/** * checks to see if the user's password should be changed before performing any operations * other than bind, password update, unbind, abandon or StartTLS * * @param opContext the operation's context * @throws LdapException */ private void checkPwdReset( OperationContext opContext ) throws LdapException { if ( directoryService.isPwdPolicyEnabled() ) { CoreSession session = opContext.getSession(); if ( session.isPwdMustChange() ) { boolean isPPolicyReqCtrlPresent = opContext .hasRequestControl( PasswordPolicy.OID ); if ( isPPolicyReqCtrlPresent ) { PasswordPolicyDecorator pwdRespCtrl = new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true ); pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET ); opContext.addResponseControl( pwdRespCtrl ); } throw new LdapNoPermissionException( "password needs to be reset before performing this operation" ); } } }