external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 595b0d2a | patch | commit | show whitespace

OPENDJ-2777 Invalid attribute syntax not caught with ldapmodify for badly s...

Jean-Noël Rouvignac

30.21.2016 8e6fb9432151fd9eb49efe6937034e27c30a6545

OPENDJ-2777 Invalid attribute syntax not caught with ldapmodify for badly shaped aci

Problem is due to the change in behaviour of DN.valueOf().
When DN parsing failed, the server DN was always throwing DirectoryException,
while the SDK's DN throws LocalizedIllegalArgumentException.

Fixed the client code by making it catch LocalizedIllegalArgumentException in addition to DirectoryException.
This fix is future proof because the SDK's LDAPUrl class.

10 files modified

	opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java	3 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java	124 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java	7 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java	3 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java	3 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java	44 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java	17 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java	9 ●●●●● patch \| view \| raw \| blame \| history

 opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/browser/NodeRefresher.java

@@ -33,6 +33,7 @@
import javax.swing.SwingUtilities;
import javax.swing.tree.TreeNode;

import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.RDN;
import org.forgerock.opendj.ldap.SearchScope;
@@ -562,7 +563,7 @@
      catch (InterruptedNamingException x) {
        throwAbandonIfNeeded(x);
      }
      catch (NamingException | DirectoryException x) {
      catch (NamingException | LocalizedIllegalArgumentException | DirectoryException x) {
        lastException = x;
        lastExceptionArg = referral[i];
      }

 opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/ErrorSearchingEntryPanel.java

@@ -12,9 +12,8 @@
 * information: "Portions Copyright [year] [name of copyright owner]".
 *
 * Copyright 2008-2010 Sun Microsystems, Inc.
 * Portions Copyright 2014 ForgeRock AS.
 * Portions Copyright 2014-2016 ForgeRock AS.
 */

package org.opends.guitools.controlpanel.ui;

import java.awt.Component;
@@ -37,9 +36,7 @@

import static org.opends.messages.AdminToolMessages.*;

/**
 * The panel that is displayed when there is an error searching an entry.
 */
/** The panel that is displayed when there is an error searching an entry. */
public class ErrorSearchingEntryPanel extends StatusGenericPanel
{
  private static final long serialVersionUID = -8460172599072631973L;
@@ -47,7 +44,6 @@
  /** Default constructor. */
  public ErrorSearchingEntryPanel()
  {
    super();
    GridBagConstraints gbc = new GridBagConstraints();
    gbc.gridx = 0;
    gbc.gridy = 0;
@@ -135,58 +131,7 @@
    if (ex instanceof NamingException)
    {
      Object arg = error.getArg();
      LocalizableMessage msg = null;
      if (arg != null)
      {
        // Maybe is the LDAPURL
        try
        {
          LDAPURL url = LDAPURL.decode(arg.toString(), false);
          if (url.getHost() != null)
          {
            String hostPort = url.getHost()+":"+url.getPort();
            if (ex instanceof ReferralLimitExceededException)
            {
              msg = LocalizableMessage.raw(ex.getLocalizedMessage());
            }
            else if (ex instanceof NameNotFoundException)
            {
              msg = ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL.get(arg, hostPort);
            }
            else
            {
              msg = getMessageForException((NamingException) ex, hostPort);
            }
          }
          else if (ex instanceof ReferralLimitExceededException)
          {
            msg = LocalizableMessage.raw(ex.getLocalizedMessage());
          }
          else if (ex instanceof NameNotFoundException)
          {
            msg = ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL_NO_HOST.get(arg);
          }
          else
          {
            msg = Utils.getMessageForException((NamingException)ex);
          }
        }
        catch (Throwable t)
        {
        }
      }

      if (msg == null)
      {
        if (ex instanceof ReferralLimitExceededException)
        {
          msg = LocalizableMessage.raw(ex.getLocalizedMessage());
        }
        else
        {
          msg = Utils.getMessageForException((NamingException)ex);
        }
      }
      LocalizableMessage msg = getErrorMsg(ex, arg);
      if (arg != null)
      {
        details.append("<br><br>").append(ERR_CTRL_PANEL_RESOLVING_REFERRAL_DETAILS.get(arg, msg));
@@ -209,4 +154,67 @@
    updateErrorPane(errorPane, title, ColorAndFontConstants.errorTitleFont,
        details.toMessage(), ColorAndFontConstants.defaultFont);
  }

