org.apache.directory.server.core.authn

Class AuthenticationInterceptor

java.lang.Object

org.apache.directory.server.core.api.interceptor.BaseInterceptor

org.apache.directory.server.core.authn.AuthenticationInterceptor

All Implemented Interfaces:

Interceptor

public class AuthenticationInterceptor
extends BaseInterceptor

An Interceptor that authenticates users.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
private static class	AuthenticationInterceptor.PwdModDetailsHolder

Field Summary

Fields

Modifier and Type	Field and Description
private CoreSession	adminSession
private java.util.Set<Authenticator>	authenticators A Set of all the existing Authenticator to be used by the bind operation
private java.util.Map<org.apache.directory.api.ldap.model.constants.AuthenticationLevel,java.util.Collection<Authenticator>>	authenticatorsMapByType A map of authenticators associated with the authentication level required
private static boolean	IS_DEBUG Speedup for logs
private static org.slf4j.Logger	LOG
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdAccountLockedTimeAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdChangedTimeAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdEndTimeAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdFailurTimeAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdGraceUseTimeAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdHistoryAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdLastSuccessAT
private PpolicyConfigContainer	pwdPolicyContainer a container to hold all the ppolicies
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdPolicySubentryAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdResetAT
private org.apache.directory.api.ldap.model.schema.AttributeType	pwdStartTimeAT

Fields inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

directoryService, dnFactory, PWD_POLICY_STATE_ATTRIBUTE_TYPES, schemaManager

Constructor Summary

Constructors

Constructor and Description
AuthenticationInterceptor() Creates an authentication service interceptor.

