Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7664

Return the associated ldap attribute in password quality advice

    XMLWordPrintable

    Details

      Description

      In order to build a structured policy response which aligns with IDM, the ldap attribute associated with the "passwordQualityAdvice" should be returned.

      IDM needs to return the IDM property associated with the DS ldap attribute. We can look up the IDM property on the IDM side by using this DS ldap attribute if it is returned.

      For example, this IDM policy result shows where we return a "property".

      {
        "result": false,
        "failedPolicyRequirements": [
          {
            "policyRequirements": [
              {
                "policyRequirement": "MIN_LENGTH",
                "params": {
                  "minLength": 8
                }
              }
            ],
            "property": "password"
          },
          {
            "policyRequirements": [
              {
                "policyRequirement": "AT_LEAST_X_CAPITAL_LETTERS",
                "params": {
                  "numCaps": 1
                }
              }
            ],
            "property": "password"
          }
        ]
      }
      

      The following DS policy result should return something like "attribute" : "theLdapAttributeUsedForPasswordAttribute" in the "passwordQualityAdvice"

      {
          "code": 400,
          "detail": {
              "passwordQualityAdvice": {
                  "attribute": "userPassword",
                  "failingCriteria": [
                      {
                          "parameters": {
                              "case-sensitive-validation": false,
                              "check-substrings": false,
                              "min-substring-length": 0,
                              "test-reversed-password": false
                          },
                          "type": "dictionary"
                      }
                  ],
                  "passingCriteria": [
                      {
                          "parameters": {
                              "max-password-length": 0,
                              "min-password-length": 8
                          },
                          "type": "length-based"
                      }
                  ]
              }
          },
          "message": "Constraint Violation: The provided new password failed the validation checks defined in the server: The provided password contained a word from the server's dictionary",
          "reason": "Bad Request"
      }
      

        Attachments

          Issue Links

            Activity

              People

              cforel carole forel
              katie.gonzalez Katie Gonzalez
              Jean-Noël Rouvignac Jean-Noël Rouvignac
              carole forel carole forel
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: