From 2021fe3e69527d25fb1b2dc67e4e931e6a56260a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Fri, 13 Apr 2007 15:59:03 +0000
Subject: [PATCH] Update the member virtual attribute implementation so that it provides a mechanism for preventing the entire member list from being returned, which can be a very expensive operation. When running with this configuration, the attribute will handle requests that determine whether a given user is a member of the group, but will not list the entire set of membership.
---
opends/src/server/org/opends/server/extensions/MemberVirtualAttributeProvider.java | 47 ++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/opends/src/server/org/opends/server/extensions/MemberVirtualAttributeProvider.java b/opends/src/server/org/opends/server/extensions/MemberVirtualAttributeProvider.java
index 6bbf9c1..1432512 100644
--- a/opends/src/server/org/opends/server/extensions/MemberVirtualAttributeProvider.java
+++ b/opends/src/server/org/opends/server/extensions/MemberVirtualAttributeProvider.java
@@ -32,7 +32,8 @@
import java.util.LinkedHashSet;
import java.util.List;
-import org.opends.server.admin.std.server.VirtualAttributeCfg;
+import org.opends.server.admin.server.ConfigurationChangeListener;
+import org.opends.server.admin.std.server.MemberVirtualAttributeCfg;
import org.opends.server.api.Group;
import org.opends.server.api.VirtualAttributeProvider;
import org.opends.server.config.ConfigException;
@@ -42,6 +43,7 @@
import org.opends.server.types.AttributeValue;
import org.opends.server.types.ByteString;
import org.opends.server.types.ConditionResult;
+import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
@@ -62,12 +64,16 @@
* uniqueMember attribute.
*/
public class MemberVirtualAttributeProvider
- extends VirtualAttributeProvider<VirtualAttributeCfg>
+ extends VirtualAttributeProvider<MemberVirtualAttributeCfg>
+ implements ConfigurationChangeListener<MemberVirtualAttributeCfg>
{
// The attribute type used to indicate which target group should be used to
// obtain the member list.
private AttributeType targetGroupType;
+ // The current configuration for this member virtual attribute.
+ private MemberVirtualAttributeCfg currentConfig;
+
/**
@@ -88,9 +94,12 @@
*/
@Override()
public void initializeVirtualAttributeProvider(
- VirtualAttributeCfg configuration)
+ MemberVirtualAttributeCfg configuration)
throws ConfigException, InitializationException
{
+ configuration.addMemberChangeListener(this);
+ currentConfig = configuration;
+
targetGroupType =
DirectoryServer.getAttributeType(ATTR_TARGET_GROUP_DN, true);
}
@@ -115,6 +124,11 @@
public LinkedHashSet<AttributeValue> getValues(Entry entry,
VirtualAttributeRule rule)
{
+ if (! currentConfig.isAllowRetrievingMembership())
+ {
+ return new LinkedHashSet<AttributeValue>(0);
+ }
+
Group g = DirectoryServer.getGroupManager().getGroupInstance(entry.getDN());
if (g == null)
{
@@ -336,5 +350,32 @@
searchOperation.setResultCode(ResultCode.UNWILLING_TO_PERFORM);
return;
}
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean isConfigurationChangeAcceptable(
+ MemberVirtualAttributeCfg configuration,
+ List<String> unacceptableReasons)
+ {
+ // The new configuration should always be acceptable.
+ return true;
+ }
+
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public ConfigChangeResult applyConfigurationChange(
+ MemberVirtualAttributeCfg configuration)
+ {
+ // Just accept the new configuration as-is.
+ currentConfig = configuration;
+
+ return new ConfigChangeResult(ResultCode.SUCCESS, false);
+ }
}
--
Gitblit v1.10.0