I am using the following classes to retrieve the errors and , if any, the warning related tp the Implemented Password Policy. Unfortunately, It returns only the errors :
Password expired and Account locked
The code I used is the following:
publicvoidldapExceptionHandling(LDAPExceptionexception){System.out.println("sonoinLDAPException");BindResultbindResult=newBindResult(exception);try{DraftBeheraLDAPPasswordPolicy10ResponseControlpwpResponse=DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);if(pwpResponse==null){System.out.println("pwpResponse==null");LOG.error(exception.getMessage(),exception);JOptionPane.showMessageDialog(null,"Errorduringauthenticationprocess.","ERROR",JOptionPane.ERROR_MESSAGE);}else{DraftBeheraLDAPPasswordPolicy10WarningTypewarningType=pwpResponse.getWarningType();DraftBeheraLDAPPasswordPolicy10ErrorTypeerrorType=pwpResponse.getErrorType();if(warningType!=null){//Therewasapasswordpolicywarning.intvalue=pwpResponse.getWarningValue();switch(warningType){caseTIME_BEFORE_EXPIRATION:System.out.println("The warning value is the number of seconds until expiration : "+value);break;caseGRACE_LOGINS_REMAINING:System.out.println("The warning value is the number of grace logins remaining : "+value);}}else{System.out.println("Warningènull");}if(errorType!=null){switch(errorType){/** * The error type that indicates the user's password is expired. */casePASSWORD_EXPIRED:System.out.println("The error type that indicates the user's password is expired.");LOG.error(exception.getMessage(),exception);JOptionPane.showMessageDialog(null,exception.getResultString(),"ERROR",JOptionPane.ERROR_MESSAGE);break;/** * The error type that indicates the user's account is locked or disabled. */caseACCOUNT_LOCKED:System.out.println("The error type that indicates the user's account is locked or disabled.");System.out.println("Diagnostimessage:" + exception.getDiagnosticMessage()); LOG.error(exception.getMessage(), exception); JOptionPane.showMessageDialog(null, exception.getResultString(), "ERROR", JOptionPane.ERROR_MESSAGE); break; /** * The error type that indicates the user's password must be changed before * any other operation will be allowed. */ case CHANGE_AFTER_RESET: System.out.println("Theerrortypethatindicatestheuser's password must be changed"); break; /** * The error type that indicates that user password changes aren'tallowed.*/casePASSWORD_MOD_NOT_ALLOWED:System.out.println("The error type that indicates that user password changes aren't allowed.");break;/** * The error type that indicates the user must provide the current password * when attempting to set a new one. */caseMUST_SUPPLY_OLD_PASSWORD:System.out.println("The error type that indicates the user must provide the current password");break;/** * The error type that indicates the proposed password is too weak to be * acceptable. */caseINSUFFICIENT_PASSWORD_QUALITY:System.out.println("The error type that indicates the proposed password is too weak to be acceptable");break;/** * The error type that indicates the proposed password is too short. */casePASSWORD_TOO_SHORT:System.out.println("The error type that indicates the proposed password is too short.");break;/** * The error type that indicates the user's password cannot be changed because * it has not been long enough since it was last changed. */casePASSWORD_TOO_YOUNG:System.out.println("The error type that indicates the user's password cannot be changed because"+"it has not been long enough since it was last changed.");break;/** * The error type that indicates the proposed password is already in the * password history. */casePASSWORD_IN_HISTORY:System.out.println("The error type that indicates the proposed password is already in the password history.");break;}}}}catch(LDAPExceptione){//TODOAuto-generatedcatchblocke.printStackTrace();}}IKnowsthatisalittlebitofftopic,becauseismorerelatedtoApachDsthenthelibrary,butanyhelpwillbereallyappriciated.Regards,Pasquale
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yeah, this is something that you’ll probably have to ask the ApacheDS people. The LDAP SDK can only interpret what the server sends back, and the fact that it’s doing it in some cases does suggest that it’s doing its job. If you think the server should be sending a control back but it isn’t, or if the server is sending a control back that doesn’t contain what you expect to find in it, then that’s a server-side problem, and the LDAP SDK can’t help you there.
The only thing I can help you with is if you think that the server might be sending the information back, but the LDAP SDK isn’t interpreting it correctly. If you think that might be the case, then you can send me a network packet capture that includes the bind response, and I’ll be happy take a look at it to see if it does contain the expected information but encoded in a way that the LDAP SDK doesn’t expect. But since I don’t know anything about ApacheDS, I can’t help you with a problem in which it’s not sending the information at all.
Neil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
thank you any how, Neil.Unfortunately the ApacheDS peoples are not so availbel as you. There is not any discussion channel where to post any problem.
Regards,
Pasquale
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am using the following classes to retrieve the errors and , if any, the warning related tp the Implemented Password Policy. Unfortunately, It returns only the errors :
Password expired and Account locked
The code I used is the following:
Yeah, this is something that you’ll probably have to ask the ApacheDS people. The LDAP SDK can only interpret what the server sends back, and the fact that it’s doing it in some cases does suggest that it’s doing its job. If you think the server should be sending a control back but it isn’t, or if the server is sending a control back that doesn’t contain what you expect to find in it, then that’s a server-side problem, and the LDAP SDK can’t help you there.
The only thing I can help you with is if you think that the server might be sending the information back, but the LDAP SDK isn’t interpreting it correctly. If you think that might be the case, then you can send me a network packet capture that includes the bind response, and I’ll be happy take a look at it to see if it does contain the expected information but encoded in a way that the LDAP SDK doesn’t expect. But since I don’t know anything about ApacheDS, I can’t help you with a problem in which it’s not sending the information at all.
Neil
thank you any how, Neil.Unfortunately the ApacheDS peoples are not so availbel as you. There is not any discussion channel where to post any problem.
Regards,
Pasquale