From fd2092b89bfd222d23d01576baf4a283e7e1c62a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 06 Sep 2007 01:14:54 +0000
Subject: [PATCH] Update password storage scheme references in the server so that they use DNs rather than storage scheme names. This will allow better consistency in the configuration, since all other references between configuration objects are DN-based, and it will work better with the upcoming aggregation support. It also eliminates the need to know the storage scheme name, which is not obvious from looking at the configuration entry for the storage scheme, and can actually vary in some implementations depending on whether it's used with a user password or auth password syntax attribute.
---
opends/resource/schema/02-config.ldif | 24 +-
opends/src/messages/messages/core.properties | 9
opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java | 115 +++++---
opends/tests/unit-tests-testng/src/server/org/opends/server/core/PasswordPolicyTestCase.java | 260 ++++++++++++++-------
opends/resource/config/config.ldif | 6
opends/src/server/org/opends/server/core/PasswordStorageSchemeConfigManager.java | 6
opends/tests/unit-tests-testng/resource/config-changes.ldif | 6
opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/UserDefinedVirtualAttributeProviderTestCase.java | 5
opends/src/server/org/opends/server/core/DirectoryServer.java | 55 +++
opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml | 44 +--
opends/src/server/org/opends/server/core/PasswordPolicy.java | 83 +++++-
opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml | 41 ++-
opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java | 18 +
opends/src/messages/messages/plugin.properties | 3
14 files changed, 438 insertions(+), 237 deletions(-)
diff --git a/opends/resource/config/config.ldif b/opends/resource/config/config.ldif
index 958e046..d59f7a8 100644
--- a/opends/resource/config/config.ldif
+++ b/opends/resource/config/config.ldif
@@ -1205,7 +1205,7 @@
objectClass: ds-cfg-password-policy
cn: Default Password Policy
ds-cfg-password-attribute: userPassword
-ds-cfg-default-password-storage-scheme: SSHA
+ds-cfg-default-password-storage-scheme-dn: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config
ds-cfg-allow-expired-password-changes: false
ds-cfg-allow-multiple-password-values: false
ds-cfg-allow-pre-encoded-passwords: false
@@ -1236,7 +1236,7 @@
objectClass: ds-cfg-password-policy
cn: Root Password Policy
ds-cfg-password-attribute: userPassword
-ds-cfg-default-password-storage-scheme: SSHA512
+ds-cfg-default-password-storage-scheme-dn: cn=Salted SHA-512,cn=Password Storage Schemes,cn=config
ds-cfg-allow-expired-password-changes: false
ds-cfg-allow-multiple-password-values: false
ds-cfg-allow-pre-encoded-passwords: false
@@ -1482,6 +1482,8 @@
ds-cfg-plugin-class: org.opends.server.plugins.PasswordPolicyImportPlugin
ds-cfg-plugin-enabled: true
ds-cfg-plugin-type: ldifImport
+ds-cfg-default-user-password-storage-scheme-dn: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config
+ds-cfg-default-auth-password-storage-scheme-dn: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config
dn: cn=Profiler,cn=Plugins,cn=config
objectClass: top
diff --git a/opends/resource/schema/02-config.ldif b/opends/resource/schema/02-config.ldif
index 9704c40..6723b92 100644
--- a/opends/resource/schema/02-config.ldif
+++ b/opends/resource/schema/02-config.ldif
@@ -610,11 +610,11 @@
NAME 'ds-cfg-allow-user-password-changes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.26027.1.1.178
- NAME 'ds-cfg-default-password-storage-scheme'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'OpenDS Directory Server' )
+ NAME 'ds-cfg-default-password-storage-scheme-dn'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'OpenDS Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.26027.1.1.179
- NAME 'ds-cfg-deprecated-password-storage-scheme'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'OpenDS Directory Server' )
+ NAME 'ds-cfg-deprecated-password-storage-scheme-dn'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'OpenDS Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.26027.1.1.180
NAME 'ds-cfg-expire-passwords-without-warning'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
@@ -1466,11 +1466,11 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
X-ORIGIN 'OpenDS Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.26027.1.1.429
- NAME 'ds-cfg-default-user-password-storage-scheme'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'OpenDS Directory Server' )
+ NAME 'ds-cfg-default-user-password-storage-scheme-dn'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'OpenDS Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.26027.1.1.430
- NAME 'ds-cfg-default-auth-password-storage-scheme'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'OpenDS Directory Server' )
+ NAME 'ds-cfg-default-auth-password-storage-scheme-dn'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'OpenDS Directory Server' )
attributeTypes: ( 1.3.6.1.4.1.26027.1.1.435
NAME 'ds-cfg-strip-syntax-minimum-upper-bound'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
@@ -1964,12 +1964,12 @@
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.62 NAME 'ds-cfg-password-policy'
SUP top STRUCTURAL MUST ( cn $ ds-cfg-password-attribute $
- ds-cfg-default-password-storage-scheme )
+ ds-cfg-default-password-storage-scheme-dn )
MAY ( ds-cfg-account-status-notification-handler-dn $
ds-cfg-allow-expired-password-changes $
ds-cfg-allow-multiple-password-values $ ds-cfg-allow-pre-encoded-passwords $
ds-cfg-allow-user-password-changes $
- ds-cfg-deprecated-password-storage-scheme $
+ ds-cfg-deprecated-password-storage-scheme-dn $
ds-cfg-expire-passwords-without-warning $ ds-cfg-force-change-on-add $
ds-cfg-force-change-on-reset $ ds-cfg-grace-login-count $
ds-cfg-idle-lockout-interval $ ds-cfg-last-login-time-attribute $
@@ -2261,8 +2261,8 @@
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.115
NAME 'ds-cfg-password-policy-import-plugin' SUP ds-cfg-plugin STRUCTURAL
- MAY ( ds-cfg-default-user-password-storage-scheme $
- ds-cfg-default-auth-password-storage-scheme )
+ MAY ( ds-cfg-default-user-password-storage-scheme-dn $
+ ds-cfg-default-auth-password-storage-scheme-dn )
X-ORIGIN 'OpenDS Directory Server' )
objectClasses: ( 1.3.6.1.4.1.26027.1.2.117
NAME 'ds-cfg-vlv-je-index' SUP top STRUCTURAL
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
index 8f91647..d19b8e0 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
@@ -65,54 +65,48 @@
</adm:profile>
</adm:property>
- <adm:property name="default-password-storage-scheme" mandatory="true"
+ <adm:property name="default-password-storage-scheme-dn" mandatory="true"
multi-valued="true">
<adm:synopsis>
- Specifies the password storage scheme (or set of schemes) that
- will be used to encode clear-text passwords.
