027 %s \u7684\u5bc6\u7801\u503c: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=\u914d\u7f6e\u6761\u76ee %s \u4e2d\u5b9a\u4e49\u7684\u5bc6\u7801\u7b56\u7565\u914d\u7f6e\u4e3a\u5728\u5bc6\u7801\u8fc7\u671f\u4e4b\u524d\uff0c\u59cb\u7ec8\u53d1\u4ece\u81f3\u5c11\u4e00\u6b21\u8b66\u544a\u901a\u77e5\uff0c\u4f46\u5c1a\u672a\u8bbe\u7f6e\u4efb\u4f55\u8b66\u544a\u65f6\u95f4\u95f4\u9694\u3002\u5982\u679c\u914d\u7f6e\u5c5e\u6027 ds-cfg-expire-passwords-without-warning \u8bbe\u7f6e\u4e3a "false"\uff0c\u5219\u914d\u7f6e\u5c5e\u6027 ds-cfg-password-expiration-warning-interval \u5fc5\u987b\u4e3a\u6b63\u503c
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=\u5f53\u524d\u6b63\u5bf9\u5173\u8054\u7684\u5ba2\u6237\u7aef\u8fde\u63a5\u6267\u884c\u7ed1\u5b9a\u64cd\u4f5c\u3002\u5728\u7ed1\u5b9a\u5904\u7406\u5b8c\u6210\u4e4b\u524d\uff0c\u4e0d\u80fd\u5bf9\u6b64\u5ba2\u6237\u7aef\u8fde\u63a5\u53d1\u51fa\u5176\u4ed6\u4efb\u4f55\u8bf7\u6c42
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\u5fc5\u987b\u5148\u66f4\u6539\u60a8\u7684\u5bc6\u7801\uff0c\u7136\u540e\u624d\u5141\u8bb8\u8bf7\u6c42\u4efb\u4f55\u5176\u4ed6\u64cd\u4f5c
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\u5fc5\u987b\u5148\u66f4\u6539\u60a8\u7684\u5bc6\u7801\uff0c\u7136\u540e\u624d\u5141\u8bb8\u8bf7\u6c42\u4efb\u4f55\u5176\u4ed6\u64cd\u4f5c (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=\u5728\u5c1d\u8bd5\u5c06\u7528\u6237\u6761\u76ee "%2$s" \u4e2d\u7684 ds-pwp-password-policy-dn \u503c "%1$s" \u89e3\u7801\u4e3a DN \u65f6\u51fa\u73b0\u9519\u8bef: %3$s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=\u7528\u6237\u6761\u76ee %s \u5df2\u914d\u7f6e\u4e3a\u4f7f\u7528\u5bc6\u7801\u7b56\u7565\u5b50\u6761\u76ee %s\uff0c\u4f46\u670d\u52a1\u5668\u914d\u7f6e\u4e2d\u672a\u5b9a\u4e49\u6b64\u5bc6\u7801\u7b56\u7565
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=\u5728\u6309\u7167\u901a\u7528\u65f6\u95f4\u683c\u5f0f\u5c1d\u8bd5\u5bf9\u7528\u6237\u6761\u76ee %3$s \u4e2d\u7684\u5c5e\u6027 %2$s \u503c "%1$s" \u8fdb\u884c\u89e3\u7801\u65f6\u51fa\u73b0\u9519\u8bef: %4$s
@@ -546,7 +546,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=\u5bc6\u7801\u7b56\u7565\u8981\u6c42\u7528\u6237\u5bc6\u7801\u66f4\u6539\u5728\u8bf7\u6c42\u4e2d\u5305\u542b\u5f53\u524d\u5bc6\u7801
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=\u5bc6\u7801\u66f4\u6539\u5c06\u5bfc\u81f4\u5728\u7528\u6237\u6761\u76ee\u4e2d\u6709\u591a\u4e2a\u5bc6\u7801\u503c\uff0c\u8fd9\u662f\u4e0d\u5141\u8bb8\u7684
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=\u63d0\u4f9b\u7684\u5bc6\u7801\u503c\u88ab\u5bc6\u7801\u9a8c\u8bc1\u5668\u62d2\u7edd: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\u5fc5\u987b\u5148\u66f4\u6539\u60a8\u7684\u5bc6\u7801\uff0c\u7136\u540e\u624d\u5141\u8bb8\u6267\u884c\u4efb\u4f55\u5176\u4ed6\u64cd\u4f5c
