diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2014-04-30 11:50:21 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2014-05-05 14:59:49 -0400 |
| commit | b2d2cbaa9123f021de229e3f249378e22e91a18b (patch) | |
| tree | e3bb49380e74bcfb8d3362a341a34511c5380555 | |
| parent | f79297ea22cbe880863cfa77dafc99a09eb923ef (diff) | |
| download | pki-b2d2cbaa9123f021de229e3f249378e22e91a18b.tar.gz pki-b2d2cbaa9123f021de229e3f249378e22e91a18b.tar.xz pki-b2d2cbaa9123f021de229e3f249378e22e91a18b.zip | |
Replaced filter in UGSubsystem.findUsers().
The findUsers() method in UGSubsystem has been modified to search
additional attributes in the user database. This method is only
used by the UserService, so the impact is limited to user-find
CLI command in all subsystems and TPS UI.
Ticket #920
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/rest/UserService.java | 2 | ||||
| -rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 27 |
2 files changed, 22 insertions, 7 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/rest/UserService.java b/base/server/cms/src/org/dogtagpki/server/rest/UserService.java index 839b29291..e8dfaf199 100644 --- a/base/server/cms/src/org/dogtagpki/server/rest/UserService.java +++ b/base/server/cms/src/org/dogtagpki/server/rest/UserService.java @@ -76,7 +76,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.servlet.admin.GroupMemberProcessor; import com.netscape.cms.servlet.base.PKIService; -import com.netscape.cmsutil.ldap.LDAPUtil; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.util.Utils; @@ -135,7 +134,6 @@ public class UserService extends PKIService implements UserResource { public Response findUsers(String filter, Integer start, Integer size) { UserCollection response = new UserCollection(); try { - filter = StringUtils.isEmpty(filter) ? "*" : "*"+LDAPUtil.escapeFilter(filter)+"*"; start = start == null ? 0 : start; size = size == null ? DEFAULT_SIZE : size; diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 0bdea6319..ea6149d1a 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -38,6 +38,8 @@ import netscape.ldap.LDAPSearchResults; import netscape.ldap.LDAPv2; import netscape.security.x509.X509CertImpl; +import org.apache.commons.lang.StringUtils; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; @@ -328,25 +330,40 @@ public final class UGSubsystem implements IUGSubsystem { * Searchs for identities that matches the filter. */ public Enumeration<IUser> findUsers(String filter) throws EUsrGrpException { - if (filter == null) { - return null; + + String ldapFilter; + if (StringUtils.isEmpty(filter)) { + ldapFilter = "(uid=*)"; + + } else { + filter = LDAPUtil.escapeFilter(filter); + ldapFilter = "(|(uid=*" + filter + "*)(cn=*" + filter + "*)(mail=*" + filter + "*))"; } LDAPConnection ldapconn = null; try { ldapconn = getConn(); - LDAPSearchResults res = ldapconn.search(getUserBaseDN(), - LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", - null, false); + // use one-level search to search users in flat tree + LDAPSearchResults res = ldapconn.search( + getUserBaseDN(), + LDAPv2.SCOPE_ONE, + ldapFilter, + null, + false); + + // throw EUsrGrpException if result is empty Enumeration<IUser> e = buildUsers(res); return e; + } catch (LDAPException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString())); + } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString())); + } finally { if (ldapconn != null) returnConn(ldapconn); |