Skip to content

Commit

Permalink
Add a verify password extended request
Browse files Browse the repository at this point in the history
Added client-side support for a new verify password extended request
that may be used in the Ping Identity Directory Server to determine
whether a provided password is correct for a given user without
performing any other password policy processing.  This extended
operation may only be used under a limited set of circumstances.
  • Loading branch information
dirmgr committed Apr 28, 2024
1 parent 09f70ea commit 858ec6c
Show file tree
Hide file tree
Showing 7 changed files with 698 additions and 0 deletions.
5 changes: 5 additions & 0 deletions docs/ldap-oid-reference.html
Original file line number Diff line number Diff line change
Expand Up @@ -3540,6 +3540,11 @@ <h2>LDAP OID Reference</h2>
<td>Purge Retired Inter-Server Certificates Extended Operation</td>
<td>Ping Identity Directory Server</td>
</tr>
<tr>
<td>1.3.6.1.4.1.30221.2.6.72</td>
<td>Verify Password Extended Request</td>
<td>Ping Identity Directory Server</td>
</tr>
<tr>
<td>1.3.6.1.4.1.30221.2.10.3.1</td>
<td><tt>access-control-disabled</tt> Administrative Alert</td>
Expand Down
9 changes: 9 additions & 0 deletions docs/release-notes.html
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,15 @@ <h3>Version 7.0.1</h3>
<br><br>
</li>

<li>
Added client-side support for a new verify password extended request that may be
used in the Ping Identity Directory Server to determine whether a provided
password is correct for a given user without performing any other password policy
processing. This extended operation may only be used under a limited set of
circumstances.
<br><br>
</li>

<li>
Updated the OID registry to include records for a number of collation matching
rules.
Expand Down
13 changes: 13 additions & 0 deletions messages/unboundid-ldapsdk-unboundid-extop.properties
Original file line number Diff line number Diff line change
Expand Up @@ -932,3 +932,16 @@ ERR_TB_DECODE_UNRECOGNIZED_TYPE=Unable to decode an encoded trust behavior \
ERR_REPLACE_CERT_RESULT_CANNOT_DECODE_VALUE=An error occurred while \
attempting to decode the value of the replace certificate extended result: \
{0}
ERR_VERIFY_PASSWORD_REQUEST_NO_VALUE=Unable to decode the provided extended \
request as a verify password request because the provided request does not \
have a value.
ERR_VERIFY_PASSWORD_REQUEST_CANNOT_DECODE_VALUE=Unable to decode the provided \
extended request as a verify password request because an error occurred \
while attempting to decode the value for the request.
ERR_VERIFY_PASSWORD_REQUEST_MISSING_FIELD=Unable to decode the provided \
extended request as a verify password request because the request value \
is missing the required ''{0}'' field.
ERR_VERIFY_PASSWORD_REQUEST_EMPTY_FIELD=Unable to decode the provided \
extended request as a verify password request because the request value \
has an empty ''{0}'' field.
INFO_EXTENDED_REQUEST_NAME_VERIFY_PASSWORD=Verify Password Extended Request
1 change: 1 addition & 0 deletions resource/oid-registry.json
Original file line number Diff line number Diff line change
Expand Up @@ -702,6 +702,7 @@
{ "oid":"1.3.6.1.4.1.30221.2.6.69", "name":"Replace Inter-Server Certificate", "type":"Extended Operation", "origin":"Ping Identity Directory Server" }
{ "oid":"1.3.6.1.4.1.30221.2.6.70", "name":"Purge Retired Listener Certificates", "type":"Extended Operation", "origin":"Ping Identity Directory Server" }
{ "oid":"1.3.6.1.4.1.30221.2.6.71", "name":"Purge Retired Inter-Server Certificates", "type":"Extended Operation", "origin":"Ping Identity Directory Server" }
{ "oid":"1.3.6.1.4.1.30221.2.6.72", "name":"Verify Password", "type":"Extended Request", "origin":"Ping Identity Directory Server" }
{ "oid":"1.3.6.1.4.1.30221.2.10.3.1", "name":"access-control-disabled", "type":"Administrative Alert", "origin":"Ping Identity Directory Server" }
{ "oid":"1.3.6.1.4.1.30221.2.10.3.2", "name":"access-control-enabled", "type":"Administrative Alert", "origin":"Ping Identity Directory Server" }
{ "oid":"1.3.6.1.4.1.30221.2.10.3.3", "name":"access-control-parse-failure", "type":"Administrative Alert", "origin":"Ping Identity Directory Server" }
Expand Down
2 changes: 2 additions & 0 deletions src/com/unboundid/ldap/listener/InMemoryRequestHandler.java
Original file line number Diff line number Diff line change
Expand Up @@ -2984,6 +2984,8 @@ public LDAPMessage processModifyDNRequest(final int messageID,

try (WriteLock writeLock = readWriteLock.lockWrite())
{
writeLock.avoidCompilerWarning();

// Process the provided request controls.
final Map<String,Control> controlMap;
try
Expand Down
Loading

0 comments on commit 858ec6c

Please sign in to comment.