From 09b2bb485c8939161985e4542ec791b695e88ed9 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Fri, 15 Jun 2007 22:59:08 +0000
Subject: [PATCH] Fix userattr bind rule GROUPDN keyword when using a url search failure . Issue 1596.
---
opends/src/server/org/opends/server/authorization/dseecompat/GroupDN.java | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/GroupDN.java b/opends/src/server/org/opends/server/authorization/dseecompat/GroupDN.java
index 1107f83..7ffe140 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/GroupDN.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/GroupDN.java
@@ -143,16 +143,22 @@
* @param evalCtx The evaluation context to use in the evaluation.
* @param attributeType The attribute type of the entry to use to get the
* values for the groupd DNs.
+ * @param suffixDN The suffix that the groupDN must be under. If it's null,
+ * then the groupDN can be anywhere in the DIT.
* @return Enumeration evaluation result.
*/
public static EnumEvalResult evaluate (Entry e, AciEvalContext evalCtx,
- AttributeType attributeType) {
+ AttributeType attributeType,
+ DN suffixDN) {
EnumEvalResult matched= EnumEvalResult.FALSE;
List<Attribute> attrs = e.getAttribute(attributeType);
LinkedHashSet<AttributeValue> vals = attrs.get(0).getValues();
for(AttributeValue v : vals) {
try {
DN groupDN=DN.decode(v.getStringValue());
+ if(suffixDN != null &&
+ !groupDN.isDescendantOf(suffixDN))
+ continue;
Group group = groupManager.getGroupInstance(groupDN);
if((group != null) && (evalCtx.isMemberOf(group))) {
matched=EnumEvalResult.TRUE;
--
Gitblit v1.10.0