+ Specifies the DNs of the configuration entries for the password storage
+ schemes that will be used to encode clear-text passwords for this
+ password policy.
</adm:synopsis>
- <adm:description>
- Specifies the password storage scheme (or set of schemes) that
- will be used to encode clear-text passwords. If multiple default
- storage schemes are defined for a password policy, then the same
- password will be encoded using all of those schemes. Changes to
- this configuration attribute will take effect immediately.
- </adm:description>
<adm:syntax>
- <adm:string />
+ <adm:dn>
+ <adm:base>cn=password storage schemes,cn=config</adm:base>
+ </adm:dn>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:oid>1.3.6.1.4.1.26027.1.1.178</ldap:oid>
- <ldap:name>ds-cfg-default-password-storage-scheme</ldap:name>
+ <ldap:name>ds-cfg-default-password-storage-scheme-dn</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
- <adm:property name="deprecated-password-storage-scheme"
+ <adm:property name="deprecated-password-storage-scheme-dn"
mandatory="false" multi-valued="true">
<adm:synopsis>
- Specifies the password storage scheme (or set of schemes) that
- should be considered deprecated.
+ Specifies the DNs of the configuration entries for password storage
+ schemes that will be considered deprecated for this password policy. If a
+ user with this password policy authenticates to the server and his/her
+ password is encoded with any deprecated schemes, then those values will
+ be removed and replaced with values encoded using the default password
+ storage scheme(s).
</adm:synopsis>
- <adm:description>
- Specifies the password storage scheme (or set of schemes) that
- should be considered deprecated. If an authenticating user has a
- password encoded with one of these schemes, those passwords will
- be removed and replaced with passwords encoded using the default
- schemes. Changes to this configuration attribute will take effect
- immediately.
- </adm:description>
<adm:default-behavior>
<adm:undefined />
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:dn>
+ <adm:base>cn=password storage schemes,cn=config</adm:base>
+ </adm:dn>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:oid>1.3.6.1.4.1.26027.1.1.179</ldap:oid>
- <ldap:name>ds-cfg-deprecated-password-storage-scheme</ldap:name>
+ <ldap:name>ds-cfg-deprecated-password-storage-scheme-dn</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
index 8e1bb04..b4e4c9c 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
@@ -27,10 +27,11 @@
! -->
<adm:managed-object name="password-policy-import-plugin"
-plural-name="password-policy-import-plugins"
-package="org.opends.server.admin.std" extends="plugin"
-xmlns:adm="http://www.opends.org/admin"
-xmlns:ldap="http://www.opends.org/admin-ldap">
+ plural-name="password-policy-import-plugins"
+ package="org.opends.server.admin.std" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+
<adm:synopsis>
The
<adm:user-friendly-name />
@@ -65,13 +66,14 @@
</adm:default-behavior>
</adm:property-override>
- <adm:property name="default-user-password-storage-scheme" mandatory="false"
+ <adm:property name="default-user-password-storage-scheme-dn" mandatory="false"
multi-valued="true">
<adm:synopsis>
- Specifies the name(s) of the storage scheme(s) that will be used for
- encoding passwords contained in attributes with the user password syntax
- for entries that do not include the ds-pwp-password-policy-dn attribute to
- specify which password policy should be used to govern them.
+ Specifies the DNs of the configuration entries for the password storage
+ schemes that will be used for encoding passwords contained in attributes
+ with the user password syntax for entries that do not include the
+ ds-pwp-password-policy-dn attribute to specify which password policy
+ should be used to govern them.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
@@ -84,7 +86,9 @@
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:dn>
+ <adm:base>cn=password storage schemes,cn=config</adm:base>
+ </adm:dn>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -94,13 +98,14 @@
</adm:profile>
</adm:property>
- <adm:property name="default-auth-password-storage-scheme" mandatory="false"
+ <adm:property name="default-auth-password-storage-scheme-dn" mandatory="false"
multi-valued="true">
<adm:synopsis>
- Specifies the name(s) of the storage scheme(s) that will be used for
- encoding passwords contained in attributes with the auth password syntax
- for entries that do not include the ds-pwp-password-policy-dn attribute to
- specify which password policy should be used to govern them.
