external-software/github_OpenIdentityPlatform_OpenDJ.git

OPENDJ-1368 (CR-3157) Remove AttributeValue

Jean-Noel Rouvignac

11.42.2014 a90890af51b755a0a6862a32306b1a979d5a9612

 opendj3-server-dev/src/server/org/opends/server/api/AuthenticationPolicyState.java

@@ -24,28 +24,23 @@
 *      Portions Copyright 2011-2014 ForgeRock AS.
 *      Portions Copyright 2014 ForgeRock AS
 */

package org.opends.server.api;



import java.util.List;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.core.DirectoryServer;
import org.opends.server.schema.GeneralizedTimeSyntax;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;

import static org.opends.messages.CoreMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.util.StaticUtils.*;



/**
 * The authentication policy context associated with a user's entry, which is
 * responsible for managing the user's account, their password, as well as
@@ -206,8 +201,9 @@
        final AttributeValue v = a.iterator().next();
        try
        {
          timeValue = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(v
              .getNormalizedValue());
          EqualityMatchingRule rule = attributeType.getEqualityMatchingRule();
          ByteString normValue = rule.normalizeAttributeValue(v.getValue());
          timeValue = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(normValue);
        }
        catch (final Exception e)
        {

 opendj3-server-dev/src/server/org/opends/server/authorization/dseecompat/PatternRDN.java

@@ -33,6 +33,7 @@
import java.util.Iterator;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.ResultCode;
@@ -49,6 +50,9 @@
 */
public class PatternRDN
{

  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();

  /**
   * Indicate whether the RDN contains a wildcard in any of its attribute
   * types.
@@ -269,59 +273,43 @@

    try
    {
      if (pattern.size() > 1)
      if (pattern.size() == 1)
      {
        // Handle this just like a substring filter.
        // Handle this just like an equality filter.
        EqualityMatchingRule rule = type.getEqualityMatchingRule();
        ByteString thatNormValue = rule.normalizeAttributeValue(value.getValue());
        return rule.getAssertion(pattern.get(0)).matches(thatNormValue).toBoolean();
      }

        ByteString subInitial = pattern.get(0);
        if (subInitial.length() == 0)
        {
          subInitial = null;
        }
      // Handle this just like a substring filter.
      ByteString subInitial = pattern.get(0);
      if (subInitial.length() == 0)
      {
        subInitial = null;
      }

        ByteString subFinal = pattern.get(pattern.size() - 1);
        if (subFinal.length() == 0)
        {
          subFinal = null;
        }
      ByteString subFinal = pattern.get(pattern.size() - 1);
      if (subFinal.length() == 0)
      {
        subFinal = null;
      }

        List<ByteString> subAnyElements;
        if (pattern.size() > 2)
        {
          subAnyElements = pattern.subList(1, pattern.size()-1);
        }
        else
        {
          subAnyElements = null;
        }

        Attribute attr = Attributes.create(type, value);
        switch (attr.matchesSubstring(subInitial, subAnyElements, subFinal))
        {
          case TRUE:
            return true;

          case FALSE:
          case UNDEFINED:
          default:
            return false;
        }
      List<ByteString> subAnyElements;
      if (pattern.size() > 2)
      {
        subAnyElements = pattern.subList(1, pattern.size()-1);
      }
      else
      {
        ByteString thisNormValue =
            type.getEqualityMatchingRule().normalizeAttributeValue(pattern.get(0));
        ByteString thatNormValue = value.getNormalizedValue();
        EqualityMatchingRule mr = type.getEqualityMatchingRule();
        return mr.areEqual(thisNormValue, thatNormValue);
        subAnyElements = null;
      }

      Attribute attr = Attributes.create(type, value);
      return attr.matchesSubstring(subInitial, subAnyElements, subFinal).toBoolean();
    }
    catch (DecodeException e)
    {
      return false;
    }
    catch (DirectoryException e)
    {
      logger.traceException(e);
      return false;
    }
  }

 opendj3-server-dev/src/server/org/opends/server/backends/jeb/AttributeIndex.java

@@ -2223,9 +2223,10 @@
      try
      {
        // Make a key from the normalized assertion value.
        byte[] keyBytes =
          extensibleFilter.getAssertionValue().getNormalizedValue().
          toByteArray();
        MatchingRule rule =
            extensibleFilter.getAttributeType().getEqualityMatchingRule();
        ByteString value = extensibleFilter.getAssertionValue().getValue();
        byte[] keyBytes = rule.normalizeAssertionValue(value).toByteArray();
        DatabaseEntry key = new DatabaseEntry(keyBytes);

        if(debugBuffer != null)
@@ -2265,7 +2266,7 @@
        }
        return idSet;
      }
      catch (DirectoryException e)
      catch (DecodeException e)
      {
        logger.traceException(e);
        return IndexQuery.createNullIndexQuery().evaluate(null);

 opendj3-server-dev/src/server/org/opends/server/backends/jeb/VerifyJob.java

@@ -34,9 +34,8 @@
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.api.ApproximateMatchingRule;
import org.opends.server.api.EqualityMatchingRule;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.OrderingMatchingRule;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.*;
import org.opends.server.util.ServerConstants;
@@ -1629,18 +1628,20 @@

    for (Attribute attr : attrList)
    {
      final AttributeType attrType = attr.getAttributeType();
      EqualityMatchingRule equalityRule = attrType.getEqualityMatchingRule();
      for (AttributeValue value : attr)
      {
        byte[] normalizedBytes = value.getNormalizedValue().toByteArray();
        final ByteString bsValue = value.getValue();
        byte[] normalizedBytes = normalize(equalityRule, bsValue);

        // Equality index.
        if (equalityIndex != null)
        {
          // TODO JNR reuse DatabaseEntry object for all indexes?
          DatabaseEntry key = new DatabaseEntry(normalizedBytes);
          verifyAttributeInIndex(equalityIndex, txn, key, entryID);
        }

        // Substring index.
        if (substringIndex != null)
        {
          Set<ByteString> keyBytesSet =
@@ -1653,28 +1654,16 @@
          }
        }

        // Ordering index.
        if (orderingIndex != null)
        {
          // Use the ordering matching rule to normalize the value.
          OrderingMatchingRule orderingRule =
              attr.getAttributeType().getOrderingMatchingRule();

          normalizedBytes = normalizeAttributeValue(orderingRule, value);

          normalizedBytes = normalize(attrType.getOrderingMatchingRule(), bsValue);
          DatabaseEntry key = new DatabaseEntry(normalizedBytes);
          verifyAttributeInIndex(orderingIndex, txn, key, entryID);
        }

        // Approximate index.
        if (approximateIndex != null)
        {
          // Use the approximate matching rule to normalize the value.
          ApproximateMatchingRule approximateRule =
              attr.getAttributeType().getApproximateMatchingRule();

          normalizedBytes = normalizeAttributeValue(approximateRule, value);

          normalizedBytes = normalize(attrType.getApproximateMatchingRule(), bsValue);
          DatabaseEntry key = new DatabaseEntry(normalizedBytes);
          verifyAttributeInIndex(approximateIndex, txn, key, entryID);
        }
@@ -1717,13 +1706,12 @@
    }
  }

  private byte[] normalizeAttributeValue(MatchingRule matchingRule,
      AttributeValue value) throws DirectoryException
  private byte[] normalize(MatchingRule matchingRule,
      ByteString value) throws DirectoryException
  {
    try
    {
      return matchingRule.normalizeAttributeValue(value.getValue())
          .toByteArray();
      return matchingRule.normalizeAttributeValue(value).toByteArray();
    }
    catch (DecodeException e)
    {

 opendj3-server-dev/src/server/org/opends/server/controls/MatchedValuesFilter.java