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\u5fc5\u987b\u5148\u66f4\u6539\u60a8\u7684\u5bc6\u7801\uff0c\u7136\u540e\u624d\u5141\u8bb8\u6267\u884c\u4efb\u4f55\u5176\u4ed6\u64cd\u4f5c (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=\u5bc6\u7801\u7b56\u7565
MILD_WARN_BIND_PASSWORD_EXPIRING_547=\u7528\u6237\u5bc6\u7801\u5373\u5c06\u8fc7\u671f\uff08\u5230\u671f\u65f6\u95f4\u4e3a: %s\uff09
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=\u7531\u4e8e\u5c1d\u8bd5\u9a8c\u8bc1\u7684\u5931\u8d25\u6b21\u6570\u592a\u591a\u800c\u5bfc\u81f4\u5e10\u6237\u88ab\u9501\u5b9a\uff08\u89e3\u9664\u9501\u5b9a\u7684\u65f6\u95f4\u4e3a: %s\uff09
diff --git a/opends/src/messages/messages/core_zh_TW.properties b/opends/src/messages/messages/core_zh_TW.properties
index 4dfb5dd..21ed58f 100644
--- a/opends/src/messages/messages/core_zh_TW.properties
+++ b/opends/src/messages/messages/core_zh_TW.properties
@@ -512,7 +512,7 @@
MILD_ERR_PWPOLICY_VALIDATION_FAILED_499=\u5c6c\u6027 %s \u7684\u5bc6\u78bc\u503c\u7121\u6cd5\u63a5\u53d7: %s
SEVERE_ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING_500=\u5b9a\u7fa9\u5728\u914d\u7f6e\u9805\u76ee %s \u7684\u5bc6\u78bc\u7b56\u7565\u914d\u7f6e\u70ba\u5728\u5bc6\u78bc\u904e\u671f\u524d\uff0c\u4e00\u5f8b\u81f3\u5c11\u50b3\u9001\u4e00\u6b21\u8b66\u544a\u901a\u77e5\uff0c\u4f46\u6c92\u6709\u8a2d\u5b9a\u8b66\u544a\u9593\u9694\u3002\u5982\u679c\u914d\u7f6e\u5c6c\u6027 ds-cfg-expire-passwords-without-warning \u8a2d\u70ba\u300cfalse\u300d\uff0c\u5247\u914d\u7f6e\u5c6c\u6027 ds-cfg-password-expiration-warning-interval \u5fc5\u9808\u70ba\u6b63\u503c
MILD_ERR_ENQUEUE_BIND_IN_PROGRESS_501=\u5728\u76f8\u95dc\u7528\u6236\u7aef\u9023\u7dda\u4e0a\uff0c\u9023\u7d50\u4f5c\u696d\u76ee\u524d\u6b63\u5728\u9032\u884c\u4e2d\u3002\u9023\u7d50\u8655\u7406\u5b8c\u6210\u5f8c\uff0c\u624d\u53ef\u5c0d\u6b64\u7528\u6236\u7aef\u9023\u7dda\u63d0\u51fa\u5176\u4ed6\u8acb\u6c42
-MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\u60a8\u5fc5\u9808\u8b8a\u66f4\u5bc6\u78bc\uff0c\u624d\u80fd\u8acb\u6c42\u5176\u4ed6\u4f5c\u696d
+MILD_ERR_ENQUEUE_MUST_CHANGE_PASSWORD_502=\u60a8\u5fc5\u9808\u8b8a\u66f4\u5bc6\u78bc\uff0c\u624d\u80fd\u8acb\u6c42\u5176\u4ed6\u4f5c\u696d (%s)
MILD_ERR_PWPSTATE_CANNOT_DECODE_SUBENTRY_VALUE_AS_DN_504=\u5617\u8a66\u5c07\u4f7f\u7528\u8005\u9805\u76ee\u300c%2$s\u300d\u4e2d\u7684 ds-pwp-password-policy-dn \u503c\u300c%1$s\u300d\u89e3\u78bc\u70ba DN \u6642\uff0c\u767c\u751f\u932f\u8aa4: %3$s
MILD_ERR_PWPSTATE_NO_SUCH_POLICY_505=\u4f7f\u7528\u8005\u9805\u76ee %s \u914d\u7f6e\u4f7f\u7528 %s \u7684\u5bc6\u78bc\u7b56\u7565\u5b50\u9805\u76ee\uff0c\u4f46\u5728\u4f3a\u670d\u5668\u914d\u7f6e\u4e2d\u6c92\u6709\u5b9a\u7fa9\u9019\u985e\u7684\u5bc6\u78bc\u7b56\u7565