Method Summary

Modifier and Type	Method and Description
void	add(AddOperationContext addContext) Filters Partition#add( AddOperationContext ) call.
void	bind(BindOperationContext bindContext) Filters Partition#bind( BindOperationContext ) call.
(package private) org.apache.directory.api.ldap.model.entry.Modification	buildPwdHistory(ModifyOperationContext modifyContext, org.apache.directory.api.ldap.model.entry.Attribute pwdHistoryAt, int histSize, byte[] newPassword, boolean isPPolicyReqCtrlPresent) Build the list of passwordHistory
private void	check(OperationContext operationContext, org.apache.directory.api.ldap.model.entry.Entry entry, byte[] password, PasswordPolicyConfiguration policyConfig)
private void	checkAuthenticated(OperationContext operation) Check if the current operation has a valid PrincipalDN or not.
private void	checkChangePwdAllowed(ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, boolean isPPolicyReqCtrlPresent) check that if the password modification is allowed by the PP config, or if the session is the admin.
private void	checkOldPwdRequired(ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig, AuthenticationInterceptor.PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent) If the PP config request it, the old password must be supplied in the modifications.
private void	checkPwdMustChange(ModifyOperationContext modifyContext, CoreSession userSession, AuthenticationInterceptor.PwdModDetailsHolder pwdModDetails, boolean isPPolicyReqCtrlPresent) Check if the password has to be changed, but can't.
private void	checkPwdReset(OperationContext opContext) checks to see if the user's password should be changed before performing any operations other than bind, password update, unbind, abandon or StartTLS
boolean	compare(CompareOperationContext compareContext) Filters DefaultPartitionNexus#compare( CompareOperationContext ) call.
void	delete(DeleteOperationContext deleteContext) Filters Partition#delete( DeleteOperationContext ) call.
void	destroy() Deinitializes and deregisters all Authenticators from this service.
java.util.Set<Authenticator>	getAuthenticators()
private java.util.Collection<Authenticator>	getAuthenticators(org.apache.directory.api.ldap.model.constants.AuthenticationLevel type) Returns the list of Authenticators with the specified type.
private AuthenticationInterceptor.PwdModDetailsHolder	getPwdModDetails(ModifyOperationContext modifyContext, PasswordPolicyConfiguration policyConfig)
PasswordPolicyConfiguration	getPwdPolicy(org.apache.directory.api.ldap.model.entry.Entry userEntry) Gets the effective password policy of the given entry.
PpolicyConfigContainer	getPwdPolicyContainer()
private int	getPwdTimeBeforeExpiry(org.apache.directory.api.ldap.model.entry.Entry userEntry, PasswordPolicyConfiguration policyConfig)
org.apache.directory.api.ldap.model.entry.Entry	getRootDse(GetRootDseOperationContext getRootDseContext) Filters DefaultPartitionNexus#getRootDse( GetRootDseOperationContext ) call.
boolean	hasEntry(HasEntryOperationContext hasEntryContext) Filters Partition#hasEntry( HasEntryOperationContext ) call.
void	init(DirectoryService directoryService) Registers and initializes all Authenticators to this service.
private void	invalidateAuthenticatorCaches(org.apache.directory.api.ldap.model.name.Dn principalDn)
private boolean	isPwdMustReset(org.apache.directory.api.ldap.model.entry.Entry userEntry) checks if the password must be changed after the initial bind
boolean	isPwdPolicyEnabled()
private boolean	isPwdTooYoung(OperationContext operationContext, org.apache.directory.api.ldap.model.entry.Entry userEntry, PasswordPolicyConfiguration policyConfig) checks if the password is too young
void	loadPwdPolicyStateAttributeTypes() Initialize the PasswordPolicy attributeTypes
org.apache.directory.api.ldap.model.entry.Entry	lookup(LookupOperationContext lookupContext) Filters Partition#lookup( LookupOperationContext ) call.
void	modify(ModifyOperationContext modifyContext) Filters Partition#modify( ModifyOperationContext ) call.
void	move(MoveOperationContext moveContext) Filters Partition#move( MoveOperationContext ) call.
void	moveAndRename(MoveAndRenameOperationContext moveAndRenameContext) Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.
private void	processModifyAddPwdAttributes(org.apache.directory.api.ldap.model.entry.Entry entry, java.util.List<org.apache.directory.api.ldap.model.entry.Modification> mods, AuthenticationInterceptor.PwdModDetailsHolder pwdModDetails) Add the passwordPolicy related Attributes from the modified entry
private void	processPasswordPolicydModify(ModifyOperationContext modifyContext) Proceed with the Modification operation when the PasswordPolicy is activated.
private void	processStandardModify(ModifyOperationContext modifyContext) Proceed with the Modification operation when the PasswordPolicy is not activated.
private void	purgeFailureTimes(PasswordPolicyConfiguration config, org.apache.directory.api.ldap.model.entry.Attribute pwdFailTimeAt) purges failure timestamps which are older than the configured interval (section 7.6 in the draft)
private void	register(Authenticator authenticator, DirectoryService directoryService) Initializes the specified Authenticator and registers it to this service.
void	rename(RenameOperationContext renameContext) Filters Partition#rename( RenameOperationContext ) call.
EntryFilteringCursor	search(SearchOperationContext searchContext) Filters Partition#search( SearchOperationContext ) call.
private Authenticator	selectAuthenticator(org.apache.directory.api.ldap.model.name.Dn bindDn, org.apache.directory.api.ldap.model.constants.AuthenticationLevel level) Return the selected authenticator given the DN and the level required.
void	setAuthenticators(Authenticator[] authenticators)
void	setAuthenticators(java.util.Set<Authenticator> authenticators)
private void	setDefaultAuthenticators() Initialize the set of authenticators with some default values
void	setPwdPolicies(PpolicyConfigContainer policyContainer) set all the password policies to be used by the server.
void	setPwdPolicyContainer(PpolicyConfigContainer pwdPolicyContainer)
void	unbind(UnbindOperationContext unbindContext) Filters Partition#unbind( UnbindOperationContext ) call.
private void	validatePasswordLength(java.lang.String password, PasswordPolicyConfiguration policyConfig) validates the length of the password

Methods inherited from class org.apache.directory.server.core.api.interceptor.BaseInterceptor

getName, getNextInterceptor, getPrincipal, next, next, next, next, next, next, next, next, next, next, next, next, next

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

IS_DEBUG

private static final boolean IS_DEBUG

Speedup for logs

authenticators

private java.util.Set<Authenticator> authenticators

A Set of all the existing Authenticator to be used by the bind operation

authenticatorsMapByType

private final java.util.Map<org.apache.directory.api.ldap.model.constants.AuthenticationLevel,java.util.Collection<Authenticator>> authenticatorsMapByType