@@ -39,6 +39,7 @@
import org.forgerock.opendj.ldap.ByteSequence;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.util.Reject;
import org.opends.server.api.ApproximateMatchingRule;
import org.opends.server.api.EqualityMatchingRule;
@@ -1302,11 +1303,11 @@
        {
          try
          {
            return equalityMatchingRule.areEqual(
              equalityMatchingRule.normalizeAssertionValue(rawAssertionValue),
              value.getNormalizedValue());
            final ByteString normValue = equalityMatchingRule.normalizeAttributeValue(value.getValue());
            final Assertion assertion = equalityMatchingRule.getAssertion(rawAssertionValue);
            return assertion.matches(normValue).toBoolean();
          }
          catch (Exception e)
          catch (DecodeException e)
          {
            logger.traceException(e);
          }
@@ -1432,7 +1433,6 @@
          catch (Exception e)
          {
            logger.traceException(e);

            return false;
          }
        }
@@ -1445,14 +1445,12 @@

          try
          {
            return equalityMatchingRule.areEqual(
              equalityMatchingRule.normalizeAssertionValue(rawAssertionValue),
              value.getNormalizedValue());
            ByteString normValue = equalityMatchingRule.normalizeAttributeValue(value.getValue());
            return equalityMatchingRule.getAssertion(rawAssertionValue).matches(normValue).toBoolean();
          }
          catch (Exception e)
          {
            logger.traceException(e);

            return false;
          }
        }

 opendj3-server-dev/src/server/org/opends/server/core/PasswordPolicyState.java

@@ -26,8 +26,6 @@
 */
package org.opends.server.core;



import java.text.SimpleDateFormat;
import java.util.*;

@@ -37,6 +35,7 @@
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.api.*;
import org.opends.server.protocols.internal.InternalClientConnection;
@@ -45,15 +44,12 @@
import org.opends.server.schema.GeneralizedTimeSyntax;
import org.opends.server.schema.UserPasswordSyntax;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;

import static org.opends.messages.CoreMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.schema.SchemaConstants.*;
import static org.opends.server.util.StaticUtils.*;



/**
 * This class provides a data structure for holding password policy state
 * information for a user account.
@@ -226,14 +222,15 @@
    List<Attribute> attrList = userEntry.getAttribute(attributeType);
    if (attrList != null)
    {
      final MatchingRule rule = attributeType.getEqualityMatchingRule();
      for (Attribute a : attrList)
      {
        for (AttributeValue v : a)
        {
          try
          {
            timeValues.add(GeneralizedTimeSyntax.decodeGeneralizedTimeValue(
                                                       v.getNormalizedValue()));
            ByteString normValue = rule.normalizeAttributeValue(v.getValue());
            timeValues.add(GeneralizedTimeSyntax.decodeGeneralizedTimeValue(normValue));
          }
          catch (Exception e)
          {

 opendj3-server-dev/src/server/org/opends/server/extensions/EntryDNVirtualAttributeProvider.java

@@ -31,8 +31,10 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.admin.std.server.EntryDNVirtualAttributeCfg;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.VirtualAttributeProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.SearchOperation;
@@ -94,14 +96,15 @@
  {
    try
    {
      String normalizedDN    = entry.getName().toNormalizedString();
      String normalizedValue = value.getNormalizedValue().toString();
      MatchingRule eqRule = rule.getAttributeType().getEqualityMatchingRule();
      ByteString dn = ByteString.valueOf(entry.getName().toString());
      ByteString normalizedDN = eqRule.normalizeAttributeValue(dn);
      ByteString normalizedValue = eqRule.normalizeAttributeValue(value.getValue());
      return normalizedDN.equals(normalizedValue);
    }
    catch (Exception e)
    catch (DecodeException e)
    {
      logger.traceException(e);

      return false;
    }
  }

 opendj3-server-dev/src/server/org/opends/server/extensions/EntryUUIDVirtualAttributeProvider.java

@@ -35,11 +35,15 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.admin.std.server.EntryUUIDVirtualAttributeCfg;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.VirtualAttributeProvider;
import org.opends.server.core.SearchOperation;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.types.AttributeValue;
import org.opends.server.types.AttributeValues;
import org.opends.server.types.Entry;
import org.opends.server.types.VirtualAttributeRule;

import static org.opends.messages.ExtensionMessages.*;
import static org.opends.server.util.StaticUtils.*;
@@ -102,19 +106,20 @@
  public boolean hasValue(Entry entry, VirtualAttributeRule rule,
                          AttributeValue value)
  {
    MatchingRule matchingRule =
        rule.getAttributeType().getEqualityMatchingRule();
    try
    {
      String normalizedDN = entry.getName().toNormalizedString();
      String uuidString =
           UUID.nameUUIDFromBytes(getBytes(normalizedDN)).toString();

      String normalizedValue = value.getNormalizedValue().toString();
      return uuidString.equals(normalizedValue);
      ByteString normValue = matchingRule.normalizeAttributeValue(value.getValue());
      return uuidString.equals(normValue.toString());
    }
    catch (Exception e)
    {
      logger.traceException(e);

      return false;
    }
  }

 opendj3-server-dev/src/server/org/opends/server/extensions/HasSubordinatesVirtualAttributeProvider.java

@@ -34,13 +34,14 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.admin.std.server.HasSubordinatesVirtualAttributeCfg;
import org.opends.server.api.Backend;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.VirtualAttributeProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.SearchOperation;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;

import static org.opends.messages.ExtensionMessages.*;

@@ -106,7 +107,7 @@
    try
    {
      ConditionResult ret = backend.hasSubordinates(entry.getName());
       return ret != null && ret != ConditionResult.UNDEFINED;
      return ret != null && ret != ConditionResult.UNDEFINED;
    }
    catch(DirectoryException de)
    {
@@ -121,20 +122,22 @@
  public boolean hasValue(Entry entry, VirtualAttributeRule rule,
                          AttributeValue value)
  {
     Backend backend = DirectoryServer.getBackend(entry.getName());
    Backend backend = DirectoryServer.getBackend(entry.getName());
    MatchingRule matchingRule =
        rule.getAttributeType().getEqualityMatchingRule();

    try
    {
      ByteString normValue =
          matchingRule.normalizeAttributeValue(value.getValue());
      ConditionResult ret = backend.hasSubordinates(entry.getName());
      return ret != null
          && ret != ConditionResult.UNDEFINED
          && ConditionResult.valueOf(value.getNormalizedValue().toString())
              .equals(ret);
          && ConditionResult.valueOf(normValue.toString()).equals(ret);
    }
    catch(DirectoryException de)
    catch (Exception de)
    {
      logger.traceException(de);

      return false;
    }
  }

 opendj3-server-dev/src/server/org/opends/server/extensions/LDAPPassThroughAuthenticationPolicyFactory.java

@@ -1844,17 +1844,26 @@
              // Ignore any attributes with options.
              if (!attribute.hasOptions())
              {
                MatchingRule rule =
                    attribute.getAttributeType().getEqualityMatchingRule();
                for (AttributeValue value : attribute)
                {
                  try
                  {
                    ByteString normValue =
                        rule.normalizeAttributeValue(value.getValue());
                    long cachedPasswordTime = GeneralizedTimeSyntax
                        .decodeGeneralizedTimeValue(value.getNormalizedValue());
                            .decodeGeneralizedTimeValue(normValue);
                    long currentTime = provider.getCurrentTimeMS();
                    long expiryTime = cachedPasswordTime
                        + (cfg.getCachedPasswordTTL() * 1000);
                    foundValidCachedPasswordTime = (expiryTime > currentTime);
                  }
                  catch (DecodeException e)
                  {
                    // Fall-through and give up immediately.
                    logger.traceException(e);
                  }
                  catch (DirectoryException e)
                  {
                    // Fall-through and give up immediately.

 opendj3-server-dev/src/server/org/opends/server/plugins/ReferentialIntegrityPlugin.java