  private LocalizableMessage getErrorMsg(Exception ex, Object arg)
  {
    LocalizableMessage msg = getErrorMsg0(ex, arg);
    if (msg != null)
    {
      return msg;
    }
    else if (ex instanceof ReferralLimitExceededException)
    {
      return LocalizableMessage.raw(ex.getLocalizedMessage());
    }
    else
    {
      return Utils.getMessageForException((NamingException) ex);
    }
  }

  private LocalizableMessage getErrorMsg0(Exception ex, Object arg)
  {
    if (arg == null)
    {
      return null;
    }

    // Maybe arg is an LDAPURL
    try
    {
      LDAPURL url = LDAPURL.decode(arg.toString(), false);
      if (url.getHost() != null)
      {
        String hostPort = url.getHost() + ":" + url.getPort();
        if (ex instanceof ReferralLimitExceededException)
        {
          return LocalizableMessage.raw(ex.getLocalizedMessage());
        }
        else if (ex instanceof NameNotFoundException)
        {
          return ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL.get(arg, hostPort);
        }
        else
        {
          return getMessageForException((NamingException) ex, hostPort);
        }
      }
      else if (ex instanceof ReferralLimitExceededException)
      {
        return LocalizableMessage.raw(ex.getLocalizedMessage());
      }
      else if (ex instanceof NameNotFoundException)
      {
        return ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL_NO_HOST.get(arg);
      }
      else
      {
        return Utils.getMessageForException((NamingException) ex);
      }
    }
    catch (Throwable t)
    {
      return null;
    }
  }
}

 opendj-server-legacy/src/main/java/org/opends/guitools/controlpanel/ui/NewGroupPanel.java

@@ -242,9 +242,9 @@
        {
          LDAPURL.decode(f, true);
        }
        catch (OpenDsException ode)
        catch (LocalizedIllegalArgumentException | OpenDsException e)
        {
          errors.add(ERR_CTRL_PANEL_GROUP_FILTER_NOT_VALID.get(ode.getMessageObject()));
          errors.add(ERR_CTRL_PANEL_GROUP_FILTER_NOT_VALID.get(e.getMessageObject()));
        }
      }
      if (errorFound)

 opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/GroupDN.java

@@ -87,10 +87,8 @@
               String value = ldapURLMatcher.group(ldapURLPos).trim();
               DN dn=LDAPURL.decode(value, true).getBaseDN();
               groupDNs.add(dn);
            } catch (DirectoryException ex) {
                LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(
                    ex.getMessageObject());
                throw new AciException(message);
            } catch (LocalizedIllegalArgumentException | DirectoryException e) {
                throw new AciException(WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(e.getMessageObject()));
            }
        }
        return new GroupDN(type, groupDNs);

 opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/ParentInheritance.java

@@ -17,6 +17,7 @@
package org.opends.server.authorization.dseecompat;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;

import static org.opends.messages.AccessControlMessages.*;
import static org.opends.server.authorization.dseecompat.Aci.*;
@@ -176,10 +177,8 @@
                throw new AciException(message);
              }
              attrTypeStr=attrs.iterator().next();
            } catch (DirectoryException ex) {
              LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_USERATTR_URL.get(
                  ex.getMessageObject());
              throw new AciException(message);
            } catch (LocalizedIllegalArgumentException | DirectoryException ex) {
              throw new AciException(WARN_ACI_SYNTAX_INVALID_USERATTR_URL.get(ex.getMessageObject()));
            }
          }
          numLevels=1;

 opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/Target.java

@@ -18,6 +18,7 @@

import java.util.regex.Pattern;

import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.LDAPURL;
@@ -86,7 +87,7 @@
              }
          }
        }
        catch (DirectoryException e){
        catch (LocalizedIllegalArgumentException | DirectoryException e) {
            throw new AciException(WARN_ACI_SYNTAX_INVALID_TARGETKEYWORD_EXPRESSION.get(target));
        }
    }

 opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserAttr.java

@@ -20,6 +20,7 @@
import java.util.List;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
@@ -227,7 +228,7 @@
                LDAPURL url;
                try {
                   url = LDAPURL.decode(v.toString(), true);
                } catch (DirectoryException e) {
                } catch (LocalizedIllegalArgumentException | DirectoryException e) {
                    break;
                }
                matched=UserDN.evalURL(evalCtx, url);

 opendj-server-legacy/src/main/java/org/opends/server/authorization/dseecompat/UserDN.java

