From 7469f277aaff12b15be7e8fbc302b216d5e1adf3 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 26 Sep 2007 02:19:37 +0000
Subject: [PATCH] Update the appropriate identity mappers and certificate mappers to use the new isIndexed API in the backend to ensure that all referenced attributes are indexed for equality.
---
opends/src/server/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapper.java | 53 ++++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 48 insertions(+), 5 deletions(-)
diff --git a/opends/src/server/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapper.java b/opends/src/server/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapper.java
index 5650705..a618f49 100644
--- a/opends/src/server/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapper.java
+++ b/opends/src/server/org/opends/server/extensions/SubjectDNToUserAttributeCertificateMapper.java
@@ -25,7 +25,6 @@
* Portions Copyright 2007 Sun Microsystems, Inc.
*/
package org.opends.server.extensions;
-import org.opends.messages.Message;
@@ -34,11 +33,14 @@
import javax.security.auth.x500.X500Principal;
import java.util.Collection;
import java.util.List;
+import java.util.Set;
+import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.CertificateMapperCfg;
import org.opends.server.admin.std.server.
SubjectDNToUserAttributeCertificateMapperCfg;
+import org.opends.server.api.Backend;
import org.opends.server.api.CertificateMapper;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
@@ -52,15 +54,15 @@
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DN;
import org.opends.server.types.Entry;
+import org.opends.server.types.IndexType;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;
-import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.messages.ExtensionMessages.*;
-
+import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.server.util.StaticUtils.*;
@@ -114,6 +116,27 @@
currentConfig = configuration;
configEntryDN = configuration.dn();
+
+
+ // Make sure that the subject attribute is configured for equality in all
+ // appropriate backends.
+ Set<DN> cfgBaseDNs = configuration.getUserBaseDN();
+ if ((cfgBaseDNs == null) || cfgBaseDNs.isEmpty())
+ {
+ cfgBaseDNs = DirectoryServer.getPublicNamingContexts().keySet();
+ }
+
+ AttributeType t = configuration.getSubjectAttribute();
+ for (DN baseDN : cfgBaseDNs)
+ {
+ Backend b = DirectoryServer.getBackend(baseDN);
+ if ((b != null) && (! b.isIndexed(t, IndexType.EQUALITY)))
+ {
+ throw new ConfigException(ERR_SDTUACM_ATTR_UNINDEXED.get(
+ configuration.dn().toString(),
+ t.getNameOrOID(), b.getBackendID()));
+ }
+ }
}
@@ -239,9 +262,29 @@
configuration,
List<Message> unacceptableReasons)
{
- // If we've gotten to this point, then the configuration should be
- // acceptable.
boolean configAcceptable = true;
+
+ // Make sure that the subject attribute is configured for equality in all
+ // appropriate backends.
+ Set<DN> cfgBaseDNs = configuration.getUserBaseDN();
+ if ((cfgBaseDNs == null) || cfgBaseDNs.isEmpty())
+ {
+ cfgBaseDNs = DirectoryServer.getPublicNamingContexts().keySet();
+ }
+
+ AttributeType t = configuration.getSubjectAttribute();
+ for (DN baseDN : cfgBaseDNs)
+ {
+ Backend b = DirectoryServer.getBackend(baseDN);
+ if ((b != null) && (! b.isIndexed(t, IndexType.EQUALITY)))
+ {
+ configAcceptable = false;
+ unacceptableReasons.add(ERR_SDTUACM_ATTR_UNINDEXED.get(
+ configuration.dn().toString(),
+ t.getNameOrOID(), b.getBackendID()));
+ }
+ }
+
return configAcceptable;
}
--
Gitblit v1.10.0