MILD_ERR_PWPSTATE_CANNOT_DECODE_GENERALIZED_TIME_506=\u5617\u8a66\u4f9d\u7167\u4e00\u822c\u6642\u9593\u683c\u5f0f\u89e3\u78bc\u4f7f\u7528\u8005\u9805\u76ee %3$s \u4e2d\u5c6c\u6027 %2$s \u7684\u503c\u300c%1$s\u300d\u6642\uff0c\u767c\u751f\u932f\u8aa4: %4$s
@@ -546,7 +546,7 @@
MILD_ERR_MODIFY_PW_CHANGE_REQUIRES_CURRENT_PW_542=\u5bc6\u78bc\u7b56\u7565\u8981\u6c42\u4f7f\u7528\u8005\u5bc6\u78bc\u8b8a\u66f4\u61c9\u8a72\u5728\u8acb\u6c42\u4e2d\u52a0\u5165\u76ee\u524d\u7684\u5bc6\u78bc
MILD_ERR_MODIFY_MULTIPLE_PASSWORDS_NOT_ALLOWED_543=\u5bc6\u78bc\u8b8a\u66f4\u53ef\u80fd\u9020\u6210\u4f7f\u7528\u8005\u9805\u76ee\u4e2d\u6709\u591a\u91cd\u5bc6\u78bc\u503c\uff0c\u800c\u9019\u662f\u4e0d\u88ab\u5141\u8a31\u7684
MILD_ERR_MODIFY_PW_VALIDATION_FAILED_544=\u63d0\u4f9b\u7684\u5bc6\u78bc\u503c\u88ab\u5bc6\u78bc\u9a57\u8b49\u7a0b\u5f0f\u6240\u62d2\u7d55: %s
-MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\u60a8\u5fc5\u9808\u8b8a\u66f4\u5bc6\u78bc\uff0c\u624d\u80fd\u57f7\u884c\u5176\u4ed6\u4f5c\u696d
+MILD_ERR_MODIFY_MUST_CHANGE_PASSWORD_545=\u60a8\u5fc5\u9808\u8b8a\u66f4\u5bc6\u78bc\uff0c\u624d\u80fd\u57f7\u884c\u5176\u4ed6\u4f5c\u696d (%s)
INFO_ERROR_CATEGORY_PASSWORD_POLICY_546=\u5bc6\u78bc\u7b56\u7565
MILD_WARN_BIND_PASSWORD_EXPIRING_547=\u4f7f\u7528\u8005\u5bc6\u78bc\u5373\u5c07\u904e\u671f (\u5230\u904e\u671f\u7684\u6642\u9593: %s)
MILD_ERR_BIND_ACCOUNT_TEMPORARILY_LOCKED_548=\u7531\u65bc\u592a\u591a\u5931\u6557\u7684\u8a8d\u8b49\u5617\u8a66\uff0c\u800c\u9020\u6210\u5e33\u865f\u9396\u5b9a (\u5230\u89e3\u9664\u9396\u5b9a\u7684\u6642\u9593: %s)
diff --git a/opends/src/server/org/opends/server/core/DirectoryServer.java b/opends/src/server/org/opends/server/core/DirectoryServer.java
index 96418ed..c625d3b 100644
--- a/opends/src/server/org/opends/server/core/DirectoryServer.java
+++ b/opends/src/server/org/opends/server/core/DirectoryServer.java
@@ -7296,7 +7296,10 @@
}
}
- Message message = ERR_ENQUEUE_MUST_CHANGE_PASSWORD.get();
+ DN user = clientConnection.getAuthenticationInfo()
+ .getAuthorizationDN();
+ Message message = ERR_ENQUEUE_MUST_CHANGE_PASSWORD
+ .get(user != null ? user.toString() : "anonymous");
throw new DirectoryException(
ResultCode.CONSTRAINT_VIOLATION, message);
@@ -7321,7 +7324,10 @@
}
}
- message = ERR_ENQUEUE_MUST_CHANGE_PASSWORD.get();
+ user = clientConnection.getAuthenticationInfo()
+ .getAuthorizationDN();
+ message = ERR_ENQUEUE_MUST_CHANGE_PASSWORD
+ .get(user != null ? user.toString() : "anonymous");
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
message);
}
diff --git a/opends/src/server/org/opends/server/util/StaticUtils.java b/opends/src/server/org/opends/server/util/StaticUtils.java
index 45f528d..855fa3e 100644
--- a/opends/src/server/org/opends/server/util/StaticUtils.java
+++ b/opends/src/server/org/opends/server/util/StaticUtils.java
@@ -4666,6 +4666,33 @@
}
/**
+ * Closes the provided {@link Socket}s ignoring any errors which occurred.