@@ -20,33 +20,28 @@
import java.util.LinkedList;
import java.util.List;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.core.DirectoryServer;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.types.*;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.Attribute;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.LDAPURL;
import org.opends.server.types.SearchFilter;

import static org.opends.messages.AccessControlMessages.*;

/**
 * This class represents the userdn keyword in a bind rule.
 */
/** This class represents the userdn keyword in a bind rule. */
public class UserDN implements KeywordBindRule {

    /**
     * A dummy URL for invalid URLs such as: all, parent, anyone, self.
     */
    private static String urlStr="ldap:///";
    /** A dummy URL for invalid URLs such as: all, parent, anyone, self. */
    private static final String URL_STR = "ldap:///";

    /**
     * This list holds a list of objects representing a EnumUserDNType
     * URL mapping.
     */
    /** This list holds a list of objects representing a EnumUserDNType URL mapping. */
    private List<UserDNTypeURL> urlList;

    /** Enumeration of the userdn operation type. */
    private EnumBindRuleType type;

@@ -94,13 +89,10 @@
            LDAPURL url;
            try {
               url=LDAPURL.decode(value.toString(), true);
            } catch (DirectoryException de) {
                LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(
                    de.getMessageObject());
                throw new AciException(message);
            } catch (LocalizedIllegalArgumentException | DirectoryException e) {
                throw new AciException(WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(e.getMessageObject()));
            }
            UserDNTypeURL dnTypeURL=new UserDNTypeURL(userDNType, url);
            urlList.add(dnTypeURL);
            urlList.add(new UserDNTypeURL(userDNType, url));
        }
        return new UserDN(type, urlList);
      }
@@ -144,16 +136,16 @@
            type = EnumUserDNType.URL;
        } else  if(str.equalsIgnoreCase("ldap:///self")) {
            type = EnumUserDNType.SELF;
            bldr.replace(0, bldr.length(), urlStr);
            bldr.replace(0, bldr.length(), URL_STR);
        } else if(str.equalsIgnoreCase("ldap:///anyone")) {
            type = EnumUserDNType.ANYONE;
            bldr.replace(0, bldr.length(), urlStr);
            bldr.replace(0, bldr.length(), URL_STR);
        } else if(str.equalsIgnoreCase("ldap:///parent")) {
            type = EnumUserDNType.PARENT;
            bldr.replace(0, bldr.length(), urlStr);
            bldr.replace(0, bldr.length(), URL_STR);
        } else if(str.equalsIgnoreCase("ldap:///all")) {
            type = EnumUserDNType.ALL;
            bldr.replace(0, bldr.length(), urlStr);
            bldr.replace(0, bldr.length(), URL_STR);
        } else if (str.contains("*")) {
            type = EnumUserDNType.DNPATTERN;
        } else {
@@ -409,7 +401,7 @@
        buffer.append(this.type.getType());
        for (UserDNTypeURL url : this.urlList) {
            buffer.append("\"");
            buffer.append(urlStr);
            buffer.append(URL_STR);
            buffer.append(url.getUserDNType().toString().toLowerCase());
            buffer.append("\"");
        }

 opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/DN2URI.java

@@ -16,6 +16,7 @@
 */
package org.opends.server.backends.pluggable;

import static org.forgerock.opendj.ldap.SearchScope.*;
import static org.opends.messages.BackendMessages.*;
import static org.opends.server.backends.pluggable.DnKeyFormat.*;
import static org.opends.server.util.ServerConstants.*;
@@ -518,7 +519,7 @@
          }
        }
      }
      catch (DirectoryException e)
      catch (LocalizedIllegalArgumentException | DirectoryException e)
      {
        logger.traceException(e);
        // Return the non-LDAP URI as is.
@@ -621,7 +622,7 @@
      {
        // We have found a subordinate referral.
        // Make sure the referral is within scope.
        if (searchOp.getScope() == SearchScope.SINGLE_LEVEL
        if (searchOp.getScope() == SINGLE_LEVEL
            && DnKeyFormat.findDNKeyParent(cursor.getKey()) != baseDN.length())
        {
          success = cursor.next();
@@ -670,7 +671,6 @@
      try
      {
        LDAPURL ldapurl = LDAPURL.decode(uri, false);