A map of authenticators associated with the authentication level required

adminSession

private CoreSession adminSession

pwdResetAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdResetAT

pwdChangedTimeAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdChangedTimeAT

pwdHistoryAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdHistoryAT

pwdFailurTimeAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdFailurTimeAT

pwdAccountLockedTimeAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdAccountLockedTimeAT

pwdLastSuccessAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdLastSuccessAT

pwdGraceUseTimeAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdGraceUseTimeAT

pwdPolicySubentryAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdPolicySubentryAT

pwdStartTimeAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdStartTimeAT

pwdEndTimeAT

private org.apache.directory.api.ldap.model.schema.AttributeType pwdEndTimeAT

pwdPolicyContainer

private PpolicyConfigContainer pwdPolicyContainer

a container to hold all the ppolicies

Constructor Detail

AuthenticationInterceptor

public AuthenticationInterceptor()

Creates an authentication service interceptor.

Method Detail

init

public void init(DirectoryService directoryService)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Registers and initializes all Authenticators to this service.

Specified by:

init in interface Interceptor

Overrides:

init in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

setDefaultAuthenticators

private void setDefaultAuthenticators()

Initialize the set of authenticators with some default values

getAuthenticators

public java.util.Set<Authenticator> getAuthenticators()

setAuthenticators

public void setAuthenticators(java.util.Set<Authenticator> authenticators)

Parameters:

authenticators - authenticators to be used by this AuthenticationInterceptor

setAuthenticators

public void setAuthenticators(Authenticator[] authenticators)

Parameters:

authenticators - authenticators to be used by this AuthenticationInterceptor

destroy

public void destroy()

Deinitializes and deregisters all Authenticators from this service.

Specified by:

destroy in interface Interceptor

Overrides:

destroy in class BaseInterceptor

register

private void register(Authenticator authenticator,
                      DirectoryService directoryService)
               throws org.apache.directory.api.ldap.model.exception.LdapException

Initializes the specified Authenticator and registers it to this service.

Parameters:

authenticator - Authenticator to initialize and register by type

directoryService - configuration info to supply to the Authenticator during initialization

Throws:

javax.naming.Exception - if initialization fails.

org.apache.directory.api.ldap.model.exception.LdapException

getAuthenticators

private java.util.Collection<Authenticator> getAuthenticators(org.apache.directory.api.ldap.model.constants.AuthenticationLevel type)

Returns the list of Authenticators with the specified type.

Parameters:

type - type of Authenticator sought

Returns:

A list of Authenticators of the requested type or null if no authenticator is found.

add

public void add(AddOperationContext addContext)
         throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#add( AddOperationContext ) call.

Specified by:

add in interface Interceptor

Overrides:

add in class BaseInterceptor

Parameters:

addContext - The AddOperationContext instance

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If we had some error while processing the Add operation

selectAuthenticator

private Authenticator selectAuthenticator(org.apache.directory.api.ldap.model.name.Dn bindDn,
                                          org.apache.directory.api.ldap.model.constants.AuthenticationLevel level)
                                   throws org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException,
                                          org.apache.directory.api.ldap.model.exception.LdapAuthenticationException

Return the selected authenticator given the DN and the level required.

Throws:

org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException

org.apache.directory.api.ldap.model.exception.LdapAuthenticationException

bind

public void bind(BindOperationContext bindContext)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#bind( BindOperationContext ) call.

Specified by:

bind in interface Interceptor

Overrides:

bind in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

compare

public boolean compare(CompareOperationContext compareContext)
                throws org.apache.directory.api.ldap.model.exception.LdapException

Filters DefaultPartitionNexus#compare( CompareOperationContext ) call.

Specified by:

compare in interface Interceptor

Overrides:

compare in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

delete

public void delete(DeleteOperationContext deleteContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#delete( DeleteOperationContext ) call.

Specified by:

delete in interface Interceptor

Overrides:

delete in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getRootDse

public org.apache.directory.api.ldap.model.entry.Entry getRootDse(GetRootDseOperationContext getRootDseContext)
                                                           throws org.apache.directory.api.ldap.model.exception.LdapException

Filters DefaultPartitionNexus#getRootDse( GetRootDseOperationContext ) call.