+ * <p>
+ * With java 7 we will be able to use {@link StaticUtils#close(Closeable...)}
+ * </p>
+ *
+ * @param sockets
+ * The sockets to be closed, which may be <code>null</code>.
+ */
+ public static void close(Socket... sockets)
+ {
+ for (Socket socket : sockets)
+ {
+ if (socket != null)
+ {
+ try
+ {
+ socket.close();
+ }
+ catch (IOException ignored)
+ {
+ // Ignore.
+ }
+ }
+ }
+ }
+
+ /**
* Returns an {@link Iterable} returning the passed in {@link Iterator}. THis
* allows using methods returning Iterators with foreach statements.
* <p>
diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index b3ff2b2..5823da4 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -23,7 +23,7 @@
*
*
* Copyright 2008-2011 Sun Microsystems, Inc.
- * Portions Copyright 2011-2012 ForgeRock AS
+ * Portions Copyright 2011-2013 ForgeRock AS
*/
package org.opends.server.workflowelement.localbackend;
@@ -338,36 +338,6 @@
break modifyProcessing;
}
-
- // If the user must change their password before doing anything else, and
- // if the target of the modify operation isn't the user's own entry, then
- // reject the request.
- if ((! isInternalOperation()) && clientConnection.mustChangePassword())
- {
- DN authzDN = getAuthorizationDN();
- if ((authzDN != null) && (! authzDN.equals(entryDN)))
- {
- // The user will not be allowed to do anything else before the
- // password gets changed. Also note that we haven't yet checked the
- // request controls so we need to do that now to see if the password
- // policy request control was provided.
- for (Control c : getRequestControls())
- {
- if (c.getOID().equals(OID_PASSWORD_POLICY_CONTROL))
- {
- pwPolicyControlRequested = true;
- pwpErrorType = PasswordPolicyErrorType.CHANGE_AFTER_RESET;
- break;
- }
- }
-
- setResultCode(ResultCode.CONSTRAINT_VIOLATION);
- appendErrorMessage(ERR_MODIFY_MUST_CHANGE_PASSWORD.get());
- break modifyProcessing;
- }
- }
-
-
// Check for a request to cancel this operation.
checkIfCanceled(false);
@@ -441,7 +411,30 @@
// Get the password policy state object for the entry that can be used
// to perform any appropriate password policy processing. Also, see
// if the entry is being updated by the end user or an administrator.
- selfChange = entryDN.equals(getAuthorizationDN());
+ DN authzDN = getAuthorizationDN();
+ selfChange = entryDN.equals(authzDN);
+
+ // Check that the authorizing account isn't required to change its
+ // password.
+ if (( !isInternalOperation()) && !selfChange
+ && getAuthorizationEntry() != null) {
+ AuthenticationPolicy authzPolicy = AuthenticationPolicy.forUser(
+ getAuthorizationEntry(), true);
+ if (authzPolicy.isPasswordPolicy())
+ {
+ PasswordPolicyState authzState = (PasswordPolicyState) authzPolicy
+ .createAuthenticationPolicyState(getAuthorizationEntry());
+ if (authzState.mustChangePassword())
+ {
+ pwpErrorType = PasswordPolicyErrorType.CHANGE_AFTER_RESET;
+ setResultCode(ResultCode.CONSTRAINT_VIOLATION);
+ appendErrorMessage(ERR_MODIFY_MUST_CHANGE_PASSWORD
+ .get(authzDN != null ? String.valueOf(authzDN)
+ : "anonymous"));
+ break modifyProcessing;
+ }
+ }
+ }
// FIXME -- Need a way to enable debug mode.
AuthenticationPolicy policy = AuthenticationPolicy.forUser(
@@ -537,23 +530,21 @@
}
- DN authzDN = getAuthorizationDN();
- if ((!passwordChanged) && (!isInternalOperation())
+ if ((!passwordChanged) && (!isInternalOperation()) && selfChange
&& pwPolicyState != null && pwPolicyState.mustChangePassword())
{
- if (authzDN != null && authzDN.equals(entryDN))
- {
- // The user did not attempt to change their password.
