diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-04-30 11:50:21 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-05-05 14:59:49 -0400 |
commit | b2d2cbaa9123f021de229e3f249378e22e91a18b (patch) | |
tree | e3bb49380e74bcfb8d3362a341a34511c5380555 /base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | |
parent | f79297ea22cbe880863cfa77dafc99a09eb923ef (diff) | |
download | pki-b2d2cbaa9123f021de229e3f249378e22e91a18b.tar.gz pki-b2d2cbaa9123f021de229e3f249378e22e91a18b.tar.xz pki-b2d2cbaa9123f021de229e3f249378e22e91a18b.zip |
Replaced filter in UGSubsystem.findUsers().
The findUsers() method in UGSubsystem has been modified to search
additional attributes in the user database. This method is only
used by the UserService, so the impact is limited to user-find
CLI command in all subsystems and TPS UI.
Ticket #920
Diffstat (limited to 'base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 0bdea6319..ea6149d1a 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -38,6 +38,8 @@ import netscape.ldap.LDAPSearchResults; import netscape.ldap.LDAPv2; import netscape.security.x509.X509CertImpl; +import org.apache.commons.lang.StringUtils; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; @@ -328,25 +330,40 @@ public final class UGSubsystem implements IUGSubsystem { * Searchs for identities that matches the filter. */ public Enumeration<IUser> findUsers(String filter) throws EUsrGrpException { - if (filter == null) { - return null; + + String ldapFilter; + if (StringUtils.isEmpty(filter)) { + ldapFilter = "(uid=*)"; + + } else { + filter = LDAPUtil.escapeFilter(filter); + ldapFilter = "(|(uid=*" + filter + "*)(cn=*" + filter + "*)(mail=*" + filter + "*))"; } LDAPConnection ldapconn = null; try { ldapconn = getConn(); - LDAPSearchResults res = ldapconn.search(getUserBaseDN(), - LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", - null, false); + // use one-level search to search users in flat tree + LDAPSearchResults res = ldapconn.search( + getUserBaseDN(), + LDAPv2.SCOPE_ONE, + ldapFilter, + null, + false); + + // throw EUsrGrpException if result is empty Enumeration<IUser> e = buildUsers(res); return e; + } catch (LDAPException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString())); + } catch (ELdapException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString())); + } finally { if (ldapconn != null) returnConn(ldapconn); |