+ Specifies the DNs of the configuration entries for the password storage
+ schemes that will be used for encoding passwords contained in attributes
+ with the auth password syntax for entries that do not include the
+ ds-pwp-password-policy-dn attribute to specify which password policy
+ should be used to govern them.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
@@ -113,12 +118,14 @@
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:dn>
+ <adm:base>cn=password storage schemes,cn=config</adm:base>
+ </adm:dn>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:oid>1.3.6.1.4.1.26027.1.1.430</ldap:oid>
- <ldap:name>ds-cfg-default-auth-password-storage-scheme</ldap:name>
+ <ldap:name>ds-cfg-default-auth-password-storage-scheme-dn</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
diff --git a/opends/src/messages/messages/core.properties b/opends/src/messages/messages/core.properties
index 49a1ac4..4613a96 100644
--- a/opends/src/messages/messages/core.properties
+++ b/opends/src/messages/messages/core.properties
@@ -1663,3 +1663,12 @@
to the trust store: %s
INFO_TRUSTSTORESYNC_DELETE_FAILED_656=Error while trying to delete entry %s \
from the trust store: %s
+SEVERE_ERR_PWPOLICY_SCHEME_DOESNT_SUPPORT_AUTH_657=The password storage \
+ scheme defined in configuration entry %s does not support the auth password \
+ syntax, which is used by password attribute %s
+SEVERE_ERR_PWPOLICY_NO_SUCH_DEPRECATED_SCHEME_658=Password policy \
+ configuration entry %s references deprecated password storage scheme DN %s \
+ which is not available for use in the server
+SEVERE_ERR_PWPOLICY_DEPRECATED_SCHEME_NOT_AUTH_659=Password policy \
+ configuration entry %s references deprecated password storage scheme DN %s \
+ which does not support the auth password syntax
diff --git a/opends/src/messages/messages/plugin.properties b/opends/src/messages/messages/plugin.properties
index a8ba1b9..8b0a93c 100644
--- a/opends/src/messages/messages/plugin.properties
+++ b/opends/src/messages/messages/plugin.properties
@@ -376,3 +376,6 @@
would have resulted in a value for attribute %s that was not 7-bit clean
MILD_ERR_PLUGIN_7BIT_IMPORT_ATTR_NOT_CLEAN_103=The entry included a value for \
attribute %s that was not 7-bit clean
+SEVERE_ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME_104=The password \
+ policy import plugin references default auth password storage scheme %s \
+ which is not available for use in the server
diff --git a/opends/src/server/org/opends/server/core/DirectoryServer.java b/opends/src/server/org/opends/server/core/DirectoryServer.java
index 0b93dd2..a0267d7 100644
--- a/opends/src/server/org/opends/server/core/DirectoryServer.java
+++ b/opends/src/server/org/opends/server/core/DirectoryServer.java
@@ -457,6 +457,11 @@
private ConcurrentHashMap<String,PasswordStorageScheme>
passwordStorageSchemes;
+ // The set of password storage schemes defined in the server (mapped between
+ // the DN of the configuration entry and the storage scheme).
+ private ConcurrentHashMap<DN,PasswordStorageScheme>
+ passwordStorageSchemesByDN;
+
// The set of SASL mechanism handlers registered with the server (mapped
// between the mechanism name and the handler).
private ConcurrentHashMap<String,SASLMechanismHandler> saslMechanismHandlers;
@@ -863,6 +868,8 @@
directoryServer.alertHandlers = new CopyOnWriteArrayList<AlertHandler>();
directoryServer.passwordStorageSchemes =
new ConcurrentHashMap<String,PasswordStorageScheme>();
+ directoryServer.passwordStorageSchemesByDN =
+ new ConcurrentHashMap<DN,PasswordStorageScheme>();
directoryServer.passwordGenerators =
new ConcurrentHashMap<DN,PasswordGenerator>();
directoryServer.authPasswordStorageSchemes =
@@ -4812,6 +4819,23 @@
/**
+ * Retrieves the password storage scheme defined in the specified
+ * configuration entry.
+ *
+ * @param configEntryDN The DN of the configuration entry that defines the
+ * password storage scheme to retrieve.
+ *
+ * @return The requested password storage scheme, or {@code null} if no such
+ * scheme is defined.
+ */
+ public static PasswordStorageScheme getPasswordStorageScheme(DN configEntryDN)
+ {
+ return directoryServer.passwordStorageSchemesByDN.get(configEntryDN);
+ }
+
+
+
+ /**
* Retrieves the set of password storage schemes defined in the Directory
* Server, as a mapping between the all-lowercase scheme name and the
* corresponding implementation.
@@ -4880,11 +4904,16 @@
* If an existing password storage scheme is registered with the same name,
* then it will be replaced with the provided scheme.
*
- * @param scheme The password storage scheme to register with the Directory
- * Server.
+ * @param configEntryDN The DN of the configuration entry that defines the
+ * password storage scheme.
+ * @param scheme The password storage scheme to register with the
+ * Directory Server.
*/
- public static void registerPasswordStorageScheme(PasswordStorageScheme scheme)
+ public static void registerPasswordStorageScheme(DN configEntryDN,
+ PasswordStorageScheme scheme)
{
+ directoryServer.passwordStorageSchemesByDN.put(configEntryDN, scheme);
+
String name = toLowerCase(scheme.getStorageSchemeName());
directoryServer.passwordStorageSchemes.put(name, scheme);
@@ -4902,18 +4931,24 @@
* Server. If no scheme is registered with the specified name, then no action
* will be taken.
*
- * @param lowerName The name of the password storage scheme to deregister,
- * formatted in all lowercache characters.
+ * @param configEntryDN The DN of the configuration entry that defines the
+ * password storage scheme.