@@ -36,7 +36,6 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
@@ -48,6 +47,7 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.meta.PluginCfgDefn;
@@ -56,6 +56,7 @@
import org.opends.server.admin.std.server.ReferentialIntegrityPluginCfg;
import org.opends.server.api.Backend;
import org.opends.server.api.DirectoryThread;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.ServerShutdownListener;
import org.opends.server.api.plugin.DirectoryServerPlugin;
import org.opends.server.api.plugin.PluginResult;
@@ -67,7 +68,6 @@
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.types.operation.SubordinateModifyDNOperation;
import org.opends.server.types.operation.PostOperationModifyDNOperation;
import org.opends.server.types.operation.PostOperationDeleteOperation;
@@ -1231,25 +1231,21 @@
   * @param entryDN DN of the entry which contains the <CODE>attr</CODE>
   *                attribute.
   * @return        The SUCCESS if the integrity is maintained or
   *                CONSTRAINT_VIOLATION oherwise
   *                CONSTRAINT_VIOLATION otherwise
   */
  private PluginResult.PreOperation isIntegrityMaintained(Attribute attr,
                                                          DN entryDN,
                                                          DN entryBaseDN)
  {
    /* Iterate over the list of attributes */

    Iterator<AttributeValue> attrValIt = attr.iterator();

    final MatchingRule rule = attr.getAttributeType().getEqualityMatchingRule();
    try
    {
      while (attrValIt.hasNext())
      for (AttributeValue attrVal : attr)
      {
        AttributeValue attrVal = attrValIt.next();
        Entry valueEntry = null;
        DN valueEntryDN =
            DN.decode(rule.normalizeAttributeValue(attrVal.getValue()));

        DN valueEntryDN = DN.decode(attrVal.getNormalizedValue());

        final Entry valueEntry;
        if (currentConfiguration.getCheckReferencesScopeCriteria()
          == CheckReferencesScopeCriteria.NAMING_CONTEXT)
        {
@@ -1270,9 +1266,7 @@
          valueEntry = DirectoryServer.getEntry(valueEntryDN);
        }

        /* Verify that the value entry exists in the backend.
         */

        // Verify that the value entry exists in the backend.
        if (valueEntry == null)
        {
          return PluginResult.PreOperation.stopProcessing(
@@ -1281,9 +1275,7 @@
                valueEntryDN, attr.getName(), entryDN));
        }

        /* Verify that the value entry conforms to the filter.
         */

        // Verify that the value entry conforms to the filter.
        SearchFilter filter = attrFiltMap.get(attr.getAttributeType());
        if (filter != null && !filter.matchesEntry(valueEntry))
        {
@@ -1294,7 +1286,7 @@
        }
      }
    }
    catch (DirectoryException de)
    catch (Exception de)
    {
      return PluginResult.PreOperation.stopProcessing(
        ResultCode.OTHER,

 opendj3-server-dev/src/server/org/opends/server/replication/plugin/ExternalChangelogDomain.java

@@ -29,13 +29,14 @@
import java.util.List;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.admin.server.ConfigurationAddListener;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.server.ConfigurationDeleteListener;
import org.opends.server.admin.std.server.ExternalChangelogDomainCfg;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.types.RDN;

/**
 * This class specifies the external changelog feature for a replication
@@ -67,25 +68,15 @@
  }


  /**
   * {@inheritDoc}
   */
  /** {@inheritDoc} */
  @Override
  public ConfigChangeResult applyConfigurationAdd(
      ExternalChangelogDomainCfg configuration)
  {
    try
    final ConfigChangeResult ccr = setDomain(configuration);
    if (ccr != null)
    {
      if (domain==null)
      {
        DN rdns = DN.decode(
            configuration.dn().parent().rdn().getAttributeValue(0).
            getNormalizedValue());
        domain = MultimasterReplication.findDomain(rdns, null);
      }
    }
    catch (Exception e)
    {
      return new ConfigChangeResult(ResultCode.CONSTRAINT_VIOLATION, false);
      return ccr;
    }

    this.isEnabled = configuration.isEnabled();
@@ -96,9 +87,8 @@
  }


  /**
   * {@inheritDoc}
   */
  /** {@inheritDoc} */
  @Override
  public ConfigChangeResult applyConfigurationChange(
      ExternalChangelogDomainCfg configuration)
  {
@@ -108,20 +98,29 @@
    // - after dsconfig set-external-changelog-domain-prop --add ecl-include:xx
    //   configuration contains attribute xx and the previous list
    // Hence in all cases, it is the complete list of attributes.
    final ConfigChangeResult ccr = setDomain(configuration);
    if (ccr != null)
    {
      return ccr;
    }

    this.isEnabled = configuration.isEnabled();
    domain.changeConfig(configuration.getECLInclude(),
        configuration.getECLIncludeForDeletes());
    return new ConfigChangeResult(ResultCode.SUCCESS, false);
  }

  private ConfigChangeResult setDomain(ExternalChangelogDomainCfg configuration)
  {
    try
    {
      if (domain==null)
      {
        DN rdns = DN.decode(
            configuration.dn().parent().rdn().getAttributeValue(0).
              getNormalizedValue());
        RDN rdn = configuration.dn().parent().rdn();
        DN rdns = DN.decode(rdn.getAttributeValue(0).getValue());
        domain = MultimasterReplication.findDomain(rdns, null);
      }

      this.isEnabled = configuration.isEnabled();
      domain.changeConfig(configuration.getECLInclude(),
          configuration.getECLIncludeForDeletes());
      return new ConfigChangeResult(ResultCode.SUCCESS, false);
      return null;
    }
    catch (Exception e)
    {
@@ -130,18 +129,16 @@
  }


  /**
   * {@inheritDoc}
   */
  /** {@inheritDoc} */
  @Override
  public boolean isConfigurationAddAcceptable(
      ExternalChangelogDomainCfg configuration,
      List<LocalizableMessage> unacceptableReasons)
  {
    return true;
  }
  /**
   * {@inheritDoc}
   */
  /** {@inheritDoc} */
  @Override
  public boolean isConfigurationChangeAcceptable(
      ExternalChangelogDomainCfg configuration,
      List<LocalizableMessage> unacceptableReasons)
@@ -150,9 +147,8 @@
  }


  /**
   * {@inheritDoc}
   */
  /** {@inheritDoc} */
  @Override
  public boolean isConfigurationDeleteAcceptable(
      ExternalChangelogDomainCfg configuration,
      List<LocalizableMessage> unacceptableReasons)
@@ -161,9 +157,8 @@
  }


  /**
   * {@inheritDoc}
   */
  /** {@inheritDoc} */
  @Override
  public ConfigChangeResult applyConfigurationDelete(
      ExternalChangelogDomainCfg configuration)
  {

 opendj3-server-dev/src/server/org/opends/server/types/Entry.java

@@ -38,11 +38,13 @@
import org.forgerock.opendj.ldap.ByteSequenceReader;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.ObjectClassType;
import org.opends.server.api.AttributeValueDecoder;
import org.opends.server.api.CompressedSchema;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.ProtocolElement;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.core.DirectoryServer;
@@ -1473,22 +1475,13 @@

      boolean allSuccessful = true;

      MatchingRule rule =
          attribute.getAttributeType().getEqualityMatchingRule();
      for (AttributeValue v : attribute)
      {
        String ocName;
        try
        {
          ocName = v.getNormalizedValue().toString();
        }
        catch (Exception e)
        {
          logger.traceException(e);

          ocName = toLowerCase(v.getValue().toString());
        }
        String ocName = toLowerName(rule, v.getValue());

        boolean matchFound = false;

        for (ObjectClass oc : objectClasses.keySet())
        {
          if (oc.hasNameOrOID(ocName))
@@ -1570,6 +1563,18 @@
    return false;
  }

  private String toLowerName(MatchingRule rule, ByteString value)
  {
    try
    {
      return normalize(rule, value).toString();
    }
    catch (Exception e)
    {
      logger.traceException(e);
      return toLowerCase(value.toString());
    }
  }


