From f7e139bc4026245dddda55b9f1e713f168b8e786 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Fri, 15 Jun 2007 22:59:08 +0000
Subject: [PATCH] Fix userattr bind rule GROUPDN keyword when using a url search failure . Issue 1596.
---
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/ParentInheritance.java | 55 +++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 49 insertions(+), 6 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/ParentInheritance.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/ParentInheritance.java
index 612e677..3b8a76e 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/ParentInheritance.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/ParentInheritance.java
@@ -31,11 +31,15 @@
import static org.opends.server.authorization.dseecompat.Aci.*;
import static org.opends.server.messages.MessageHandler.getMessage;
import java.util.StringTokenizer;
+import java.util.LinkedHashSet;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.AttributeType;
+import org.opends.server.types.DN;
+import org.opends.server.types.LDAPURL;
+import org.opends.server.types.DirectoryException;
/**
* This class is used by USERDN and GROUPDN userattr types
@@ -75,6 +79,13 @@
*/
private String attrTypeStr;
+ /*
+ * The base DN of a URL parsed from the rule. Used to make sure groupdn
+ * are under this suffix. Originally a way to search all nested groups
+ * under this suffix, so the behavior is slightly different.
+ */
+ private DN baseDN=null;
+
/**
* Construct a class from the inheritance pattern. The skipParsing boolean
@@ -181,12 +192,35 @@
}
}
} else {
- if((this.attributeType =
- DirectoryServer.getAttributeType(pattern)) == null)
- this.attributeType =
- DirectoryServer.getDefaultAttributeType(pattern);
- numLevels=1;
- levels[0]=0;
+ attrTypeStr=pattern;
+ if(pattern.startsWith(NULL_LDAP_URL)) {
+ try {
+ LDAPURL url=LDAPURL.decode(pattern, true);
+ LinkedHashSet<String>attrs=url.getAttributes();
+ if(attrs.size() != 1) {
+ int msgID = MSGID_ACI_SYNTAX_INVALID_USERATTR_ATTR_URL;
+ String message = getMessage(msgID, pattern);
+ throw new AciException(msgID, pattern);
+ }
+ baseDN=url.getBaseDN();
+ if(baseDN.isNullDN()){
+ int msgID = MSGID_ACI_SYNTAX_INVALID_USERATTR_BASEDN_URL;
+ String message = getMessage(msgID, pattern);
+ throw new AciException(msgID, message);
+ }
+ attrTypeStr=attrs.iterator().next();
+ } catch (DirectoryException ex) {
+ int msgID = MSGID_ACI_SYNTAX_INVALID_USERATTR_URL;
+ String message = getMessage(msgID, ex.getErrorMessage());
+ throw new AciException(msgID, message);
+ }
+ }
+ if((this.attributeType =
+ DirectoryServer.getAttributeType(attrTypeStr)) == null)
+ this.attributeType =
+ DirectoryServer.getDefaultAttributeType(attrTypeStr);
+ numLevels=1;
+ levels[0]=0;
}
}
@@ -221,5 +255,14 @@
public String getAttrTypeStr() {
return attrTypeStr;
}
+
+ /**
+ * Return the DN that groupdn must be under.
+ *
+ * @return DN that groupdn must be under.
+ */
+ public DN getBaseDN() {
+ return baseDN;
+ }
}
--
Gitblit v1.10.0