*/
- public static void deregisterPasswordStorageScheme(String lowerName)
+ public static void deregisterPasswordStorageScheme(DN configEntryDN)
{
PasswordStorageScheme scheme =
- directoryServer.passwordStorageSchemes.remove(lowerName);
+ directoryServer.passwordStorageSchemesByDN.remove(configEntryDN);
- if ((scheme != null) && scheme.supportsAuthPasswordSyntax())
+ if (scheme != null)
{
- directoryServer.authPasswordStorageSchemes.remove(
- scheme.getAuthPasswordSchemeName());
+ directoryServer.passwordStorageSchemes.remove(
+ toLowerCase(scheme.getStorageSchemeName()));
+
+ if (scheme.supportsAuthPasswordSyntax())
+ {
+ directoryServer.authPasswordStorageSchemes.remove(
+ scheme.getAuthPasswordSchemeName());
+ }
}
}
diff --git a/opends/src/server/org/opends/server/core/PasswordPolicy.java b/opends/src/server/org/opends/server/core/PasswordPolicy.java
index ed44124..8de6b4e 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicy.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicy.java
@@ -25,7 +25,6 @@
* Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
package org.opends.server.core;
-import org.opends.messages.Message;
@@ -33,6 +32,7 @@
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.SortedSet;
import java.util.TimeZone;
@@ -40,6 +40,7 @@
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CopyOnWriteArraySet;
+import org.opends.messages.Message;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.admin.std.server.PasswordPolicyCfg;
import org.opends.server.admin.std.server.PasswordValidatorCfg;
@@ -48,18 +49,18 @@
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
import org.opends.server.config.ConfigException;
+import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.schema.GeneralizedTimeSyntax;
import org.opends.server.types.AttributeType;
import org.opends.server.types.ByteString;
+import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DN;
import org.opends.server.types.InitializationException;
+import static org.opends.messages.CoreMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.loggers.debug.DebugLogger.*;
-import org.opends.server.loggers.debug.DebugTracer;
-import org.opends.server.types.DebugLogLevel;
-import static org.opends.messages.CoreMessages.*;
import static org.opends.server.schema.SchemaConstants.*;
import static org.opends.server.util.ServerConstants.*;
import static org.opends.server.util.StaticUtils.*;
@@ -294,11 +295,11 @@
// Get the default storage schemes. They must all reference valid storage
// schemes that support the syntax for the specified password attribute.
- SortedSet<String> storageSchemes =
- configuration.getDefaultPasswordStorageScheme();
+ SortedSet<DN> storageSchemeDNs =
+ configuration.getDefaultPasswordStorageSchemeDN();
try
{
- if (storageSchemes == null)
+ if (storageSchemeDNs == null)
{
Message message = ERR_PWPOLICY_NO_DEFAULT_STORAGE_SCHEMES.get(
String.valueOf(configEntryDN));
@@ -308,27 +309,28 @@
{
LinkedList<PasswordStorageScheme> schemes =
new LinkedList<PasswordStorageScheme>();
- for (String schemeName : storageSchemes)
+ for (DN configEntryDN : storageSchemeDNs)
{
- PasswordStorageScheme scheme;
- if (this.authPasswordSyntax)
- {
- scheme = DirectoryServer.getAuthPasswordStorageScheme(schemeName);
- }
- else
- {
- scheme = DirectoryServer.getPasswordStorageScheme(
- toLowerCase(schemeName));
- }
+ PasswordStorageScheme scheme =
+ DirectoryServer.getPasswordStorageScheme(configEntryDN);
if (scheme == null)
{
Message message = ERR_PWPOLICY_NO_SUCH_DEFAULT_SCHEME.get(
- String.valueOf(configEntryDN), String.valueOf(schemeName));
+ String.valueOf(configEntryDN), String.valueOf(configEntryDN));
throw new ConfigException(message);
}
else
{
+ if (this.authPasswordSyntax &&
+ (! scheme.supportsAuthPasswordSyntax()))
+ {
+ Message message = ERR_PWPOLICY_SCHEME_DOESNT_SUPPORT_AUTH.get(
+ String.valueOf(configEntryDN),
+ this.passwordAttribute.getNameOrOID());
+ throw new ConfigException(message);
+ }
+
schemes.add(scheme);
}
}
@@ -355,14 +357,49 @@
// Get the names of the deprecated storage schemes.
- SortedSet<String> deprecatedStorageSchemes =
- configuration.getDeprecatedPasswordStorageScheme();
+ SortedSet<DN> deprecatedStorageSchemeDNs =
+ configuration.getDeprecatedPasswordStorageSchemeDN();
try
{
- if (deprecatedStorageSchemes != null)
+ if (deprecatedStorageSchemeDNs != null)
{
+ LinkedHashSet<String> newDeprecatedStorageSchemes =
+ new LinkedHashSet<String>();
+ for (DN schemeDN : deprecatedStorageSchemeDNs)
+ {
+ PasswordStorageScheme scheme =
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
+ if (scheme == null)
+ {
+ Message message = ERR_PWPOLICY_NO_SUCH_DEPRECATED_SCHEME.get(
+ String.valueOf(configEntryDN),
+ String.valueOf(schemeDN));
+ throw new ConfigException(message);
+ }
+ else if (this.authPasswordSyntax)
+ {
+ if (scheme.supportsAuthPasswordSyntax())
+ {
+ newDeprecatedStorageSchemes.add(
+ scheme.getAuthPasswordSchemeName());
+ }
+ else
+ {
+ Message message = ERR_PWPOLICY_DEPRECATED_SCHEME_NOT_AUTH.get(
+ String.valueOf(configEntryDN),
+ String.valueOf(schemeDN));
+ throw new ConfigException(message);
+ }
+ }
+ else
+ {
+ newDeprecatedStorageSchemes.add(
+ toLowerCase(scheme.getStorageSchemeName()));
+ }
+ }
+
this.deprecatedStorageSchemes =
- new CopyOnWriteArraySet<String>(deprecatedStorageSchemes);
+ new CopyOnWriteArraySet<String>(newDeprecatedStorageSchemes);
}
}
catch (Exception e)
diff --git a/opends/src/server/org/opends/server/core/PasswordStorageSchemeConfigManager.java b/opends/src/server/org/opends/server/core/PasswordStorageSchemeConfigManager.java
index 92f60a6..14600f0 100644
--- a/opends/src/server/org/opends/server/core/PasswordStorageSchemeConfigManager.java
+++ b/opends/src/server/org/opends/server/core/PasswordStorageSchemeConfigManager.java
@@ -374,7 +374,7 @@
// ... and install the password storage scheme in the server.
