Source code

001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2010 Sun Microsystems, Inc.
025 *      Portions Copyright 2011-2015 ForgeRock AS.
026 */
027package org.opends.server.extensions;
028
029import org.forgerock.i18n.LocalizableMessage;
030import org.forgerock.i18n.slf4j.LocalizedLogger;
031import org.forgerock.opendj.ldap.ResultCode;
032import org.opends.server.admin.std.server.
033        PasswordPolicySubentryVirtualAttributeCfg;
034import org.opends.server.api.AuthenticationPolicy;
035import org.opends.server.api.VirtualAttributeProvider;
036import org.opends.server.core.SearchOperation;
037import org.opends.server.types.*;
038import static org.opends.messages.ExtensionMessages.*;
039
040/**
041 * This class implements a virtual attribute provider to serve
042 * the pwdPolicySubentry operational attribute as described in
043 * Password Policy for LDAP Directories Internet-Draft.
044 */
045public class PasswordPolicySubentryVirtualAttributeProvider
046        extends VirtualAttributeProvider<
047        PasswordPolicySubentryVirtualAttributeCfg>
048{
049  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
050
051  /**
052   * Creates a new instance of this pwdPolicySubentry
053   * virtual attribute provider.
054   */
055  public PasswordPolicySubentryVirtualAttributeProvider()
056  {
057    super();
058
059    // All initialization should be performed in the
060    // initializeVirtualAttributeProvider method.
061  }
062
063  /** {@inheritDoc} */
064  @Override
065  public boolean isMultiValued()
066  {
067    return false;
068  }
069
070  /** {@inheritDoc} */
071  @Override
072  public Attribute getValues(Entry entry, VirtualAttributeRule rule)
073  {
074    if (!entry.isSubentry() && !entry.isLDAPSubentry())
075    {
076      AuthenticationPolicy policy = null;
077
078      try
079      {
080        policy = AuthenticationPolicy.forUser(entry, false);
081      }
082      catch (DirectoryException de)
083      {
084        // Something went wrong while trying to
085        // retrieve password policy, log this.
086        logger.error(de.getMessageObject());
087
088        logger.traceException(de, "Failed to retrieve password policy for user %s",
089            entry.getName());
090      }
091
092      if (policy == null)
093      {
094        // No authentication policy: debug log this as an error since all
095        // entries should have at least the default password policy.
096        logger.trace("No applicable password policy for user %s", entry.getName());
097      }
098      else if (policy.isPasswordPolicy())
099      {
100        return Attributes.create(rule.getAttributeType(),
101            policy.getDN().toString());
102      }
103      else
104      {
105        // Not a password policy, could be PTA, etc.
106        if (logger.isTraceEnabled())
107        {
108          logger.trace("Authentication policy %s found for user %s is "
109              + "not a password policy", policy.getDN(), entry.getName());
110        }
111      }
112    }
113
114    return Attributes.empty(rule.getAttributeType());
115  }
116
117  /** {@inheritDoc} */
118  @Override
119  public boolean isSearchable(VirtualAttributeRule rule,
120                              SearchOperation searchOperation,
121                              boolean isPreIndexed)
122  {
123    return false;
124  }
125
126  /** {@inheritDoc} */
127  @Override
128  public void processSearch(VirtualAttributeRule rule,
129                            SearchOperation searchOperation)
130  {
131    searchOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
132
133    LocalizableMessage message =
134            ERR_PASSWORDPOLICYSUBENTRY_VATTR_NOT_SEARCHABLE.get(
135            rule.getAttributeType().getNameOrOID());
136    searchOperation.appendErrorMessage(message);
137  }
138}