  /**
@@ -3213,7 +3218,7 @@
              {
                for (AttributeValue value : attr)
                {
                  inheritFromDN = DN.decode(value.getNormalizedValue());
                  inheritFromDN = DN.decode(value.getValue());
                  // Respect subentry root scope.
                  if (!inheritFromDN.isDescendantOf(
                       subEntry.getDN().parent()))
@@ -3330,6 +3335,20 @@
    }
  }

  private ByteString normalize(MatchingRule matchingRule, ByteString value)
      throws DirectoryException
  {
    try
    {
      return matchingRule.normalizeAttributeValue(value);
    }
    catch (DecodeException e)
    {
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX,
          e.getMessageObject(), e);
    }
  }

  /**
   * Resolves a conflict arising with a collective attribute.
   *
@@ -4653,21 +4672,12 @@
        objectClasses.clear();
      }

      MatchingRule rule =
          attribute.getAttributeType().getEqualityMatchingRule();
      for (AttributeValue v : attribute)
      {
        String name = v.getValue().toString();

        String lowerName;
        try
        {
          lowerName = v.getNormalizedValue().toString();
        }
        catch (Exception e)
        {
          logger.traceException(e);

          lowerName = toLowerCase(v.getValue().toString());
        }
        String lowerName = toLowerName(rule, v.getValue());

        // Create a default object class if necessary.
        ObjectClass oc =

 opendj3-server-dev/src/server/org/opends/server/types/RDN.java

@@ -32,7 +32,10 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.api.EqualityMatchingRule;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.OrderingMatchingRule;
import org.opends.server.core.DirectoryServer;

@@ -1050,17 +1053,21 @@
   */
  public void getAVAString(int pos, StringBuilder buffer)
  {
      buffer.append(attributeTypes[pos].getNormalizedPrimaryNameOrOID());
      AttributeType type = attributeTypes[pos];
      buffer.append(type.getNormalizedPrimaryNameOrOID());
      buffer.append('=');

      AttributeValue value = attributeValues[pos];
      try
      {
        buffer.append(getDNValue(attributeValues[pos].getNormalizedValue()));
        MatchingRule rule = type.getEqualityMatchingRule();
        ByteString normValue = rule.normalizeAttributeValue(value.getValue());
        buffer.append(getDNValue(normValue));
      }
      catch (Exception e)
      {
        logger.traceException(e);
        buffer.append(getDNValue(attributeValues[pos].getValue()));
        buffer.append(getDNValue(value.getValue()));
      }
  }

@@ -1083,14 +1090,14 @@
    if (attributeTypes.length == 1 && rdn.attributeTypes.length == 1)
    {
      // fast path
      if (attributeTypes[0].equals(rdn.attributeTypes[0]))
      AttributeType type = attributeTypes[0];
      if (type.equals(rdn.attributeTypes[0]))
      {
        OrderingMatchingRule omr = attributeTypes[0].getOrderingMatchingRule();
        return compare(attributeValues[0], rdn.attributeValues[0], omr);
        return compare(attributeValues[0], rdn.attributeValues[0], type);
      }
      else
      {
        String name1 = attributeTypes[0].getNormalizedPrimaryNameOrOID();
        String name1 = type.getNormalizedPrimaryNameOrOID();
        String name2 = rdn.attributeTypes[0].getNormalizedPrimaryNameOrOID();
        return name1.compareTo(name2);
      }
@@ -1140,8 +1147,7 @@
        return name1.compareTo(name2);
      }

      final OrderingMatchingRule omr = type1.getOrderingMatchingRule();
      final int valueComparison = compare(value1, value2, omr);
      final int valueComparison = compare(value1, value2, type1);
      if (valueComparison != 0)
      {
        // we found a difference => return result
@@ -1178,34 +1184,37 @@
   *          the first attribute value to compare
   * @param value2
   *          the second attribute value to compare
   * @param omr
   *          if not null, the OrderingMatchingRule to use for comparison
   * @param type
   *          the type whose OrderingMatchingRule is to be used for comparison
   * @return A negative integer if this value1 should come before the value2, a
   *         positive integer if value1 should come after value2, or zero if
   *         there is no difference with regard to ordering.
   */
  private int compare(AttributeValue value1, AttributeValue value2,
      OrderingMatchingRule omr)
      AttributeType type)
  {
    final OrderingMatchingRule omr = type.getOrderingMatchingRule();
    final EqualityMatchingRule emr = type.getEqualityMatchingRule();

    ByteString val1;
    ByteString val2;
    try
    {
      val1 = value1.getNormalizedValue();
      val2 = value2.getNormalizedValue();
      final MatchingRule rule = omr != null ? omr : emr;
      val1 = rule.normalizeAttributeValue(value1.getValue());
      val2 = rule.normalizeAttributeValue(value2.getValue());
    }
    catch (DirectoryException e)
    catch (DecodeException e)
    {
      logger.traceException(e);
      val1 = value1.getValue();
      val2 = value2.getValue();
    }


    if (omr != null)
    {
      return omr.compareValues(val1, val2);
    }
    return val1.toString().compareTo(val2.toString());
    return val1.compareTo(val2);
  }
}

 opendj3-server-dev/src/server/org/opends/server/types/SubEntry.java

@@ -24,7 +24,6 @@
 *      Copyright 2009-2010 Sun Microsystems, Inc.
 *      Portions Copyright 2011-2014 ForgeRock AS
 */

package org.opends.server.types;

import java.util.ArrayList;
@@ -364,13 +363,10 @@
          {
            for (AttributeValue value : attr)
            {
              this.inheritFromBaseDN =
                      DN.decode(value.getNormalizedValue());
              // Has to have a parent since subentry itself
              // cannot be a suffix entry within the server.
              this.inheritFromBaseDN =
                      getDN().parent().child(
                        inheritFromBaseDN);
                  getDN().parent().child(DN.decode(value.getValue()));
              break;
            }
          }

 opendj3-server-dev/src/server/org/opends/server/workflowelement/externalchangelog/ECLSearchOperation.java

@@ -32,9 +32,12 @@
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.MatchingRule;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.config.ConfigConstants;
import org.opends.server.controls.*;
@@ -46,7 +49,12 @@
import org.opends.server.replication.server.ECLServerHandler;
import org.opends.server.replication.server.ReplicationServer;
import org.opends.server.types.*;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.types.Attribute;
import org.opends.server.types.Attributes;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.types.RDN;
import org.opends.server.types.operation.PostOperationSearchOperation;
import org.opends.server.types.operation.PreOperationSearchOperation;
import org.opends.server.types.operation.SearchEntrySearchOperation;
@@ -1182,14 +1190,12 @@
    // Here are the 3 elementary cases we know how to optimize
    if (matches(sf, FilterType.GREATER_OR_EQUAL, "changeNumber"))
    {
      int sn = Integer.decode(
          sf.getAssertionValue().getNormalizedValue().toString());
      int sn = extractChangeNumber(sf);
      startCLmsg.setFirstChangeNumber(sn);
    }
    else if (matches(sf, FilterType.LESS_OR_EQUAL, "changeNumber"))
    {
      int sn = Integer.decode(
          sf.getAssertionValue().getNormalizedValue().toString());
      int sn = extractChangeNumber(sf);
      startCLmsg.setLastChangeNumber(sn);
    }
    else if (matches(sf, FilterType.EQUALITY, "replicationcsn"))
@@ -1199,8 +1205,7 @@
    }
    else if (matches(sf, FilterType.EQUALITY, "changenumber"))
    {
      int sn = Integer.decode(
          sf.getAssertionValue().getNormalizedValue().toString());
      int sn = extractChangeNumber(sf);
      startCLmsg.setFirstChangeNumber(sn);
      startCLmsg.setLastChangeNumber(sn);
    }
@@ -1239,6 +1244,23 @@
    return startCLmsg;
  }

  private static int extractChangeNumber(SearchFilter sf)
      throws DirectoryException
  {
    try
    {
      MatchingRule rule = sf.getAttributeType().getEqualityMatchingRule();
      ByteString normValue =
          rule.normalizeAssertionValue(sf.getAssertionValue().getValue());
      return Integer.decode(normValue.toString());
    }
    catch (DecodeException e)
    {
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, e
          .getMessageObject(), e);
    }
  }

  private static boolean matches(SearchFilter sf, FilterType filterType,
      String primaryName)
  {

