From 4a4a8540f0b64feff6934c3215c6f896c9561c7d Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 08 Feb 2007 22:27:58 +0000
Subject: [PATCH] Update the AuthenticationInfo object to store the entries for the authentication and authorization identities rather than just their DNs.  This includes a mechanism to keep those entries up to date as changes occur in the server, and also includes a hook for ClientConnection subclasses to perform processing whenever a connection is terminated.

---
 opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java |   36 +++++++++++++++++++++++-------------
 1 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
index 518d547..4af026e 100644
--- a/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
+++ b/opends/src/server/org/opends/server/controls/ProxiedAuthV1Control.java
@@ -327,27 +327,37 @@
 
 
   /**
-   * Retrieves the authorization DN for this proxied authorization V1 control
-   * only if it references a valid Directory Server user entry.  It will also
-   * perform any necessary password policy checks to ensure that the specified
-   * user account is suitable for use in performing this processing.
+   * Retrieves the authorization entry for this proxied authorization V1
+   * control.  It will also perform any necessary password policy checks to
+   * ensure that the associated user account is suitable for use in performing
+   * this processing.
    *
-   * @return  The validated authorization DN for this proxied authorization V1
-   *          control.
+   * @return  The entry for user specified as the authorization identity in this
+   *          proxied authorization V1 control, or {@code null} if the
+   *          authorization DN is the null DN.
    *
-   * @throws  DirectoryException  If an error occurs while attempting to make
-   *                              the determination, or if the target user does
-   *                              not exist.
+   * @throws  DirectoryException  If the target user does not exist or is not
+   *                              available for use, or if a problem occurs
+   *                              while making the determination.
    */
-  public DN getValidatedAuthorizationDN()
+  public Entry getAuthorizationEntry()
          throws DirectoryException
   {
-    assert debugEnter(CLASS_NAME, "getValidatedAuthorizationDN");
+    assert debugEnter(CLASS_NAME, "getAuthorizationEntry");
 
     DN authzDN = getAuthorizationDN();
     if (authzDN.isNullDN())
     {
-      return authzDN;
+      return null;
+    }
+
+
+    // See if the authorization DN is one of the alternate bind DNs for one of
+    // the root users and if so then map it accordingly.
+    DN actualDN = DirectoryServer.getActualRootBindDN(authzDN);
+    if (actualDN != null)
+    {
+      authzDN = actualDN;
     }
 
 
@@ -400,7 +410,7 @@
 
 
       // If we've made it here, then the user is acceptable.
-      return authzDN;
+      return userEntry;
     }
     finally
     {

--
Gitblit v1.10.0