From 8e10e01db64d963c9306fb1f3c07f8bf757724a5 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 21 Jun 2007 01:06:05 +0000
Subject: [PATCH] Support alternate root DN in userdn bind rule keyword. Issue 1578.
---
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
index 5b1028a..fd1161e 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
@@ -32,6 +32,7 @@
import java.util.*;
import org.opends.server.types.*;
+import org.opends.server.core.DirectoryServer;
/**
* This class represents the userdn keyword in a bind rule.
@@ -250,6 +251,20 @@
DN dn = url.getBaseDN();
if (clientDN.equals(dn))
matched = EnumEvalResult.TRUE;
+ else {
+ //This code handles the case where a root dn entry does
+ //not have bypass-acl privilege and the ACI bind rule
+ //userdn DN possible is an alternate root DN.
+ DN actualDN=DirectoryServer.getActualRootBindDN(dn);
+ DN clientActualDN=
+ DirectoryServer.getActualRootBindDN(clientDN);
+ if(actualDN != null)
+ dn=actualDN;
+ if(clientActualDN != null)
+ clientDN=clientActualDN;
+ if(clientDN.equals(dn))
+ matched=EnumEvalResult.TRUE;
+ }
} catch (DirectoryException ex) {
//TODO add message
}
--
Gitblit v1.10.0