external-software/github_OpenIdentityPlatform_OpenDJ.git - g.central-computer.de

external-software / github_OpenIdentityPlatform_OpenDJ

mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git

blame | history | patch | commit | commitdiff | ignore whitespace

Support alternate root DN in userdn bind rule keyword. Issue 1578.

dugan

21.06.2007 d8c50b65f285ddc2aec2ee76a9bba7ba4702e4ce

 opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java

@@ -32,6 +32,7 @@

import java.util.*;
import org.opends.server.types.*;
import org.opends.server.core.DirectoryServer;

/**
 * This class represents the userdn keyword in a bind rule.
@@ -250,6 +251,20 @@
                    DN dn = url.getBaseDN();
                    if (clientDN.equals(dn))
                        matched = EnumEvalResult.TRUE;
                    else {
                        //This code handles the case where a root dn entry does
                        //not have bypass-acl privilege and the ACI bind rule
                        //userdn DN possible is an alternate root DN.
                        DN actualDN=DirectoryServer.getActualRootBindDN(dn);
                        DN clientActualDN=
                                DirectoryServer.getActualRootBindDN(clientDN);
                        if(actualDN != null)
                            dn=actualDN;
                        if(clientActualDN != null)
                            clientDN=clientActualDN;
                        if(clientDN.equals(dn))
                            matched=EnumEvalResult.TRUE;
                    }
                } catch (DirectoryException ex) {
                    //TODO add message
                }