Package org.apache.directory.api.ldap.extras.extended.pwdModify

Examples of org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyResponseImpl


           
            if ( userEntry == null )
            {
                LOG.error( "Cannot find an entry for DN " + userDn );
                // We can't find the entry in the DIT
                ioPipe.write( new PasswordModifyResponseImpl(
                    req.getMessageId(), ResultCodeEnum.NO_SUCH_OBJECT, "Cannot find an entry for DN " + userDn ) );

                return;
            }
           
            Attribute at = userEntry.get( SchemaConstants.USER_PASSWORD_AT );
            if ( ( oldPassword != null ) && ( at != null ) )
            {
                for( Value<?> v : at )
                {
                    boolean equal = PasswordUtil.compareCredentials( oldPassword, v.getBytes() );
                    if( equal )
                    {
                        oldPassword = v.getBytes();
                    }
                }
            }
        }
        catch ( LdapException le )
        {
            LOG.error( "Cannot find an entry for DN " + userDn + ", exception : " + le.getMessage() );
            // We can't find the entry in the DIT
            ioPipe.write(
                new PasswordModifyResponseImpl(
                    req.getMessageId(), ResultCodeEnum.NO_SUCH_OBJECT, "Cannot find an entry for DN " + userDn ) );

            return;
        }

        // We can try to update the userPassword now
        ModifyRequest modifyRequest = new ModifyRequestImpl();
        modifyRequest.setName( userDn );

        Control ppolicyControl = req.getControl( PasswordPolicy.OID );
        if( ppolicyControl != null )
        {
            modifyRequest.addControl( ppolicyControl );
        }

        Modification modification = null;

        if ( oldPassword != null )
        {
            modification = new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
                SchemaConstants.USER_PASSWORD_AT, oldPassword );

            modifyRequest.addModification( modification );
        }

        if ( newPassword != null )
        {
            if ( oldPassword == null )
            {
                modification = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
                    SchemaConstants.USER_PASSWORD_AT, newPassword );
            }
            else
            {
                modification = new DefaultModification( ModificationOperation.ADD_ATTRIBUTE,
                    SchemaConstants.USER_PASSWORD_AT, newPassword );
            }

            modifyRequest.addModification( modification );
        }
        else
        {
            // In this case, we could either generate a new password, or return an error
            // Atm, we will return an unwillingToPerform error
            LOG.error( "Cannot create a new password for user " + userDn + ", exception : " + userDn );

            // We can't modify the password
            ioPipe.write( new PasswordModifyResponseImpl(
                req.getMessageId(), ResultCodeEnum.UNWILLING_TO_PERFORM, "Cannot generate a new password for user "
                    + userDn ) );

            return;
        }

        ResultCodeEnum errorCode = null;
        String errorMessage = null;

        try
        {
            userSession.modify( modifyRequest );

            LOG.debug( "Password modified for user " + userDn );

            // Ok, all done
            PasswordModifyResponseImpl pmrl = new PasswordModifyResponseImpl(
                req.getMessageId(), ResultCodeEnum.SUCCESS );

            ppolicyControl = modifyRequest.getResultResponse().getControl( PasswordPolicy.OID );

            if( ppolicyControl != null )
            {
                pmrl.addControl( ppolicyControl );
            }

            ioPipe.write( pmrl );

            return;
        }
        catch ( LdapOperationException loe )
        {
            errorCode = loe.getResultCode();
            errorMessage = loe.getMessage();
        }
        catch ( LdapException le )
        {
            // this exception means something else must be wrong
            errorCode = ResultCodeEnum.OTHER;
            errorMessage = le.getMessage();
        }