        if ("ldap".equalsIgnoreCase(ldapurl.getScheme()))
        {
          if (ldapurl.getBaseDN().isRootDN())
@@ -678,19 +678,12 @@
            ldapurl.setBaseDN(dn);
          }
          ldapurl.getAttributes().clear();
          if (scope == SearchScope.SINGLE_LEVEL)
          {
            ldapurl.setScope(SearchScope.BASE_OBJECT);
          }
          else
          {
            ldapurl.setScope(SearchScope.WHOLE_SUBTREE);
          }
          ldapurl.setScope(scope == SINGLE_LEVEL ? BASE_OBJECT : WHOLE_SUBTREE);
          ldapurl.setFilter(null);
          uri = ldapurl.toString();
        }
      }
      catch (DirectoryException e)
      catch (LocalizedIllegalArgumentException | DirectoryException e)
      {
        logger.traceException(e);
        // Return the non-LDAP URI as is.

 opendj-server-legacy/src/main/java/org/opends/server/extensions/DynamicGroup.java

@@ -23,9 +23,11 @@
import java.util.Set;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.opends.server.admin.std.server.DynamicGroupImplementationCfg;
@@ -33,7 +35,6 @@
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ServerContext;
import org.opends.server.types.Attribute;
import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.DirectoryConfig;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
@@ -135,10 +136,10 @@
        {
          memberURLs.add(LDAPURL.decode(v.toString(), true));
        }
        catch (DirectoryException de)
        catch (LocalizedIllegalArgumentException | DirectoryException e)
        {
          logger.traceException(de);
          logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v, groupEntry.getName(), de.getMessageObject());
          logger.traceException(e);
          logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v, groupEntry.getName(), e.getMessageObject());
        }
      }
    }

			@@ -33,6 +33,7 @@
			import javax.swing.SwingUtilities;
			import javax.swing.tree.TreeNode;

			import org.forgerock.i18n.LocalizedIllegalArgumentException;
			import org.forgerock.opendj.ldap.DN;
			import org.forgerock.opendj.ldap.RDN;
			import org.forgerock.opendj.ldap.SearchScope;
			@@ -562,7 +563,7 @@
			catch (InterruptedNamingException x) {
			throwAbandonIfNeeded(x);
			}
			catch (NamingException \| DirectoryException x) {
			catch (NamingException \| LocalizedIllegalArgumentException \| DirectoryException x) {
			lastException = x;
			lastExceptionArg = referral[i];
			}

			@@ -12,9 +12,8 @@
			* information: "Portions Copyright [year] [name of copyright owner]".
			*
			* Copyright 2008-2010 Sun Microsystems, Inc.
			* Portions Copyright 2014 ForgeRock AS.
			* Portions Copyright 2014-2016 ForgeRock AS.
			*/

			package org.opends.guitools.controlpanel.ui;

			import java.awt.Component;
			@@ -37,9 +36,7 @@

			import static org.opends.messages.AdminToolMessages.*;

			/**
			* The panel that is displayed when there is an error searching an entry.
			*/
			/** The panel that is displayed when there is an error searching an entry. */
			public class ErrorSearchingEntryPanel extends StatusGenericPanel
			{
			private static final long serialVersionUID = -8460172599072631973L;
			@@ -47,7 +44,6 @@
			/** Default constructor. */
			public ErrorSearchingEntryPanel()
			{
			super();
			GridBagConstraints gbc = new GridBagConstraints();
			gbc.gridx = 0;
			gbc.gridy = 0;
			@@ -135,58 +131,7 @@
			if (ex instanceof NamingException)
			{
			Object arg = error.getArg();
			LocalizableMessage msg = null;
			if (arg != null)
			{
			// Maybe is the LDAPURL
			try
			{
			LDAPURL url = LDAPURL.decode(arg.toString(), false);
			if (url.getHost() != null)
			{
			String hostPort = url.getHost()+":"+url.getPort();
			if (ex instanceof ReferralLimitExceededException)
			{
			msg = LocalizableMessage.raw(ex.getLocalizedMessage());
			}
			else if (ex instanceof NameNotFoundException)
			{
			msg = ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL.get(arg, hostPort);
			}
			else
			{
			msg = getMessageForException((NamingException) ex, hostPort);
			}
			}
			else if (ex instanceof ReferralLimitExceededException)
			{
			msg = LocalizableMessage.raw(ex.getLocalizedMessage());
			}
			else if (ex instanceof NameNotFoundException)
			{
			msg = ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL_NO_HOST.get(arg);
			}
			else
			{
			msg = Utils.getMessageForException((NamingException)ex);
			}
			}
			catch (Throwable t)
			{
			}
			}