			@@ -24,28 +24,23 @@
			* Portions Copyright 2011-2014 ForgeRock AS.
			* Portions Copyright 2014 ForgeRock AS
			*/

			package org.opends.server.api;



			import java.util.List;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.schema.GeneralizedTimeSyntax;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;

			import static org.opends.messages.CoreMessages.*;
			import static org.opends.server.config.ConfigConstants.*;
			import static org.opends.server.util.StaticUtils.*;



			/**
			* The authentication policy context associated with a user's entry, which is
			* responsible for managing the user's account, their password, as well as
			@@ -206,8 +201,9 @@
			final AttributeValue v = a.iterator().next();
			try
			{
			timeValue = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(v
			.getNormalizedValue());
			EqualityMatchingRule rule = attributeType.getEqualityMatchingRule();
			ByteString normValue = rule.normalizeAttributeValue(v.getValue());
			timeValue = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(normValue);
			}
			catch (final Exception e)
			{

			@@ -33,6 +33,7 @@
			import java.util.Iterator;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.opendj.ldap.ResultCode;
			@@ -49,6 +50,9 @@
			*/
			public class PatternRDN
			{

			private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();

			/**
			* Indicate whether the RDN contains a wildcard in any of its attribute
			* types.
			@@ -269,59 +273,43 @@

			try
			{
			if (pattern.size() > 1)
			if (pattern.size() == 1)
			{
			// Handle this just like a substring filter.
			// Handle this just like an equality filter.
			EqualityMatchingRule rule = type.getEqualityMatchingRule();
			ByteString thatNormValue = rule.normalizeAttributeValue(value.getValue());
			return rule.getAssertion(pattern.get(0)).matches(thatNormValue).toBoolean();
			}

			ByteString subInitial = pattern.get(0);
			if (subInitial.length() == 0)
			{
			subInitial = null;
			}
			// Handle this just like a substring filter.
			ByteString subInitial = pattern.get(0);
			if (subInitial.length() == 0)
			{
			subInitial = null;
			}

			ByteString subFinal = pattern.get(pattern.size() - 1);
			if (subFinal.length() == 0)
			{
			subFinal = null;
			}
			ByteString subFinal = pattern.get(pattern.size() - 1);
			if (subFinal.length() == 0)
			{
			subFinal = null;
			}

			List<ByteString> subAnyElements;
			if (pattern.size() > 2)
			{
			subAnyElements = pattern.subList(1, pattern.size()-1);
			}
			else
			{
			subAnyElements = null;
			}

			Attribute attr = Attributes.create(type, value);
			switch (attr.matchesSubstring(subInitial, subAnyElements, subFinal))
			{
			case TRUE:
			return true;

			case FALSE:
			case UNDEFINED:
			default:
			return false;
			}
			List<ByteString> subAnyElements;
			if (pattern.size() > 2)
			{
			subAnyElements = pattern.subList(1, pattern.size()-1);
			}
			else
			{
			ByteString thisNormValue =
			type.getEqualityMatchingRule().normalizeAttributeValue(pattern.get(0));
			ByteString thatNormValue = value.getNormalizedValue();
			EqualityMatchingRule mr = type.getEqualityMatchingRule();
			return mr.areEqual(thisNormValue, thatNormValue);
			subAnyElements = null;
			}

			Attribute attr = Attributes.create(type, value);
			return attr.matchesSubstring(subInitial, subAnyElements, subFinal).toBoolean();
			}
			catch (DecodeException e)
			{
			return false;
			}
			catch (DirectoryException e)
			{
			logger.traceException(e);
			return false;
			}
			}

			@@ -2223,9 +2223,10 @@
			try
			{
			// Make a key from the normalized assertion value.
			byte[] keyBytes =
			extensibleFilter.getAssertionValue().getNormalizedValue().
			toByteArray();
			MatchingRule rule =
			extensibleFilter.getAttributeType().getEqualityMatchingRule();
			ByteString value = extensibleFilter.getAssertionValue().getValue();
			byte[] keyBytes = rule.normalizeAssertionValue(value).toByteArray();
			DatabaseEntry key = new DatabaseEntry(keyBytes);

			if(debugBuffer != null)
			@@ -2265,7 +2266,7 @@
			}
			return idSet;
			}
			catch (DirectoryException e)
			catch (DecodeException e)
			{
			logger.traceException(e);
			return IndexQuery.createNullIndexQuery().evaluate(null);

			@@ -34,9 +34,8 @@
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.api.ApproximateMatchingRule;
			import org.opends.server.api.EqualityMatchingRule;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.OrderingMatchingRule;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.types.*;
			import org.opends.server.util.ServerConstants;
			@@ -1629,18 +1628,20 @@

			for (Attribute attr : attrList)
			{
			final AttributeType attrType = attr.getAttributeType();
			EqualityMatchingRule equalityRule = attrType.getEqualityMatchingRule();
			for (AttributeValue value : attr)
			{
			byte[] normalizedBytes = value.getNormalizedValue().toByteArray();
			final ByteString bsValue = value.getValue();
			byte[] normalizedBytes = normalize(equalityRule, bsValue);

			// Equality index.
			if (equalityIndex != null)
			{
			// TODO JNR reuse DatabaseEntry object for all indexes?
			DatabaseEntry key = new DatabaseEntry(normalizedBytes);
			verifyAttributeInIndex(equalityIndex, txn, key, entryID);
			}

			// Substring index.
			if (substringIndex != null)
			{
			Set<ByteString> keyBytesSet =
			@@ -1653,28 +1654,16 @@
			}
			}

			// Ordering index.
			if (orderingIndex != null)
			{
			// Use the ordering matching rule to normalize the value.
			OrderingMatchingRule orderingRule =
			attr.getAttributeType().getOrderingMatchingRule();

			normalizedBytes = normalizeAttributeValue(orderingRule, value);

			normalizedBytes = normalize(attrType.getOrderingMatchingRule(), bsValue);
			DatabaseEntry key = new DatabaseEntry(normalizedBytes);
			verifyAttributeInIndex(orderingIndex, txn, key, entryID);
			}

			// Approximate index.
			if (approximateIndex != null)
			{
			// Use the approximate matching rule to normalize the value.
			ApproximateMatchingRule approximateRule =
			attr.getAttributeType().getApproximateMatchingRule();

			normalizedBytes = normalizeAttributeValue(approximateRule, value);

			normalizedBytes = normalize(attrType.getApproximateMatchingRule(), bsValue);
			DatabaseEntry key = new DatabaseEntry(normalizedBytes);
			verifyAttributeInIndex(approximateIndex, txn, key, entryID);
			}
			@@ -1717,13 +1706,12 @@
			}
			}

			private byte[] normalizeAttributeValue(MatchingRule matchingRule,
			AttributeValue value) throws DirectoryException
			private byte[] normalize(MatchingRule matchingRule,
			ByteString value) throws DirectoryException
			{
			try
			{
			return matchingRule.normalizeAttributeValue(value.getValue())
			.toByteArray();
			return matchingRule.normalizeAttributeValue(value).toByteArray();
			}
			catch (DecodeException e)
			{