DN configEntryDN = configuration.dn();
storageSchemes.put (configEntryDN, schemeClass);
- DirectoryServer.registerPasswordStorageScheme (schemeClass);
+ DirectoryServer.registerPasswordStorageScheme (configEntryDN, schemeClass);
}
@@ -484,9 +484,7 @@
storageSchemes.remove (configEntryDN);
if (scheme != null)
{
- DirectoryServer.deregisterPasswordStorageScheme (
- scheme.getStorageSchemeName().toLowerCase()
- );
+ DirectoryServer.deregisterPasswordStorageScheme(configEntryDN);
scheme.finalizePasswordStorageScheme();
}
}
diff --git a/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java b/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java
index 25a05d9..f0ffedc 100644
--- a/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java
+++ b/opends/src/server/org/opends/server/plugins/PasswordPolicyImportPlugin.java
@@ -164,9 +164,9 @@
// Get the set of default password storage schemes for auth password
// attributes.
PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
- Set<String> authSchemesSet =
- configuration.getDefaultAuthPasswordStorageScheme();
- if ((authSchemesSet == null) || authSchemesSet.isEmpty())
+ Set<DN> authSchemeDNs =
+ configuration.getDefaultAuthPasswordStorageSchemeDN();
+ if ((authSchemeDNs == null) || authSchemeDNs.isEmpty())
{
if (defaultPolicy.usesAuthPasswordSyntax())
{
@@ -193,16 +193,24 @@
else
{
defaultAuthPasswordSchemes =
- new PasswordStorageScheme[authSchemesSet.size()];
+ new PasswordStorageScheme[authSchemeDNs.size()];
int i=0;
- for (String schemeName : authSchemesSet)
+ for (DN schemeDN : authSchemeDNs)
{
defaultAuthPasswordSchemes[i] =
- DirectoryServer.getAuthPasswordStorageScheme(schemeName);
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
if (defaultAuthPasswordSchemes[i] == null)
{
Message message =
- ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(schemeName);
+ ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
+ String.valueOf(schemeDN));
+ throw new ConfigException(message);
+ }
+ else if (! defaultAuthPasswordSchemes[i].supportsAuthPasswordSyntax())
+ {
+ Message message =
+ ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
+ String.valueOf(schemeDN));
throw new ConfigException(message);
}
i++;
@@ -212,9 +220,9 @@
// Get the set of default password storage schemes for user password
// attributes.
- Set<String> userSchemeSet =
- configuration.getDefaultUserPasswordStorageScheme();
- if ((userSchemeSet == null) || userSchemeSet.isEmpty())
+ Set<DN> userSchemeDNs =
+ configuration.getDefaultUserPasswordStorageSchemeDN();
+ if ((userSchemeDNs == null) || userSchemeDNs.isEmpty())
{
if (! defaultPolicy.usesAuthPasswordSyntax())
{
@@ -241,16 +249,17 @@
else
{
defaultUserPasswordSchemes =
- new PasswordStorageScheme[userSchemeSet.size()];
+ new PasswordStorageScheme[userSchemeDNs.size()];
int i=0;
- for (String schemeName : userSchemeSet)
+ for (DN schemeDN : userSchemeDNs)
{
defaultUserPasswordSchemes[i] =
- DirectoryServer.getPasswordStorageScheme(toLowerCase(schemeName));
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
if (defaultUserPasswordSchemes[i] == null)
{
Message message =
- ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(schemeName);
+ ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
+ String.valueOf(schemeDN));
throw new ConfigException(message);
}
i++;
@@ -632,9 +641,9 @@
// Get the set of default password storage schemes for auth password
// attributes.
- Set<String> authSchemesSet =
- configuration.getDefaultAuthPasswordStorageScheme();
- if ((authSchemesSet == null) || authSchemesSet.isEmpty())
+ Set<DN> authSchemeDNs =
+ configuration.getDefaultAuthPasswordStorageSchemeDN();
+ if ((authSchemeDNs == null) || authSchemeDNs.isEmpty())
{
PasswordStorageScheme[] defaultAuthSchemes = new PasswordStorageScheme[1];
defaultAuthSchemes[0] =
@@ -651,16 +660,25 @@
else
{
PasswordStorageScheme[] defaultAuthSchemes =
- new PasswordStorageScheme[authSchemesSet.size()];
+ new PasswordStorageScheme[authSchemeDNs.size()];
int i=0;
- for (String schemeName : authSchemesSet)
+ for (DN schemeDN : authSchemeDNs)
{
defaultAuthSchemes[i] =
- DirectoryServer.getAuthPasswordStorageScheme(schemeName);
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
if (defaultAuthSchemes[i] == null)
{
- Message message = ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
- schemeName);
+ Message message =
+ ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
+ String.valueOf(schemeDN));
+ unacceptableReasons.add(message);
+ configAcceptable = false;
+ }
+ else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
+ {
+ Message message =
+ ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
+ String.valueOf(schemeDN));
unacceptableReasons.add(message);
configAcceptable = false;
}
@@ -671,9 +689,9 @@
// Get the set of default password storage schemes for user password
// attributes.