- pwpErrorType = PasswordPolicyErrorType.CHANGE_AFTER_RESET;
- setResultCode(ResultCode.CONSTRAINT_VIOLATION);
- appendErrorMessage(ERR_MODIFY_MUST_CHANGE_PASSWORD.get());
- break modifyProcessing;
- }
+ // The user did not attempt to change their password.
+ pwpErrorType = PasswordPolicyErrorType.CHANGE_AFTER_RESET;
+ setResultCode(ResultCode.CONSTRAINT_VIOLATION);
+ DN authzDN = getAuthorizationDN();
+ appendErrorMessage(ERR_MODIFY_MUST_CHANGE_PASSWORD
+ .get(authzDN != null ? String.valueOf(authzDN) : "anonymous"));
+ break modifyProcessing;
}
// If the server is configured to check the schema and the
- // operation is not a sycnhronization operation,
+ // operation is not a synchronization operation,
// make sure that the new entry is valid per the server schema.
if ((DirectoryServer.checkSchema()) && (! isSynchronizationOperation()))
{
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/controls/PasswordPolicyControlTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/controls/PasswordPolicyControlTestCase.java
index 38d3e24..a6a4e5f 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/controls/PasswordPolicyControlTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/controls/PasswordPolicyControlTestCase.java
@@ -23,7 +23,7 @@
*
*
* Copyright 2008-2009 Sun Microsystems, Inc.
- * Portions copyright 2011 ForgeRock AS.
+ * Portions copyright 2011-2013 ForgeRock AS.
*/
package org.opends.server.controls;
@@ -41,6 +41,7 @@
import org.opends.server.TestCaseUtils;
import org.opends.server.protocols.ldap.*;
import org.opends.server.types.*;
+import org.opends.server.util.StaticUtils;
import static org.testng.Assert.*;
@@ -85,22 +86,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:true");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -194,14 +195,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -286,10 +284,7 @@
}
finally
{
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -308,9 +303,9 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--add", "password-validator:Length-Based Password Validator");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--add", "password-validator:Length-Based Password Validator");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -379,14 +374,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--remove", "password-validator:Length-Based Password Validator");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--remove", "password-validator:Length-Based Password Validator");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -406,22 +398,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "lockout-failure-count:3");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "lockout-failure-count:3");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -486,14 +478,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "lockout-failure-count:0");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "lockout-failure-count:0");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -512,22 +501,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:true");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -590,14 +579,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -616,27 +602,27 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:true");
TestCaseUtils.addEntries(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl",
- "",
- "dn: ou=People,o=test",
- "objectClass: top",
- "objectClass: organizationalUnit",
- "ou: People");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl",
+ "",
+ "dn: ou=People,o=test",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "ou: People");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -698,14 +684,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -771,22 +754,22 @@
"ds-privilege-name: bypass-acl");
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:true");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -866,14 +849,152 @@
finally
{
TestCaseUtils.dsconfig(
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
+
+ StaticUtils.close(s);
+ }
+ }
+
+
+
+ /**
+ * Tests that an appropriate password policy response control is
+ * returned for a modify operation when the authorized user is forced to
+ * change their own password before changing a different entry.
+ *
+ * @throws Exception
+ * If an unexpected problem occurs.
+ */
+ @Test
+ public void testAuthzModifyMustChange()
+ throws Exception
+ {
+ TestCaseUtils.initializeTestBackend(true);
+
+ String userDN = "uid=test.admin,o=test";
+ String entryDN = "uid=test.user,o=test";
+ String authzDN = "uid=authz.user,o=test";
+
+ TestCaseUtils.addEntry(
+ "dn: uid=test.admin,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.admin",
+ "givenName: Test Admin",
+ "sn: Admin",
+ "cn: Test Admin",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl",
+ "ds-privilege-name: proxied-auth");
+
+ TestCaseUtils.addEntry(
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
+
+ TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:false");
+ "--set", "force-change-on-add:true");
- try
+ TestCaseUtils.addEntry(
+ "dn: uid=authz.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: authz.user",
+ "givenName: Authz",
+ "sn: User",
+ "cn: Authz User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
+
+ Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
+ org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
+ org.opends.server.tools.LDAPWriter w = new org.opends.server.tools.LDAPWriter(s);
+
+ try
+ {
+ BindRequestProtocolOp bindRequest = new BindRequestProtocolOp(
+ ByteString.valueOf(userDN), 3,
+ ByteString.valueOf("password"));