			@@ -39,6 +39,7 @@
			import org.forgerock.opendj.ldap.ByteSequence;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.util.Reject;
			import org.opends.server.api.ApproximateMatchingRule;
			import org.opends.server.api.EqualityMatchingRule;
			@@ -1302,11 +1303,11 @@
			{
			try
			{
			return equalityMatchingRule.areEqual(
			equalityMatchingRule.normalizeAssertionValue(rawAssertionValue),
			value.getNormalizedValue());
			final ByteString normValue = equalityMatchingRule.normalizeAttributeValue(value.getValue());
			final Assertion assertion = equalityMatchingRule.getAssertion(rawAssertionValue);
			return assertion.matches(normValue).toBoolean();
			}
			catch (Exception e)
			catch (DecodeException e)
			{
			logger.traceException(e);
			}
			@@ -1432,7 +1433,6 @@
			catch (Exception e)
			{
			logger.traceException(e);

			return false;
			}
			}
			@@ -1445,14 +1445,12 @@

			try
			{
			return equalityMatchingRule.areEqual(
			equalityMatchingRule.normalizeAssertionValue(rawAssertionValue),
			value.getNormalizedValue());
			ByteString normValue = equalityMatchingRule.normalizeAttributeValue(value.getValue());
			return equalityMatchingRule.getAssertion(rawAssertionValue).matches(normValue).toBoolean();
			}
			catch (Exception e)
			{
			logger.traceException(e);

			return false;
			}
			}

			@@ -26,8 +26,6 @@
			*/
			package org.opends.server.core;



			import java.text.SimpleDateFormat;
			import java.util.*;

			@@ -37,6 +35,7 @@
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
			import org.opends.server.api.*;
			import org.opends.server.protocols.internal.InternalClientConnection;
			@@ -45,15 +44,12 @@
			import org.opends.server.schema.GeneralizedTimeSyntax;
			import org.opends.server.schema.UserPasswordSyntax;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;

			import static org.opends.messages.CoreMessages.*;
			import static org.opends.server.config.ConfigConstants.*;
			import static org.opends.server.schema.SchemaConstants.*;
			import static org.opends.server.util.StaticUtils.*;



			/**
			* This class provides a data structure for holding password policy state
			* information for a user account.
			@@ -226,14 +222,15 @@
			List<Attribute> attrList = userEntry.getAttribute(attributeType);
			if (attrList != null)
			{
			final MatchingRule rule = attributeType.getEqualityMatchingRule();
			for (Attribute a : attrList)
			{
			for (AttributeValue v : a)
			{
			try
			{
			timeValues.add(GeneralizedTimeSyntax.decodeGeneralizedTimeValue(
			v.getNormalizedValue()));
			ByteString normValue = rule.normalizeAttributeValue(v.getValue());
			timeValues.add(GeneralizedTimeSyntax.decodeGeneralizedTimeValue(normValue));
			}
			catch (Exception e)
			{

			@@ -31,8 +31,10 @@
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.admin.std.server.EntryDNVirtualAttributeCfg;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.VirtualAttributeProvider;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.SearchOperation;
			@@ -94,14 +96,15 @@
			{
			try
			{
			String normalizedDN = entry.getName().toNormalizedString();
			String normalizedValue = value.getNormalizedValue().toString();
			MatchingRule eqRule = rule.getAttributeType().getEqualityMatchingRule();
			ByteString dn = ByteString.valueOf(entry.getName().toString());
			ByteString normalizedDN = eqRule.normalizeAttributeValue(dn);
			ByteString normalizedValue = eqRule.normalizeAttributeValue(value.getValue());
			return normalizedDN.equals(normalizedValue);
			}
			catch (Exception e)
			catch (DecodeException e)
			{
			logger.traceException(e);

			return false;
			}
			}

			@@ -35,11 +35,15 @@
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.admin.std.server.EntryUUIDVirtualAttributeCfg;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.VirtualAttributeProvider;
			import org.opends.server.core.SearchOperation;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.types.AttributeValue;
			import org.opends.server.types.AttributeValues;
			import org.opends.server.types.Entry;
			import org.opends.server.types.VirtualAttributeRule;

			import static org.opends.messages.ExtensionMessages.*;
			import static org.opends.server.util.StaticUtils.*;
			@@ -102,19 +106,20 @@
			public boolean hasValue(Entry entry, VirtualAttributeRule rule,
			AttributeValue value)
			{
			MatchingRule matchingRule =
			rule.getAttributeType().getEqualityMatchingRule();
			try
			{
			String normalizedDN = entry.getName().toNormalizedString();
			String uuidString =
			UUID.nameUUIDFromBytes(getBytes(normalizedDN)).toString();

			String normalizedValue = value.getNormalizedValue().toString();
			return uuidString.equals(normalizedValue);
			ByteString normValue = matchingRule.normalizeAttributeValue(value.getValue());
			return uuidString.equals(normValue.toString());
			}
			catch (Exception e)
			{
			logger.traceException(e);

			return false;
			}
			}

			@@ -34,13 +34,14 @@
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ConditionResult;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.admin.std.server.HasSubordinatesVirtualAttributeCfg;
			import org.opends.server.api.Backend;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.VirtualAttributeProvider;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.SearchOperation;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;

			import static org.opends.messages.ExtensionMessages.*;

			@@ -106,7 +107,7 @@
			try
			{
			ConditionResult ret = backend.hasSubordinates(entry.getName());
			return ret != null && ret != ConditionResult.UNDEFINED;
			return ret != null && ret != ConditionResult.UNDEFINED;
			}
			catch(DirectoryException de)
			{
			@@ -121,20 +122,22 @@
			public boolean hasValue(Entry entry, VirtualAttributeRule rule,
			AttributeValue value)
			{
			Backend backend = DirectoryServer.getBackend(entry.getName());
			Backend backend = DirectoryServer.getBackend(entry.getName());
			MatchingRule matchingRule =
			rule.getAttributeType().getEqualityMatchingRule();

			try
			{
			ByteString normValue =
			matchingRule.normalizeAttributeValue(value.getValue());
			ConditionResult ret = backend.hasSubordinates(entry.getName());
			return ret != null
			&& ret != ConditionResult.UNDEFINED
			&& ConditionResult.valueOf(value.getNormalizedValue().toString())
			.equals(ret);
			&& ConditionResult.valueOf(normValue.toString()).equals(ret);
			}
			catch(DirectoryException de)
			catch (Exception de)
			{
			logger.traceException(de);

			return false;
			}
			}

			@@ -1844,17 +1844,26 @@
			// Ignore any attributes with options.
			if (!attribute.hasOptions())
			{
			MatchingRule rule =
			attribute.getAttributeType().getEqualityMatchingRule();
			for (AttributeValue value : attribute)
			{
			try
			{
			ByteString normValue =
			rule.normalizeAttributeValue(value.getValue());
			long cachedPasswordTime = GeneralizedTimeSyntax
			.decodeGeneralizedTimeValue(value.getNormalizedValue());
			.decodeGeneralizedTimeValue(normValue);
			long currentTime = provider.getCurrentTimeMS();
			long expiryTime = cachedPasswordTime
			+ (cfg.getCachedPasswordTTL() * 1000);
			foundValidCachedPasswordTime = (expiryTime > currentTime);
			}
			catch (DecodeException e)
			{
			// Fall-through and give up immediately.
			logger.traceException(e);
			}
			catch (DirectoryException e)
			{
			// Fall-through and give up immediately.