- Set<String> userSchemeSet =
- configuration.getDefaultUserPasswordStorageScheme();
- if ((userSchemeSet == null) || userSchemeSet.isEmpty())
+ Set<DN> userSchemeDNs =
+ configuration.getDefaultUserPasswordStorageSchemeDN();
+ if ((userSchemeDNs == null) || userSchemeDNs.isEmpty())
{
PasswordStorageScheme[] defaultUserSchemes = new PasswordStorageScheme[1];
defaultUserSchemes[0] =
@@ -690,16 +708,16 @@
else
{
PasswordStorageScheme[] defaultUserSchemes =
- new PasswordStorageScheme[userSchemeSet.size()];
+ new PasswordStorageScheme[userSchemeDNs.size()];
int i=0;
- for (String schemeName : userSchemeSet)
+ for (DN schemeDN : userSchemeDNs)
{
defaultUserSchemes[i] =
- DirectoryServer.getPasswordStorageScheme(toLowerCase(schemeName));
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
if (defaultUserSchemes[i] == null)
{
Message message = ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
- schemeName);
+ String.valueOf(schemeDN));
unacceptableReasons.add(message);
configAcceptable = false;
}
@@ -728,9 +746,9 @@
// attributes.
PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
PasswordStorageScheme[] defaultAuthSchemes;
- Set<String> authSchemesSet =
- configuration.getDefaultAuthPasswordStorageScheme();
- if ((authSchemesSet == null) || authSchemesSet.isEmpty())
+ Set<DN> authSchemeDNs =
+ configuration.getDefaultAuthPasswordStorageSchemeDN();
+ if ((authSchemeDNs == null) || authSchemeDNs.isEmpty())
{
if (defaultPolicy.usesAuthPasswordSyntax())
{
@@ -757,18 +775,27 @@
}
else
{
- defaultAuthSchemes = new PasswordStorageScheme[authSchemesSet.size()];
+ defaultAuthSchemes = new PasswordStorageScheme[authSchemeDNs.size()];
int i=0;
- for (String schemeName : authSchemesSet)
+ for (DN schemeDN : authSchemeDNs)
{
defaultAuthSchemes[i] =
- DirectoryServer.getAuthPasswordStorageScheme(schemeName);
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
if (defaultAuthSchemes[i] == null)
{
resultCode = DirectoryServer.getServerErrorResultCode();
- messages.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
- schemeName));
+ messages.add(
+ ERR_PLUGIN_PWIMPORT_NO_SUCH_DEFAULT_AUTH_SCHEME.get(
+ String.valueOf(schemeDN)));
+ }
+ else if (! defaultAuthSchemes[i].supportsAuthPasswordSyntax())
+ {
+ resultCode = DirectoryServer.getServerErrorResultCode();
+
+ messages.add(
+ ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_AUTH_SCHEME.get(
+ String.valueOf(schemeDN)));
}
i++;
}
@@ -778,9 +805,9 @@
// Get the set of default password storage schemes for user password
// attributes.
PasswordStorageScheme[] defaultUserSchemes;
- Set<String> userSchemeSet =
- configuration.getDefaultUserPasswordStorageScheme();
- if ((userSchemeSet == null) || userSchemeSet.isEmpty())
+ Set<DN> userSchemeDNs =
+ configuration.getDefaultUserPasswordStorageSchemeDN();
+ if ((userSchemeDNs == null) || userSchemeDNs.isEmpty())
{
if (! defaultPolicy.usesAuthPasswordSyntax())
{
@@ -806,18 +833,18 @@
}
else
{
- defaultUserSchemes = new PasswordStorageScheme[userSchemeSet.size()];
+ defaultUserSchemes = new PasswordStorageScheme[userSchemeDNs.size()];
int i=0;
- for (String schemeName : userSchemeSet)
+ for (DN schemeDN : userSchemeDNs)
{
defaultUserSchemes[i] =
- DirectoryServer.getPasswordStorageScheme(toLowerCase(schemeName));
+ DirectoryServer.getPasswordStorageScheme(schemeDN);
if (defaultUserSchemes[i] == null)
{
resultCode = DirectoryServer.getServerErrorResultCode();
messages.add(ERR_PLUGIN_PWIMPORT_INVALID_DEFAULT_USER_SCHEME.get(
- schemeName));
+ String.valueOf(schemeDN)));
}
i++;
}
diff --git a/opends/tests/unit-tests-testng/resource/config-changes.ldif b/opends/tests/unit-tests-testng/resource/config-changes.ldif
index 960b055..b26cc6f 100644
--- a/opends/tests/unit-tests-testng/resource/config-changes.ldif
+++ b/opends/tests/unit-tests-testng/resource/config-changes.ldif
@@ -67,7 +67,7 @@
objectClass: ds-cfg-password-policy
cn: SSHA512 UserPassword Policy
ds-cfg-password-attribute: userPassword
-ds-cfg-default-password-storage-scheme: SSHA512
+ds-cfg-default-password-storage-scheme-dn: cn=Salted SHA-512,cn=Password Storage Schemes,cn=config
ds-cfg-allow-expired-password-changes: false
ds-cfg-allow-multiple-password-values: false
ds-cfg-allow-pre-encoded-passwords: false
@@ -97,7 +97,7 @@
objectClass: ds-cfg-password-policy
cn: SHA1 AuthPassword Policy
ds-cfg-password-attribute: authPassword
-ds-cfg-default-password-storage-scheme: SHA1
+ds-cfg-default-password-storage-scheme-dn: cn=Salted SHA-1,cn=Password Storage Schemes,cn=config
ds-cfg-allow-expired-password-changes: false
ds-cfg-allow-multiple-password-values: false
ds-cfg-allow-pre-encoded-passwords: false
@@ -127,7 +127,7 @@
objectClass: ds-cfg-password-policy
cn: Test AuthPassword Policy
ds-cfg-password-attribute: userPassword
-ds-cfg-default-password-storage-scheme: CLEAR
+ds-cfg-default-password-storage-scheme-dn: cn=CLEAR,cn=Password Storage Schemes,cn=config
ds-cfg-allow-expired-password-changes: false
ds-cfg-allow-multiple-password-values: false
ds-cfg-allow-pre-encoded-passwords: false
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/core/PasswordPolicyTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/core/PasswordPolicyTestCase.java
index a20c562..003b348 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/core/PasswordPolicyTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/core/PasswordPolicyTestCase.java
@@ -98,7 +98,8 @@
"objectClass: top",
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -127,7 +128,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: invalid",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -156,7 +158,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: cn",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -186,7 +189,8 @@
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
"ds-cfg-last-login-time-attribute: invalid",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -215,7 +219,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: invalid",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -244,7 +249,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: invalid",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -273,7 +279,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: invalid",