			if (msg == null)
			{
			if (ex instanceof ReferralLimitExceededException)
			{
			msg = LocalizableMessage.raw(ex.getLocalizedMessage());
			}
			else
			{
			msg = Utils.getMessageForException((NamingException)ex);
			}
			}
			LocalizableMessage msg = getErrorMsg(ex, arg);
			if (arg != null)
			{
			details.append("<br><br>").append(ERR_CTRL_PANEL_RESOLVING_REFERRAL_DETAILS.get(arg, msg));
			@@ -209,4 +154,67 @@
			updateErrorPane(errorPane, title, ColorAndFontConstants.errorTitleFont,
			details.toMessage(), ColorAndFontConstants.defaultFont);
			}

			private LocalizableMessage getErrorMsg(Exception ex, Object arg)
			{
			LocalizableMessage msg = getErrorMsg0(ex, arg);
			if (msg != null)
			{
			return msg;
			}
			else if (ex instanceof ReferralLimitExceededException)
			{
			return LocalizableMessage.raw(ex.getLocalizedMessage());
			}
			else
			{
			return Utils.getMessageForException((NamingException) ex);
			}
			}

			private LocalizableMessage getErrorMsg0(Exception ex, Object arg)
			{
			if (arg == null)
			{
			return null;
			}

			// Maybe arg is an LDAPURL
			try
			{
			LDAPURL url = LDAPURL.decode(arg.toString(), false);
			if (url.getHost() != null)
			{
			String hostPort = url.getHost() + ":" + url.getPort();
			if (ex instanceof ReferralLimitExceededException)
			{
			return LocalizableMessage.raw(ex.getLocalizedMessage());
			}
			else if (ex instanceof NameNotFoundException)
			{
			return ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL.get(arg, hostPort);
			}
			else
			{
			return getMessageForException((NamingException) ex, hostPort);
			}
			}
			else if (ex instanceof ReferralLimitExceededException)
			{
			return LocalizableMessage.raw(ex.getLocalizedMessage());
			}
			else if (ex instanceof NameNotFoundException)
			{
			return ERR_CTRL_PANEL_COULD_NOT_FIND_PROVIDED_ENTRY_IN_REFERRAL_NO_HOST.get(arg);
			}
			else
			{
			return Utils.getMessageForException((NamingException) ex);
			}
			}
			catch (Throwable t)
			{
			return null;
			}
			}
			}

			@@ -242,9 +242,9 @@
			{
			LDAPURL.decode(f, true);
			}
			catch (OpenDsException ode)
			catch (LocalizedIllegalArgumentException \| OpenDsException e)
			{
			errors.add(ERR_CTRL_PANEL_GROUP_FILTER_NOT_VALID.get(ode.getMessageObject()));
			errors.add(ERR_CTRL_PANEL_GROUP_FILTER_NOT_VALID.get(e.getMessageObject()));
			}
			}
			if (errorFound)

			@@ -87,10 +87,8 @@
			String value = ldapURLMatcher.group(ldapURLPos).trim();
			DN dn=LDAPURL.decode(value, true).getBaseDN();
			groupDNs.add(dn);
			} catch (DirectoryException ex) {
			LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(
			ex.getMessageObject());
			throw new AciException(message);
			} catch (LocalizedIllegalArgumentException \| DirectoryException e) {
			throw new AciException(WARN_ACI_SYNTAX_INVALID_GROUPDN_URL.get(e.getMessageObject()));
			}
			}
			return new GroupDN(type, groupDNs);

