diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-04-30 10:55:30 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-05-05 14:59:05 -0400 |
commit | f79297ea22cbe880863cfa77dafc99a09eb923ef (patch) | |
tree | b37faa1b0ef4631e23dab6d358fb395a43de3f9e | |
parent | b381c23ea5f3233adbd2e5a16ec124115d1cd936 (diff) | |
download | pki-f79297ea22cbe880863cfa77dafc99a09eb923ef.tar.gz pki-f79297ea22cbe880863cfa77dafc99a09eb923ef.tar.xz pki-f79297ea22cbe880863cfa77dafc99a09eb923ef.zip |
Fixed UGSubsystem.getUser().
Previously the getUser() method in UGSubsystem was using findUsers()
which uses a subtree search to find users. It has been replaced with
a base search which is more accurate since the user DN is known. The
code has also been simplified to merge the two cases where the input
parameter could be a user ID or a DN.
Ticket #920
-rw-r--r-- | base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java | 6 | ||||
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 69 |
2 files changed, 44 insertions, 31 deletions
diff --git a/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java b/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java index 66914feec..cee882a65 100644 --- a/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java +++ b/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java @@ -46,10 +46,10 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp { /** * Retrieves a user from LDAP * - * @param userid the given user id - * @exception EUsrGrpException thrown when failed to find the user + * @param userID the given user ID + * @return the user object or null if user not found */ - public IUser getUser(String userid) throws EUsrGrpException; + public IUser getUser(String userID) throws EUsrGrpException; /** * Searches for users that matches the filter. diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 4eaaa4758..0bdea6319 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -190,45 +190,54 @@ public final class UGSubsystem implements IUGSubsystem { /** * Retrieves a user from LDAP */ - public IUser getUser(String userid) throws EUsrGrpException { - if (userid == null) { + public IUser getUser(String userID) throws EUsrGrpException { + + if (userID == null) { return null; } + String userDN; + + if (userID.indexOf('=') < 0) { // user ID is not a DN + userDN = getUserDN(userID); + + } else { // user ID is a DN + // TODO: use a separate method for user ID and DN + userDN = userID; + } + try { - if (userid.indexOf('=') == -1) { - Enumeration<IUser> e = findUsers(userid); + LDAPConnection ldapconn = null; - if (e != null && e.hasMoreElements()) { - IUser u = e.nextElement(); + try { + ldapconn = getConn(); - return u; - } else { - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); - } - } else { - LDAPConnection ldapconn = null; + // use base search to find the exact user + LDAPSearchResults res = ldapconn.search( + userDN, + LDAPv2.SCOPE_BASE, + "(objectclass=*)", + null, + false); - try { - ldapconn = getConn(); - // read DN - LDAPSearchResults res = - ldapconn.search(userid, - LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false); - Enumeration<IUser> e = buildUsers(res); - - if (e.hasMoreElements()) { - return e.nextElement(); - } - } finally { - if (ldapconn != null) - returnConn(ldapconn); - } + // throw EUsrGrpException if result is empty + Enumeration<IUser> e = buildUsers(res); + + // user found + return e.nextElement(); + + } finally { + if (ldapconn != null) + returnConn(ldapconn); } + } catch (Exception e) { + // currently this will catch all exceptions + // TODO: catch user not found exception only, rethrow everything else log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_GET_USER", e.toString())); - // throws... } + + // user not found or other error occurs return null; } @@ -1902,6 +1911,10 @@ public final class UGSubsystem implements IUGSubsystem { return "ou=People," + mBaseDN; } + public String getUserDN(String userID) { + return "uid=" + LDAPUtil.escapeRDNValue(userID) + "," + getUserBaseDN(); + } + /** * Retrieves group base dn. */ |