@@ -302,7 +309,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -331,7 +339,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -360,7 +369,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -389,7 +399,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -418,7 +429,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -447,7 +459,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -476,7 +489,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -505,7 +519,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -534,7 +549,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -563,7 +579,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -592,7 +609,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -621,7 +639,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -650,7 +669,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -679,7 +699,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -708,7 +729,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -737,7 +759,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -766,7 +789,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -795,7 +819,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -824,7 +849,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -853,7 +879,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -882,7 +909,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -911,7 +939,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -940,7 +969,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -969,7 +999,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -998,7 +1029,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1027,7 +1059,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1056,7 +1089,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1085,7 +1119,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1114,7 +1149,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1143,7 +1179,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1172,7 +1209,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1201,7 +1239,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1230,7 +1269,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1259,7 +1299,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1288,7 +1329,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1317,7 +1359,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1346,7 +1389,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1375,7 +1419,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1404,7 +1449,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1433,7 +1479,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1462,7 +1509,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1491,7 +1539,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1520,7 +1569,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1549,7 +1599,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1578,7 +1629,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1607,7 +1659,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1636,7 +1689,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1665,7 +1719,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1694,7 +1749,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1724,7 +1780,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1754,7 +1811,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1782,7 +1840,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1811,7 +1870,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1841,7 +1901,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1900,7 +1961,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: invalid",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Undefined,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1929,8 +1991,7 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
- "ds-cfg-default-password-storage-scheme: invalid",
+ "ds-cfg-default-password-storage-scheme-dn: invalid",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1959,7 +2020,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -1989,7 +2051,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -2020,7 +2083,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -2054,8 +2118,10 @@
"objectClass: ds-cfg-password-policy",
"cn: Default Password Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
- "ds-cfg-deprecated-password-storage-scheme: BASE64",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
+ "ds-cfg-deprecated-password-storage-scheme: " +
+ "cn=BASE64,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
@@ -2208,7 +2274,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "default-password-storage-scheme:BASE64");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Base64,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getDefaultPasswordPolicy();
defaultSchemes = p.getDefaultStorageSchemes();
@@ -2219,7 +2286,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "default-password-storage-scheme:SSHA");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config");
}
@@ -2245,7 +2313,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--set", "default-password-storage-scheme:MD5");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Salted MD5,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getPasswordPolicy(dn);
defaultSchemes = p.getDefaultStorageSchemes();
@@ -2256,7 +2325,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--set", "default-password-storage-scheme:SHA1");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config");
}
@@ -2278,7 +2348,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "default-password-storage-scheme:BASE64");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=BASE64,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getDefaultPasswordPolicy();
assertTrue(p.isDefaultStorageScheme("BASE64"));
@@ -2288,7 +2359,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "default-password-storage-scheme:SSHA");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config");
}
@@ -2312,7 +2384,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--set", "default-password-storage-scheme:MD5");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Salted MD5,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getPasswordPolicy(dn);
assertTrue(p.isDefaultStorageScheme("MD5"));