			@@ -36,7 +36,6 @@
			import java.util.ArrayList;
			import java.util.Collections;
			import java.util.HashSet;
			import java.util.Iterator;
			import java.util.LinkedHashMap;
			import java.util.LinkedHashSet;
			import java.util.LinkedList;
			@@ -48,6 +47,7 @@
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.admin.server.ConfigurationChangeListener;
			import org.opends.server.admin.std.meta.PluginCfgDefn;
			@@ -56,6 +56,7 @@
			import org.opends.server.admin.std.server.ReferentialIntegrityPluginCfg;
			import org.opends.server.api.Backend;
			import org.opends.server.api.DirectoryThread;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.ServerShutdownListener;
			import org.opends.server.api.plugin.DirectoryServerPlugin;
			import org.opends.server.api.plugin.PluginResult;
			@@ -67,7 +68,6 @@
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.types.operation.SubordinateModifyDNOperation;
			import org.opends.server.types.operation.PostOperationModifyDNOperation;
			import org.opends.server.types.operation.PostOperationDeleteOperation;
			@@ -1231,25 +1231,21 @@
			* @param entryDN DN of the entry which contains the <CODE>attr</CODE>
			* attribute.
			* @return The SUCCESS if the integrity is maintained or
			* CONSTRAINT_VIOLATION oherwise
			* CONSTRAINT_VIOLATION otherwise
			*/
			private PluginResult.PreOperation isIntegrityMaintained(Attribute attr,
			DN entryDN,
			DN entryBaseDN)
			{
			/* Iterate over the list of attributes */

			Iterator<AttributeValue> attrValIt = attr.iterator();

			final MatchingRule rule = attr.getAttributeType().getEqualityMatchingRule();
			try
			{
			while (attrValIt.hasNext())
			for (AttributeValue attrVal : attr)
			{
			AttributeValue attrVal = attrValIt.next();
			Entry valueEntry = null;
			DN valueEntryDN =
			DN.decode(rule.normalizeAttributeValue(attrVal.getValue()));

			DN valueEntryDN = DN.decode(attrVal.getNormalizedValue());

			final Entry valueEntry;
			if (currentConfiguration.getCheckReferencesScopeCriteria()
			== CheckReferencesScopeCriteria.NAMING_CONTEXT)
			{
			@@ -1270,9 +1266,7 @@
			valueEntry = DirectoryServer.getEntry(valueEntryDN);
			}

			/* Verify that the value entry exists in the backend.
			*/

			// Verify that the value entry exists in the backend.
			if (valueEntry == null)
			{
			return PluginResult.PreOperation.stopProcessing(
			@@ -1281,9 +1275,7 @@
			valueEntryDN, attr.getName(), entryDN));
			}

			/* Verify that the value entry conforms to the filter.
			*/

			// Verify that the value entry conforms to the filter.
			SearchFilter filter = attrFiltMap.get(attr.getAttributeType());
			if (filter != null && !filter.matchesEntry(valueEntry))
			{
			@@ -1294,7 +1286,7 @@
			}
			}
			}
			catch (DirectoryException de)
			catch (Exception de)
			{
			return PluginResult.PreOperation.stopProcessing(
			ResultCode.OTHER,

			@@ -29,13 +29,14 @@
			import java.util.List;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.admin.server.ConfigurationAddListener;
			import org.opends.server.admin.server.ConfigurationChangeListener;
			import org.opends.server.admin.server.ConfigurationDeleteListener;
			import org.opends.server.admin.std.server.ExternalChangelogDomainCfg;
			import org.opends.server.types.ConfigChangeResult;
			import org.opends.server.types.DN;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.types.RDN;

			/**
			* This class specifies the external changelog feature for a replication
			@@ -67,25 +68,15 @@
			}


			/**
			* {@inheritDoc}
			*/
			/** {@inheritDoc} */
			@Override
			public ConfigChangeResult applyConfigurationAdd(
			ExternalChangelogDomainCfg configuration)
			{
			try
			final ConfigChangeResult ccr = setDomain(configuration);
			if (ccr != null)
			{
			if (domain==null)
			{
			DN rdns = DN.decode(
			configuration.dn().parent().rdn().getAttributeValue(0).
			getNormalizedValue());
			domain = MultimasterReplication.findDomain(rdns, null);
			}
			}
			catch (Exception e)
			{
			return new ConfigChangeResult(ResultCode.CONSTRAINT_VIOLATION, false);
			return ccr;
			}

			this.isEnabled = configuration.isEnabled();
			@@ -96,9 +87,8 @@
			}


			/**
			* {@inheritDoc}
			*/
			/** {@inheritDoc} */
			@Override
			public ConfigChangeResult applyConfigurationChange(
			ExternalChangelogDomainCfg configuration)
			{
			@@ -108,20 +98,29 @@
			// - after dsconfig set-external-changelog-domain-prop --add ecl-include:xx
			// configuration contains attribute xx and the previous list
			// Hence in all cases, it is the complete list of attributes.
			final ConfigChangeResult ccr = setDomain(configuration);
			if (ccr != null)
			{
			return ccr;
			}

			this.isEnabled = configuration.isEnabled();
			domain.changeConfig(configuration.getECLInclude(),
			configuration.getECLIncludeForDeletes());
			return new ConfigChangeResult(ResultCode.SUCCESS, false);
			}

			private ConfigChangeResult setDomain(ExternalChangelogDomainCfg configuration)
			{
			try
			{
			if (domain==null)
			{
			DN rdns = DN.decode(
			configuration.dn().parent().rdn().getAttributeValue(0).
			getNormalizedValue());
			RDN rdn = configuration.dn().parent().rdn();
			DN rdns = DN.decode(rdn.getAttributeValue(0).getValue());
			domain = MultimasterReplication.findDomain(rdns, null);
			}

			this.isEnabled = configuration.isEnabled();
			domain.changeConfig(configuration.getECLInclude(),
			configuration.getECLIncludeForDeletes());
			return new ConfigChangeResult(ResultCode.SUCCESS, false);
			return null;
			}
			catch (Exception e)
			{
			@@ -130,18 +129,16 @@
			}


			/**
			* {@inheritDoc}
			*/
			/** {@inheritDoc} */
			@Override
			public boolean isConfigurationAddAcceptable(
			ExternalChangelogDomainCfg configuration,
			List<LocalizableMessage> unacceptableReasons)
			{
			return true;
			}
			/**
			* {@inheritDoc}
			*/
			/** {@inheritDoc} */
			@Override
			public boolean isConfigurationChangeAcceptable(
			ExternalChangelogDomainCfg configuration,
			List<LocalizableMessage> unacceptableReasons)
			@@ -150,9 +147,8 @@
			}


			/**
			* {@inheritDoc}
			*/
			/** {@inheritDoc} */
			@Override
			public boolean isConfigurationDeleteAcceptable(
			ExternalChangelogDomainCfg configuration,
			List<LocalizableMessage> unacceptableReasons)
			@@ -161,9 +157,8 @@
			}


			/**
			* {@inheritDoc}
			*/
			/** {@inheritDoc} */
			@Override
			public ConfigChangeResult applyConfigurationDelete(
			ExternalChangelogDomainCfg configuration)
			{

			@@ -38,11 +38,13 @@
			import org.forgerock.opendj.ldap.ByteSequenceReader;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ByteStringBuilder;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.schema.ObjectClassType;
			import org.opends.server.api.AttributeValueDecoder;
			import org.opends.server.api.CompressedSchema;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.ProtocolElement;
			import org.opends.server.api.plugin.PluginResult;
			import org.opends.server.core.DirectoryServer;
			@@ -1473,22 +1475,13 @@

			boolean allSuccessful = true;

			MatchingRule rule =
			attribute.getAttributeType().getEqualityMatchingRule();
			for (AttributeValue v : attribute)
			{
			String ocName;
			try
			{
			ocName = v.getNormalizedValue().toString();
			}
			catch (Exception e)
			{
			logger.traceException(e);

			ocName = toLowerCase(v.getValue().toString());
			}
			String ocName = toLowerName(rule, v.getValue());

			boolean matchFound = false;

			for (ObjectClass oc : objectClasses.keySet())
			{
			if (oc.hasNameOrOID(ocName))
			@@ -1570,6 +1563,18 @@
			return false;
			}

			private String toLowerName(MatchingRule rule, ByteString value)
			{
			try
			{
			return normalize(rule, value).toString();
			}
			catch (Exception e)
			{
			logger.traceException(e);
			return toLowerCase(value.toString());
			}
			}


			/**
			@@ -3213,7 +3218,7 @@
			{
			for (AttributeValue value : attr)
			{
			inheritFromDN = DN.decode(value.getNormalizedValue());
			inheritFromDN = DN.decode(value.getValue());
			// Respect subentry root scope.
			if (!inheritFromDN.isDescendantOf(
			subEntry.getDN().parent()))
			@@ -3330,6 +3335,20 @@
			}
			}

			private ByteString normalize(MatchingRule matchingRule, ByteString value)
			throws DirectoryException
			{
			try
			{
			return matchingRule.normalizeAttributeValue(value);
			}
			catch (DecodeException e)
			{
			throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX,
			e.getMessageObject(), e);
			}
			}

