diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2014-08-26 18:49:56 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2014-08-27 13:05:49 -0400 |
| commit | 579ca2f8c894087c839e60b7c5775b5e7483362a (patch) | |
| tree | b301399cbd6faf28024fa6456ce8060f381e62ce /base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | |
| parent | 6444287caa2ad171086d0ce9d93761a897247e06 (diff) | |
| download | pki-579ca2f8c894087c839e60b7c5775b5e7483362a.tar.gz pki-579ca2f8c894087c839e60b7c5775b5e7483362a.tar.xz pki-579ca2f8c894087c839e60b7c5775b5e7483362a.zip | |
Fixed problems in group operations.
Previously modifying the description of an empty group failed
because the server tried to delete a uniqueMember attribute that
did not exist because the group was already empty. The servlets and
group subsystem has been fixed to retrieve the existing group data
first, perform the changes on it, then save it back to the database.
Also adding a new group will no longer require a description because
it's not required by the LDAP object class.
Ticket #818
Diffstat (limited to 'base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java')
| -rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 73 |
1 files changed, 44 insertions, 29 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 245115e75..a2655bf82 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -1725,28 +1725,39 @@ public final class UGSubsystem implements IUGSubsystem { LDAPConnection ldapconn = null; try { + String dn = "cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + "," + getGroupBaseDN(); + CMS.debug("dn: " + dn); + LDAPAttributeSet attrs = new LDAPAttributeSet(); String oc[] = { "top", "groupOfUniqueNames" }; attrs.add(new LDAPAttribute("objectclass", oc)); attrs.add(new LDAPAttribute("cn", group.getGroupID())); - attrs.add(new LDAPAttribute("description", group.getDescription())); + + String description = group.getDescription(); + if (description != null) { + CMS.debug("description: " + description); + attrs.add(new LDAPAttribute("description", description)); + } + Enumeration<String> e = grp.getMemberNames(); - if (e.hasMoreElements() == true) { + if (e.hasMoreElements()) { LDAPAttribute attrMembers = new LDAPAttribute("uniquemember"); while (e.hasMoreElements()) { String name = e.nextElement(); + String memberDN = "uid=" + LDAPUtil.escapeRDNValue(name) + "," + getUserBaseDN(); + CMS.debug("uniqueMember: " + memberDN); + // DOES NOT SUPPORT NESTED GROUPS... - attrMembers.addValue("uid=" + LDAPUtil.escapeRDNValue(name) + "," + - getUserBaseDN()); + attrMembers.addValue(memberDN); } attrs.add(attrMembers); } - LDAPEntry entry = new LDAPEntry("cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + - "," + getGroupBaseDN(), attrs); + + LDAPEntry entry = new LDAPEntry(dn, attrs); ldapconn = getConn(); ldapconn.add(entry); @@ -1796,6 +1807,11 @@ public final class UGSubsystem implements IUGSubsystem { } } + /** + * Modifies an existing group in the database. + * + * @param group an existing group that has been modified in memory + */ public void modifyGroup(IGroup group) throws EUsrGrpException { Group grp = (Group) group; @@ -1806,39 +1822,38 @@ public final class UGSubsystem implements IUGSubsystem { LDAPConnection ldapconn = null; try { - LDAPAttribute attrMembers = new LDAPAttribute("uniquemember"); + String dn = "cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + "," + getGroupBaseDN(); + CMS.debug("dn: " + dn); + LDAPModificationSet mod = new LDAPModificationSet(); - String desc = grp.getDescription(); + // update description + String description = grp.getDescription(); + mod.add(LDAPModification.REPLACE, new LDAPAttribute("description", description)); + CMS.debug("description: " + description); - if (desc != null) { - mod.add(LDAPModification.REPLACE, - new LDAPAttribute("description", desc)); + Enumeration<String> e = grp.getMemberNames(); + + // admin group cannot be empty + if (grp.getName().equalsIgnoreCase(SUPER_CERT_ADMINS) && !e.hasMoreElements()) { + throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD")); } - Enumeration<String> e = grp.getMemberNames(); + // update members + LDAPAttribute attrMembers = new LDAPAttribute("uniquemember"); + while (e.hasMoreElements()) { + String name = e.nextElement(); - if (e.hasMoreElements() == true) { - while (e.hasMoreElements()) { - String name = e.nextElement(); + String memberDN = "uid=" + LDAPUtil.escapeRDNValue(name) + "," + getUserBaseDN(); + CMS.debug("uniqueMember: " + memberDN); - // DOES NOT SUPPORT NESTED GROUPS... - attrMembers.addValue("uid=" + LDAPUtil.escapeRDNValue(name) + "," + - getUserBaseDN()); - } - mod.add(LDAPModification.REPLACE, attrMembers); - } else { - if (!grp.getName().equalsIgnoreCase(SUPER_CERT_ADMINS)) { - mod.add(LDAPModification.DELETE, attrMembers); - } else { - // not allowed - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD")); - } + // DOES NOT SUPPORT NESTED GROUPS... + attrMembers.addValue(memberDN); } + mod.add(LDAPModification.REPLACE, attrMembers); ldapconn = getConn(); - ldapconn.modify("cn=" + LDAPUtil.escapeRDNValue(grp.getGroupID()) + - "," + getGroupBaseDN(), mod); + ldapconn.modify(dn, mod); } catch (LDAPException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_MODIFY_GROUP", e.toString())); |