From 39cfb739395cca91589c958fda4790c87ce0c9c8 Mon Sep 17 00:00:00 2001
From: Nicolas Capponi <nicolas.capponi@forgerock.com>
Date: Fri, 02 Jan 2015 14:42:16 +0000
Subject: [PATCH] OPENDJ-1585 Re-implement DN normalization in server

---
 opendj3-server-dev/src/server/org/opends/server/extensions/IsMemberOfVirtualAttributeProvider.java |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/opendj3-server-dev/src/server/org/opends/server/extensions/IsMemberOfVirtualAttributeProvider.java b/opendj3-server-dev/src/server/org/opends/server/extensions/IsMemberOfVirtualAttributeProvider.java
index e69a4ad..fbedcdd 100644
--- a/opendj3-server-dev/src/server/org/opends/server/extensions/IsMemberOfVirtualAttributeProvider.java
+++ b/opendj3-server-dev/src/server/org/opends/server/extensions/IsMemberOfVirtualAttributeProvider.java
@@ -22,7 +22,7 @@
  *
  *
  *      Copyright 2008-2009 Sun Microsystems, Inc.
- *      Portions Copyright 2011-2014 ForgeRock AS
+ *      Portions Copyright 2011-2015 ForgeRock AS
  */
 package org.opends.server.extensions;
 
@@ -260,10 +260,10 @@
     {
       // Check for nested groups to see if we need to keep track of returned entries
       List<DN> nestedGroupsDNs = group.getNestedGroupDNs();
-      HashSet<String> returnedDNs = null;
+      Set<ByteString> returnedDNs = null;
       if (!nestedGroupsDNs.isEmpty())
       {
-        returnedDNs = new HashSet<String>();
+        returnedDNs = new HashSet<ByteString>();
       }
       if (!returnGroupMembers(searchOperation, group.getMembers(), returnedDNs))
       {
@@ -289,7 +289,7 @@
    *
    * @param searchOperation the search operation being processed.
    * @param memberList the list of members of the group being processed.
-   * @param returnedDNs a set to store the DNs of entries already returned,
+   * @param returnedDNs a set to store the normalized DNs of entries already returned,
    *                    null if there's no need to track for entries.
    * @return  <CODE>true</CODE> if the caller should continue processing the
    *          search request and sending additional entries and references, or
@@ -299,7 +299,7 @@
    *          the entry to the client and the search should be terminated.
    */
   private boolean returnGroupMembers(SearchOperation searchOperation,
-                                  MemberList memberList, Set<String> returnedDNs)
+                                  MemberList memberList, Set<ByteString> returnedDNs)
           throws DirectoryException
   {
     DN baseDN = searchOperation.getBaseDN();
@@ -313,8 +313,9 @@
         if (e.matchesBaseAndScope(baseDN, scope) &&
             filter.matchesEntry(e))
         {
-          if (returnedDNs == null
-              || returnedDNs.add(e.getName().toNormalizedString()))
+          // The set of returned DNs is only used for detecting set membership
+          // so it's ok to use the irreversible representation of the DN
+          if (returnedDNs == null || returnedDNs.add(e.getName().toIrreversibleNormalizedByteString()))
           {
             if (!searchOperation.returnEntry(e, null))
             {

--
Gitblit v1.10.0