        // We can't modify the password
        LOG.error( "Cannot modify the password for user " + userDn + ", exception : " + errorMessage );
        PasswordModifyResponseImpl errorPmrl = new PasswordModifyResponseImpl(
            req.getMessageId(), errorCode, "Cannot modify the password for user "
                + userDn + ", exception : " + errorMessage );

        ppolicyControl = modifyRequest.getResultResponse().getControl( PasswordPolicy.OID );

        if( ppolicyControl != null )
        {
            errorPmrl.addControl( ppolicyControl );
        }

        ioPipe.write( errorPmrl );
    }
View Full Code Here


            }
            catch ( LdapInvalidDnException lide )
            {
                LOG.error( "The user DN is invalid : " + userDn );
                // The userIdentity is not a DN : return with an error code.
                requestor.getIoSession().write( new PasswordModifyResponseImpl(
                    req.getMessageId(), ResultCodeEnum.INVALID_DN_SYNTAX, "The user DN is invalid : " + userDn ) );
                return;
            }
        }

        byte[] oldPassword = req.getOldPassword();
        byte[] newPassword = req.getNewPassword();

        // First check if the user is bound or not
        if ( requestor.isAuthenticated() )
        {
            Dn principalDn = requestor.getCoreSession().getEffectivePrincipal().getDn();

            LOG.debug( "User {} trying to modify password of user {}", principalDn, userDn );

            // First, check that the userDn is null : we can't change the password of someone else
            // except if we are admin
            if ( ( userDn != null ) && ( !userDn.equals( principalDn ) ) )
            {
                // Are we admin ?
                if ( !requestor.getCoreSession().isAdministrator() )
                {
                    // No : error
                    LOG.error( "Non-admin user cannot access another user's password to modify it" );
                    requestor.getIoSession().write( new PasswordModifyResponseImpl(
                        req.getMessageId(), ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS,
                        "Non-admin user cannot access another user's password to modify it" ) );
                }
                else
                {
                    // We are administrator, we can try to modify the user's credentials
                    modifyUserPassword( requestor.getCoreSession(), requestor.getIoSession(), userDn, oldPassword, newPassword, req );
                }
            }
            else
            {
                // We are trying to modify our own password
                modifyUserPassword( requestor.getCoreSession(), requestor.getIoSession(), principalDn, oldPassword, newPassword, req );
            }
        }
        else
        {
            // The user is not authenticated : we have to use the provided userIdentity
            // and the oldPassword to check if the user is present
            BindOperationContext bindContext = new BindOperationContext( adminSession );
            bindContext.setDn( userDn );
            bindContext.setCredentials( oldPassword );

            try
            {
                service.getOperationManager().bind( bindContext );
            }
            catch ( LdapException le )
            {
                // We can't bind with the provided information : we thus can't
                // change the password...
                requestor.getIoSession().write( new PasswordModifyResponseImpl(
                    req.getMessageId(), ResultCodeEnum.INVALID_CREDENTIALS ) );

                return;
            }
View Full Code Here

                    "Init PasswordModifyResponse" )
                {
                    public void action( PasswordModifyResponseContainer container )
                    {
                        PasswordModifyResponseDecorator passwordModifyResponse = new PasswordModifyResponseDecorator(
                            LdapApiServiceFactory.getSingleton(), new PasswordModifyResponseImpl() );
                        container.setPasswordModifyResponse( passwordModifyResponse );

                        // We may have nothing left
                        container.setGrammarEndAllowed( true );
                    }
View Full Code Here

     * {@inheritDoc}
     */
    public PasswordModifyResponse newResponse( byte[] encodedValue ) throws DecoderException
    {
        PasswordModifyResponseDecorator response = new PasswordModifyResponseDecorator( codec,
            new PasswordModifyResponseImpl() );
        response.setResponseValue( encodedValue );
        return response;
    }
View Full Code Here

            StringWriter sw = new StringWriter();
            de.printStackTrace( new PrintWriter( sw ) );
            String stackTrace = sw.toString();

            // Error while decoding the value.
            pwdModifyResponse = new PasswordModifyResponseImpl(
                decoratedResponse.getMessageId(),
                ResultCodeEnum.OPERATIONS_ERROR,
                stackTrace );
        }
View Full Code Here

TOP

Related Classes of org.apache.directory.api.ldap.extras.extended.pwdModify.PasswordModifyResponseImpl

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.