Specified by:

getRootDse in interface Interceptor

Overrides:

getRootDse in class BaseInterceptor

Parameters:

getRootDseContext - The getRoot() operation context

Returns:

The RootDSE entry, if found

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If we can't get back the RootDSE entry

hasEntry

public boolean hasEntry(HasEntryOperationContext hasEntryContext)
                 throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#hasEntry( HasEntryOperationContext ) call.

Specified by:

hasEntry in interface Interceptor

Overrides:

hasEntry in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

lookup

public org.apache.directory.api.ldap.model.entry.Entry lookup(LookupOperationContext lookupContext)
                                                       throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#lookup( LookupOperationContext ) call.

Specified by:

lookup in interface Interceptor

Overrides:

lookup in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

invalidateAuthenticatorCaches

private void invalidateAuthenticatorCaches(org.apache.directory.api.ldap.model.name.Dn principalDn)

modify

public void modify(ModifyOperationContext modifyContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#modify( ModifyOperationContext ) call.

Specified by:

modify in interface Interceptor

Overrides:

modify in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

processStandardModify

private void processStandardModify(ModifyOperationContext modifyContext)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Proceed with the Modification operation when the PasswordPolicy is not activated.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

processPasswordPolicydModify

private void processPasswordPolicydModify(ModifyOperationContext modifyContext)
                                   throws org.apache.directory.api.ldap.model.exception.LdapException

Proceed with the Modification operation when the PasswordPolicy is activated.

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

buildPwdHistory

org.apache.directory.api.ldap.model.entry.Modification buildPwdHistory(ModifyOperationContext modifyContext,
                                                                       org.apache.directory.api.ldap.model.entry.Attribute pwdHistoryAt,
                                                                       int histSize,
                                                                       byte[] newPassword,
                                                                       boolean isPPolicyReqCtrlPresent)
                                                                throws org.apache.directory.api.ldap.model.exception.LdapOperationException

Build the list of passwordHistory

Throws:

org.apache.directory.api.ldap.model.exception.LdapOperationException

processModifyAddPwdAttributes

private void processModifyAddPwdAttributes(org.apache.directory.api.ldap.model.entry.Entry entry,
                                           java.util.List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                                           AuthenticationInterceptor.PwdModDetailsHolder pwdModDetails)

Add the passwordPolicy related Attributes from the modified entry

checkPwdMustChange

private void checkPwdMustChange(ModifyOperationContext modifyContext,
                                CoreSession userSession,
                                AuthenticationInterceptor.PwdModDetailsHolder pwdModDetails,
                                boolean isPPolicyReqCtrlPresent)
                         throws org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

Check if the password has to be changed, but can't.

Throws:

org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

checkOldPwdRequired

private void checkOldPwdRequired(ModifyOperationContext modifyContext,
                                 PasswordPolicyConfiguration policyConfig,
                                 AuthenticationInterceptor.PwdModDetailsHolder pwdModDetails,
                                 boolean isPPolicyReqCtrlPresent)
                          throws org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

If the PP config request it, the old password must be supplied in the modifications. Check that it is present.

Throws:

org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

checkChangePwdAllowed

private void checkChangePwdAllowed(ModifyOperationContext modifyContext,
                                   PasswordPolicyConfiguration policyConfig,
                                   boolean isPPolicyReqCtrlPresent)
                            throws org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

check that if the password modification is allowed by the PP config, or if the session is the admin.

Throws:

org.apache.directory.api.ldap.model.exception.LdapNoPermissionException

move

public void move(MoveOperationContext moveContext)
          throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#move( MoveOperationContext ) call.

Specified by:

move in interface Interceptor

Overrides:

move in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

moveAndRename

public void moveAndRename(MoveAndRenameOperationContext moveAndRenameContext)
                   throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#moveAndRename( MoveAndRenameOperationContext) call.

Specified by:

moveAndRename in interface Interceptor

Overrides:

moveAndRename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

rename

public void rename(RenameOperationContext renameContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#rename( RenameOperationContext ) call.

Specified by:

rename in interface Interceptor

Overrides:

rename in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

search

public EntryFilteringCursor search(SearchOperationContext searchContext)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#search( SearchOperationContext ) call.

Specified by:

search in interface Interceptor

Overrides:

search in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

unbind

public void unbind(UnbindOperationContext unbindContext)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Filters Partition#unbind( UnbindOperationContext ) call.