+ LDAPMessage message = new LDAPMessage(1, bindRequest);
+ w.writeMessage(message);
+
+ message = r.readMessage();
+ BindResponseProtocolOp bindResponse = message.getBindResponseProtocolOp();
+ assertEquals(bindResponse.getResultCode(), LDAPResultCode.SUCCESS);
+
+
+ ArrayList<RawModification> mods = new ArrayList<RawModification>();
+ mods.add(RawModification.create(ModificationType.REPLACE, "description",
+ "foo"));
+
+ ModifyRequestProtocolOp modifyRequest =
+ new ModifyRequestProtocolOp(ByteString.valueOf(entryDN), mods);
+
+ List<Control> controls = new ArrayList<Control>();
+ controls.add(new LDAPControl(OID_PASSWORD_POLICY_CONTROL, true));
+ controls.add(new LDAPControl(OID_PROXIED_AUTH_V2, true,
+ ByteString.valueOf("dn:" + authzDN)));
+
+ message = new LDAPMessage(2, modifyRequest, controls);
+ w.writeMessage(message);
+
+ message = r.readMessage();
+ ModifyResponseProtocolOp modifyResponse =
+ message.getModifyResponseProtocolOp();
+
+ assertEquals(modifyResponse.getResultCode(),
+ LDAPResultCode.CONSTRAINT_VIOLATION);
+
+ controls = message.getControls();
+ assertNotNull(controls);
+ assertFalse(controls.isEmpty());
+
+ boolean found = false;
+ for(Control c : controls)
{
- s.close();
- } catch (Exception e) {}
+ if (c.getOID().equals(OID_PASSWORD_POLICY_CONTROL))
+ {
+ PasswordPolicyResponseControl pwpControl;
+ if(c instanceof LDAPControl)
+ {
+ pwpControl =
+ PasswordPolicyResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl)c).getValue());
+ }
+ else
+ {
+ pwpControl = (PasswordPolicyResponseControl)c;
+ }
+ assertEquals(pwpControl.getErrorType(),
+ PasswordPolicyErrorType.CHANGE_AFTER_RESET);
+ found = true;
+ }
+ }
+ assertTrue(found);
+ }
+ finally
+ {
+ TestCaseUtils.dsconfig(
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
+
+ StaticUtils.close(s);
}
}
@@ -893,22 +1014,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "allow-user-password-changes:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "allow-user-password-changes:false");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -975,14 +1096,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "allow-user-password-changes:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "allow-user-password-changes:true");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -1002,22 +1120,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "password-history-count:5");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "password-history-count:5");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -1084,14 +1202,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "password-history-count:0");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "password-history-count:0");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -1111,22 +1226,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "password-change-requires-current-password:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "password-change-requires-current-password:true");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -1193,14 +1308,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "password-change-requires-current-password:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "password-change-requires-current-password:false");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -1220,22 +1332,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "min-password-age:24 hours");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "min-password-age:24 hours");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -1302,14 +1414,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "min-password-age:0 seconds");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "min-password-age:0 seconds");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -1328,27 +1437,27 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:true");
TestCaseUtils.addEntries(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl",
- "",
- "dn: ou=People,o=test",
- "objectClass: top",
- "objectClass: organizationalUnit",
- "ou: People");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl",
+ "",
+ "dn: ou=People,o=test",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "ou: People");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -1412,14 +1521,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
@@ -1438,22 +1544,22 @@
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:true");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:true");
TestCaseUtils.addEntry(
- "dn: uid=test.user,o=test",
- "objectClass: top",
- "objectClass: person",
- "objectClass: organizationalPerson",
- "objectClass: inetOrgPerson",
- "uid: test.user",
- "givenName: Test",
- "sn: User",
- "cn: Test User",
- "userPassword: password",
- "ds-privilege-name: bypass-acl");
+ "dn: uid=test.user,o=test",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: organizationalPerson",
+ "objectClass: inetOrgPerson",
+ "uid: test.user",
+ "givenName: Test",
+ "sn: User",
+ "cn: Test User",
+ "userPassword: password",
+ "ds-privilege-name: bypass-acl");
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
org.opends.server.tools.LDAPReader r = new org.opends.server.tools.LDAPReader(s);
@@ -1520,14 +1626,11 @@
finally
{
TestCaseUtils.dsconfig(
- "set-password-policy-prop",
- "--policy-name", "Default Password Policy",
- "--set", "force-change-on-add:false");
+ "set-password-policy-prop",
+ "--policy-name", "Default Password Policy",
+ "--set", "force-change-on-add:false");
- try
- {
- s.close();
- } catch (Exception e) {}
+ StaticUtils.close(s);
}
}
}
--
Gitblit v1.10.0