			/**
			* Resolves a conflict arising with a collective attribute.
			*
			@@ -4653,21 +4672,12 @@
			objectClasses.clear();
			}

			MatchingRule rule =
			attribute.getAttributeType().getEqualityMatchingRule();
			for (AttributeValue v : attribute)
			{
			String name = v.getValue().toString();

			String lowerName;
			try
			{
			lowerName = v.getNormalizedValue().toString();
			}
			catch (Exception e)
			{
			logger.traceException(e);

			lowerName = toLowerCase(v.getValue().toString());
			}
			String lowerName = toLowerName(rule, v.getValue());

			// Create a default object class if necessary.
			ObjectClass oc =

			@@ -32,7 +32,10 @@
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.ByteStringBuilder;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.api.EqualityMatchingRule;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.OrderingMatchingRule;
			import org.opends.server.core.DirectoryServer;

			@@ -1050,17 +1053,21 @@
			*/
			public void getAVAString(int pos, StringBuilder buffer)
			{
			buffer.append(attributeTypes[pos].getNormalizedPrimaryNameOrOID());
			AttributeType type = attributeTypes[pos];
			buffer.append(type.getNormalizedPrimaryNameOrOID());
			buffer.append('=');

			AttributeValue value = attributeValues[pos];
			try
			{
			buffer.append(getDNValue(attributeValues[pos].getNormalizedValue()));
			MatchingRule rule = type.getEqualityMatchingRule();
			ByteString normValue = rule.normalizeAttributeValue(value.getValue());
			buffer.append(getDNValue(normValue));
			}
			catch (Exception e)
			{
			logger.traceException(e);
			buffer.append(getDNValue(attributeValues[pos].getValue()));
			buffer.append(getDNValue(value.getValue()));
			}
			}

			@@ -1083,14 +1090,14 @@
			if (attributeTypes.length == 1 && rdn.attributeTypes.length == 1)
			{
			// fast path
			if (attributeTypes[0].equals(rdn.attributeTypes[0]))
			AttributeType type = attributeTypes[0];
			if (type.equals(rdn.attributeTypes[0]))
			{
			OrderingMatchingRule omr = attributeTypes[0].getOrderingMatchingRule();
			return compare(attributeValues[0], rdn.attributeValues[0], omr);
			return compare(attributeValues[0], rdn.attributeValues[0], type);
			}
			else
			{
			String name1 = attributeTypes[0].getNormalizedPrimaryNameOrOID();
			String name1 = type.getNormalizedPrimaryNameOrOID();
			String name2 = rdn.attributeTypes[0].getNormalizedPrimaryNameOrOID();
			return name1.compareTo(name2);
			}
			@@ -1140,8 +1147,7 @@
			return name1.compareTo(name2);
			}

			final OrderingMatchingRule omr = type1.getOrderingMatchingRule();
			final int valueComparison = compare(value1, value2, omr);
			final int valueComparison = compare(value1, value2, type1);
			if (valueComparison != 0)
			{
			// we found a difference => return result
			@@ -1178,34 +1184,37 @@
			* the first attribute value to compare
			* @param value2
			* the second attribute value to compare
			* @param omr
			* if not null, the OrderingMatchingRule to use for comparison
			* @param type
			* the type whose OrderingMatchingRule is to be used for comparison
			* @return A negative integer if this value1 should come before the value2, a
			* positive integer if value1 should come after value2, or zero if
			* there is no difference with regard to ordering.
			*/
			private int compare(AttributeValue value1, AttributeValue value2,
			OrderingMatchingRule omr)
			AttributeType type)
			{
			final OrderingMatchingRule omr = type.getOrderingMatchingRule();
			final EqualityMatchingRule emr = type.getEqualityMatchingRule();

			ByteString val1;
			ByteString val2;
			try
			{
			val1 = value1.getNormalizedValue();
			val2 = value2.getNormalizedValue();
			final MatchingRule rule = omr != null ? omr : emr;
			val1 = rule.normalizeAttributeValue(value1.getValue());
			val2 = rule.normalizeAttributeValue(value2.getValue());
			}
			catch (DirectoryException e)
			catch (DecodeException e)
			{
			logger.traceException(e);
			val1 = value1.getValue();
			val2 = value2.getValue();
			}


			if (omr != null)
			{
			return omr.compareValues(val1, val2);
			}
			return val1.toString().compareTo(val2.toString());
			return val1.compareTo(val2);
			}
			}

			@@ -24,7 +24,6 @@
			* Copyright 2009-2010 Sun Microsystems, Inc.
			* Portions Copyright 2011-2014 ForgeRock AS
			*/

			package org.opends.server.types;

			import java.util.ArrayList;
			@@ -364,13 +363,10 @@
			{
			for (AttributeValue value : attr)
			{
			this.inheritFromBaseDN =
			DN.decode(value.getNormalizedValue());
			// Has to have a parent since subentry itself
			// cannot be a suffix entry within the server.
			this.inheritFromBaseDN =
			getDN().parent().child(
			inheritFromBaseDN);
			getDN().parent().child(DN.decode(value.getValue()));
			break;
			}
			}

			@@ -32,9 +32,12 @@
			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DecodeException;
			import org.forgerock.opendj.ldap.ModificationType;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.api.ClientConnection;
			import org.opends.server.api.MatchingRule;
			import org.opends.server.api.plugin.PluginResult;
			import org.opends.server.config.ConfigConstants;
			import org.opends.server.controls.*;
			@@ -46,7 +49,12 @@
			import org.opends.server.replication.server.ECLServerHandler;
			import org.opends.server.replication.server.ReplicationServer;
			import org.opends.server.types.*;
			import org.forgerock.opendj.ldap.ResultCode;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.Attributes;
			import org.opends.server.types.DN;
			import org.opends.server.types.Entry;
			import org.opends.server.types.Modification;
			import org.opends.server.types.RDN;
			import org.opends.server.types.operation.PostOperationSearchOperation;
			import org.opends.server.types.operation.PreOperationSearchOperation;
			import org.opends.server.types.operation.SearchEntrySearchOperation;
			@@ -1182,14 +1190,12 @@
			// Here are the 3 elementary cases we know how to optimize
			if (matches(sf, FilterType.GREATER_OR_EQUAL, "changeNumber"))
			{
			int sn = Integer.decode(
			sf.getAssertionValue().getNormalizedValue().toString());
			int sn = extractChangeNumber(sf);
			startCLmsg.setFirstChangeNumber(sn);
			}
			else if (matches(sf, FilterType.LESS_OR_EQUAL, "changeNumber"))
			{
			int sn = Integer.decode(
			sf.getAssertionValue().getNormalizedValue().toString());
			int sn = extractChangeNumber(sf);
			startCLmsg.setLastChangeNumber(sn);
			}
			else if (matches(sf, FilterType.EQUALITY, "replicationcsn"))
			@@ -1199,8 +1205,7 @@
			}
			else if (matches(sf, FilterType.EQUALITY, "changenumber"))
			{
			int sn = Integer.decode(
			sf.getAssertionValue().getNormalizedValue().toString());
			int sn = extractChangeNumber(sf);
			startCLmsg.setFirstChangeNumber(sn);
			startCLmsg.setLastChangeNumber(sn);
			}
			@@ -1239,6 +1244,23 @@
			return startCLmsg;
			}

			private static int extractChangeNumber(SearchFilter sf)
			throws DirectoryException
			{
			try
			{
			MatchingRule rule = sf.getAttributeType().getEqualityMatchingRule();
			ByteString normValue =
			rule.normalizeAssertionValue(sf.getAssertionValue().getValue());
			return Integer.decode(normValue.toString());
			}
			catch (DecodeException e)
			{
			throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, e
			.getMessageObject(), e);
			}
			}

			private static boolean matches(SearchFilter sf, FilterType filterType,
			String primaryName)
			{