			@@ -17,6 +17,7 @@
			package org.opends.server.authorization.dseecompat;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.LocalizedIllegalArgumentException;

			import static org.opends.messages.AccessControlMessages.*;
			import static org.opends.server.authorization.dseecompat.Aci.*;
			@@ -176,10 +177,8 @@
			throw new AciException(message);
			}
			attrTypeStr=attrs.iterator().next();
			} catch (DirectoryException ex) {
			LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_USERATTR_URL.get(
			ex.getMessageObject());
			throw new AciException(message);
			} catch (LocalizedIllegalArgumentException \| DirectoryException ex) {
			throw new AciException(WARN_ACI_SYNTAX_INVALID_USERATTR_URL.get(ex.getMessageObject()));
			}
			}
			numLevels=1;

			@@ -18,6 +18,7 @@

			import java.util.regex.Pattern;

			import org.forgerock.i18n.LocalizedIllegalArgumentException;
			import org.forgerock.opendj.ldap.DN;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.LDAPURL;
			@@ -86,7 +87,7 @@
			}
			}
			}
			catch (DirectoryException e){
			catch (LocalizedIllegalArgumentException \| DirectoryException e) {
			throw new AciException(WARN_ACI_SYNTAX_INVALID_TARGETKEYWORD_EXPRESSION.get(target));
			}
			}

			@@ -20,6 +20,7 @@
			import java.util.List;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.LocalizedIllegalArgumentException;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DN;
			import org.forgerock.opendj.ldap.SearchScope;
			@@ -227,7 +228,7 @@
			LDAPURL url;
			try {
			url = LDAPURL.decode(v.toString(), true);
			} catch (DirectoryException e) {
			} catch (LocalizedIllegalArgumentException \| DirectoryException e) {
			break;
			}
			matched=UserDN.evalURL(evalCtx, url);

			@@ -20,33 +20,28 @@
			import java.util.LinkedList;
			import java.util.List;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.LocalizedIllegalArgumentException;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DN;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.opends.server.core.DirectoryServer;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.types.*;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.types.Attribute;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			import org.opends.server.types.LDAPURL;
			import org.opends.server.types.SearchFilter;

			import static org.opends.messages.AccessControlMessages.*;

			/**
			* This class represents the userdn keyword in a bind rule.
			*/
			/** This class represents the userdn keyword in a bind rule. */
			public class UserDN implements KeywordBindRule {

			/**
			* A dummy URL for invalid URLs such as: all, parent, anyone, self.
			*/
			private static String urlStr="ldap:///";
			/** A dummy URL for invalid URLs such as: all, parent, anyone, self. */
			private static final String URL_STR = "ldap:///";

			/**
			* This list holds a list of objects representing a EnumUserDNType
			* URL mapping.
			*/
			/** This list holds a list of objects representing a EnumUserDNType URL mapping. */
			private List<UserDNTypeURL> urlList;

			/** Enumeration of the userdn operation type. */
			private EnumBindRuleType type;

			@@ -94,13 +89,10 @@
			LDAPURL url;
			try {
			url=LDAPURL.decode(value.toString(), true);
			} catch (DirectoryException de) {
			LocalizableMessage message = WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(
			de.getMessageObject());
			throw new AciException(message);
			} catch (LocalizedIllegalArgumentException \| DirectoryException e) {
			throw new AciException(WARN_ACI_SYNTAX_INVALID_USERDN_URL.get(e.getMessageObject()));
			}
			UserDNTypeURL dnTypeURL=new UserDNTypeURL(userDNType, url);
			urlList.add(dnTypeURL);
			urlList.add(new UserDNTypeURL(userDNType, url));
			}
			return new UserDN(type, urlList);
			}
			@@ -144,16 +136,16 @@
			type = EnumUserDNType.URL;
			} else if(str.equalsIgnoreCase("ldap:///self")) {
			type = EnumUserDNType.SELF;
			bldr.replace(0, bldr.length(), urlStr);
			bldr.replace(0, bldr.length(), URL_STR);
			} else if(str.equalsIgnoreCase("ldap:///anyone")) {
			type = EnumUserDNType.ANYONE;
			bldr.replace(0, bldr.length(), urlStr);
			bldr.replace(0, bldr.length(), URL_STR);
			} else if(str.equalsIgnoreCase("ldap:///parent")) {
			type = EnumUserDNType.PARENT;
			bldr.replace(0, bldr.length(), urlStr);
			bldr.replace(0, bldr.length(), URL_STR);
			} else if(str.equalsIgnoreCase("ldap:///all")) {
			type = EnumUserDNType.ALL;
			bldr.replace(0, bldr.length(), urlStr);
			bldr.replace(0, bldr.length(), URL_STR);
			} else if (str.contains("*")) {
			type = EnumUserDNType.DNPATTERN;
			} else {
			@@ -409,7 +401,7 @@
			buffer.append(this.type.getType());
			for (UserDNTypeURL url : this.urlList) {
			buffer.append("\"");
			buffer.append(urlStr);
			buffer.append(URL_STR);
			buffer.append(url.getUserDNType().toString().toLowerCase());
			buffer.append("\"");
			}