Specified by:

unbind in interface Interceptor

Overrides:

unbind in class BaseInterceptor

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkAuthenticated

private void checkAuthenticated(OperationContext operation)
                         throws org.apache.directory.api.ldap.model.exception.LdapException

Check if the current operation has a valid PrincipalDN or not.

Parameters:

operation - the operation type

Throws:

java.lang.Exception

org.apache.directory.api.ldap.model.exception.LdapException

loadPwdPolicyStateAttributeTypes

public void loadPwdPolicyStateAttributeTypes()
                                      throws org.apache.directory.api.ldap.model.exception.LdapException

Initialize the PasswordPolicy attributeTypes

Throws:

org.apache.directory.api.ldap.model.exception.LdapException - If the initialization failed

check

private void check(OperationContext operationContext,
                   org.apache.directory.api.ldap.model.entry.Entry entry,
                   byte[] password,
                   PasswordPolicyConfiguration policyConfig)
            throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

validatePasswordLength

private void validatePasswordLength(java.lang.String password,
                                    PasswordPolicyConfiguration policyConfig)
                             throws PasswordPolicyException

validates the length of the password

Throws:

PasswordPolicyException

getPwdTimeBeforeExpiry

private int getPwdTimeBeforeExpiry(org.apache.directory.api.ldap.model.entry.Entry userEntry,
                                   PasswordPolicyConfiguration policyConfig)
                            throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

isPwdTooYoung

private boolean isPwdTooYoung(OperationContext operationContext,
                              org.apache.directory.api.ldap.model.entry.Entry userEntry,
                              PasswordPolicyConfiguration policyConfig)
                       throws org.apache.directory.api.ldap.model.exception.LdapException

checks if the password is too young

Parameters:

userEntry - the user's entry

Returns:

true if the password is young, false otherwise

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

isPwdMustReset

private boolean isPwdMustReset(org.apache.directory.api.ldap.model.entry.Entry userEntry)
                        throws org.apache.directory.api.ldap.model.exception.LdapException

checks if the password must be changed after the initial bind

Parameters:

userEntry - the user's entry

Returns:

true if must be changed, false otherwise

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getPwdModDetails

private AuthenticationInterceptor.PwdModDetailsHolder getPwdModDetails(ModifyOperationContext modifyContext,
                                                                       PasswordPolicyConfiguration policyConfig)
                                                                throws org.apache.directory.api.ldap.model.exception.LdapException

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

checkPwdReset

private void checkPwdReset(OperationContext opContext)
                    throws org.apache.directory.api.ldap.model.exception.LdapException

checks to see if the user's password should be changed before performing any operations other than bind, password update, unbind, abandon or StartTLS

Parameters:

opContext - the operation's context

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

getPwdPolicy

public PasswordPolicyConfiguration getPwdPolicy(org.apache.directory.api.ldap.model.entry.Entry userEntry)
                                         throws org.apache.directory.api.ldap.model.exception.LdapException

Gets the effective password policy of the given entry. If the entry has defined a custom password policy by setting "pwdPolicySubentry" attribute then the password policy associated with the Dn specified at the above attribute's value will be returned. Otherwise the default password policy will be returned (if present)

Parameters:

userEntry - the user's entry

Returns:

the associated password policy

Throws:

org.apache.directory.api.ldap.model.exception.LdapException

setPwdPolicies

public void setPwdPolicies(PpolicyConfigContainer policyContainer)

set all the password policies to be used by the server. This includes a default(i.e applicable to all entries) and custom(a.k.a per user) password policies

Parameters:

policyContainer - the container holding all the password policies

isPwdPolicyEnabled

public boolean isPwdPolicyEnabled()

getPwdPolicyContainer

public PpolicyConfigContainer getPwdPolicyContainer()

Returns:

the pwdPolicyContainer

setPwdPolicyContainer

public void setPwdPolicyContainer(PpolicyConfigContainer pwdPolicyContainer)

Parameters:

pwdPolicyContainer - the pwdPolicyContainer to set

purgeFailureTimes

private void purgeFailureTimes(PasswordPolicyConfiguration config,
                               org.apache.directory.api.ldap.model.entry.Attribute pwdFailTimeAt)

purges failure timestamps which are older than the configured interval (section 7.6 in the draft)