@@ -2322,7 +2395,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--set", "default-password-storage-scheme:SHA1");
+ "--set", "default-password-storage-scheme-dn:" +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config");
}
@@ -2346,7 +2420,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "deprecated-password-storage-scheme:BASE64");
+ "--set", "deprecated-password-storage-scheme-dn:" +
+ "cn=BASE64,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getDefaultPasswordPolicy();
deprecatedSchemes = p.getDeprecatedStorageSchemes();
@@ -2357,7 +2432,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--remove", "deprecated-password-storage-scheme:BASE64");
+ "--remove", "deprecated-password-storage-scheme-dn:" +
+ "cn=BASE64,cn=Password Storage Schemes,cn=config");
}
@@ -2383,7 +2459,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--set", "deprecated-password-storage-scheme:MD5");
+ "--set", "deprecated-password-storage-scheme-dn:" +
+ "cn=Salted MD5,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getPasswordPolicy(dn);
deprecatedSchemes = p.getDeprecatedStorageSchemes();
@@ -2394,7 +2471,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--remove", "deprecated-password-storage-scheme:MD5");
+ "--remove", "deprecated-password-storage-scheme-dn:" +
+ "cn=Salted MD5,cn=Password Storage Schemes,cn=config");
}
@@ -2415,7 +2493,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--set", "deprecated-password-storage-scheme:BASE64");
+ "--set", "deprecated-password-storage-scheme-dn:" +
+ "cn=BASE64,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getDefaultPasswordPolicy();
assertTrue(p.isDeprecatedStorageScheme("BASE64"));
@@ -2424,7 +2503,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "Default Password Policy",
- "--remove", "deprecated-password-storage-scheme:BASE64");
+ "--remove", "deprecated-password-storage-scheme-dn:" +
+ "cn=BASE64,cn=Password Storage Schemes,cn=config");
}
@@ -2447,7 +2527,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--set", "deprecated-password-storage-scheme:MD5");
+ "--set", "deprecated-password-storage-scheme-dn:" +
+ "cn=Salted MD5,cn=Password Storage Schemes,cn=config");
p = DirectoryServer.getPasswordPolicy(dn);
assertTrue(p.isDeprecatedStorageScheme("MD5"));
@@ -2456,7 +2537,8 @@
TestCaseUtils.dsconfig(
"set-password-policy-prop",
"--policy-name", "SHA1 AuthPassword Policy",
- "--remove", "deprecated-password-storage-scheme:MD5");
+ "--remove", "deprecated-password-storage-scheme-dn:" +
+ "cn=Salted MD5,cn=Password Storage Schemes,cn=config");
}
@@ -3913,7 +3995,7 @@
/**
* Tests the <CODE>getRequireChangeByTime</CODE> method for the default
- * password storage scheme.
+ * password policy.
*
* @throws Exception If an unexpected problem occurs.
*/
@@ -3975,7 +4057,7 @@
/**
* Tests the <CODE>getLastLoginTimeAttribute</CODE> method for the default
- * password storage scheme.
+ * password policy.
*
* @throws Exception If an unexpected problem occurs.
*/
@@ -4037,7 +4119,7 @@
/**
* Tests the <CODE>getLastLoginTimeFormat</CODE> method for the default
- * password storage scheme.
+ * password policy.
*
* @throws Exception If an unexpected problem occurs.
*/
@@ -4099,7 +4181,7 @@
/**
* Tests the <CODE>getPreviousLastLoginTimeFormats</CODE> method for the
- * default password storage scheme.
+ * default password policy.
*
* @throws Exception If an unexpected problem occurs.
*/
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/UserDefinedVirtualAttributeProviderTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/UserDefinedVirtualAttributeProviderTestCase.java
index b405e39..038cbc4 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/UserDefinedVirtualAttributeProviderTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/extensions/UserDefinedVirtualAttributeProviderTestCase.java
@@ -141,7 +141,7 @@
Object providerAsObject = rule.getProvider();
UserDefinedVirtualAttributeProvider provider =
(UserDefinedVirtualAttributeProvider)providerAsObject;
-
+
assertFalse(provider.isMultiValued());
assertFalse(provider.isSearchable(rule, searchOperation));
@@ -569,7 +569,8 @@
"objectClass: ds-cfg-password-policy",
"cn: Test Policy",
"ds-cfg-password-attribute: userPassword",
- "ds-cfg-default-password-storage-scheme: SSHA",
+ "ds-cfg-default-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"ds-cfg-allow-expired-password-changes: false",
"ds-cfg-allow-multiple-password-values: false",
"ds-cfg-allow-pre-encoded-passwords: false",
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java
index 4e10d1b..31d1106 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/plugins/PasswordPolicyImportPluginTestCase.java
@@ -102,7 +102,8 @@
"PasswordPolicyImportPlugin",
"ds-cfg-plugin-enabled: true",
"ds-cfg-plugin-type: ldifImport",
- "ds-cfg-default-user-password-storage-scheme: SSHA",
+ "ds-cfg-default-user-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"",
"dn: cn=Password Policy Import,cn=Plugins,cn=config",
"objectClass: top",
@@ -113,8 +114,10 @@
"PasswordPolicyImportPlugin",
"ds-cfg-plugin-enabled: true",
"ds-cfg-plugin-type: ldifImport",
- "ds-cfg-default-user-password-storage-scheme: CRYPT",
- "ds-cfg-default-user-password-storage-scheme: SSHA",
+ "ds-cfg-default-user-password-storage-scheme-dn: " +
+ "cn=CRYPT,cn=Password Storage Schemes,cn=config",
+ "ds-cfg-default-user-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"",
"dn: cn=Password Policy Import,cn=Plugins,cn=config",
"objectClass: top",
@@ -125,7 +128,8 @@
"PasswordPolicyImportPlugin",
"ds-cfg-plugin-enabled: true",
"ds-cfg-plugin-type: ldifImport",
- "ds-cfg-default-auth-password-storage-scheme: SHA1",
+ "ds-cfg-default-auth-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
"",
"dn: cn=Password Policy Import,cn=Plugins,cn=config",
"objectClass: top",
@@ -136,8 +140,10 @@
"PasswordPolicyImportPlugin",
"ds-cfg-plugin-enabled: true",
"ds-cfg-plugin-type: ldifImport",
- "ds-cfg-default-user-password-storage-scheme: SSHA",
- "ds-cfg-default-auth-password-storage-scheme: SHA1"
+ "ds-cfg-default-user-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
+ "ds-cfg-default-auth-password-storage-scheme-dn: " +
+ "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config"
);
Object[][] array = new Object[entries.size()][1];
--
Gitblit v1.10.0