			@@ -16,6 +16,7 @@
			*/
			package org.opends.server.backends.pluggable;

			import static org.forgerock.opendj.ldap.SearchScope.*;
			import static org.opends.messages.BackendMessages.*;
			import static org.opends.server.backends.pluggable.DnKeyFormat.*;
			import static org.opends.server.util.ServerConstants.*;
			@@ -518,7 +519,7 @@
			}
			}
			}
			catch (DirectoryException e)
			catch (LocalizedIllegalArgumentException \| DirectoryException e)
			{
			logger.traceException(e);
			// Return the non-LDAP URI as is.
			@@ -621,7 +622,7 @@
			{
			// We have found a subordinate referral.
			// Make sure the referral is within scope.
			if (searchOp.getScope() == SearchScope.SINGLE_LEVEL
			if (searchOp.getScope() == SINGLE_LEVEL
			&& DnKeyFormat.findDNKeyParent(cursor.getKey()) != baseDN.length())
			{
			success = cursor.next();
			@@ -670,7 +671,6 @@
			try
			{
			LDAPURL ldapurl = LDAPURL.decode(uri, false);

			if ("ldap".equalsIgnoreCase(ldapurl.getScheme()))
			{
			if (ldapurl.getBaseDN().isRootDN())
			@@ -678,19 +678,12 @@
			ldapurl.setBaseDN(dn);
			}
			ldapurl.getAttributes().clear();
			if (scope == SearchScope.SINGLE_LEVEL)
			{
			ldapurl.setScope(SearchScope.BASE_OBJECT);
			}
			else
			{
			ldapurl.setScope(SearchScope.WHOLE_SUBTREE);
			}
			ldapurl.setScope(scope == SINGLE_LEVEL ? BASE_OBJECT : WHOLE_SUBTREE);
			ldapurl.setFilter(null);
			uri = ldapurl.toString();
			}
			}
			catch (DirectoryException e)
			catch (LocalizedIllegalArgumentException \| DirectoryException e)
			{
			logger.traceException(e);
			// Return the non-LDAP URI as is.

			@@ -23,9 +23,11 @@
			import java.util.Set;

			import org.forgerock.i18n.LocalizableMessage;
			import org.forgerock.i18n.LocalizedIllegalArgumentException;
			import org.forgerock.i18n.slf4j.LocalizedLogger;
			import org.forgerock.opendj.config.server.ConfigException;
			import org.forgerock.opendj.ldap.ByteString;
			import org.forgerock.opendj.ldap.DN;
			import org.forgerock.opendj.ldap.SearchScope;
			import org.forgerock.opendj.ldap.schema.AttributeType;
			import org.opends.server.admin.std.server.DynamicGroupImplementationCfg;
			@@ -33,7 +35,6 @@
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.core.ServerContext;
			import org.opends.server.types.Attribute;
			import org.forgerock.opendj.ldap.DN;
			import org.opends.server.types.DirectoryConfig;
			import org.opends.server.types.DirectoryException;
			import org.opends.server.types.Entry;
			@@ -135,10 +136,10 @@
			{
			memberURLs.add(LDAPURL.decode(v.toString(), true));
			}
			catch (DirectoryException de)
			catch (LocalizedIllegalArgumentException \| DirectoryException e)
			{
			logger.traceException(de);
			logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v, groupEntry.getName(), de.getMessageObject());
			logger.traceException(e);
			logger.error(ERR_DYNAMICGROUP_CANNOT_DECODE_MEMBERURL, v, groupEntry.getName(), e.getMessageObject());
			}
			}
			}