diff options
author | Endi S. Dewata <edewata@redhat.com> | 2014-04-30 10:55:30 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2014-05-05 14:59:05 -0400 |
commit | f79297ea22cbe880863cfa77dafc99a09eb923ef (patch) | |
tree | b37faa1b0ef4631e23dab6d358fb395a43de3f9e /base/server/cmscore | |
parent | b381c23ea5f3233adbd2e5a16ec124115d1cd936 (diff) | |
download | pki-f79297ea22cbe880863cfa77dafc99a09eb923ef.tar.gz pki-f79297ea22cbe880863cfa77dafc99a09eb923ef.tar.xz pki-f79297ea22cbe880863cfa77dafc99a09eb923ef.zip |
Fixed UGSubsystem.getUser().
Previously the getUser() method in UGSubsystem was using findUsers()
which uses a subtree search to find users. It has been replaced with
a base search which is more accurate since the user DN is known. The
code has also been simplified to merge the two cases where the input
parameter could be a user ID or a DN.
Ticket #920
Diffstat (limited to 'base/server/cmscore')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java | 69 |
1 files changed, 41 insertions, 28 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java index 4eaaa4758..0bdea6319 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/usrgrp/UGSubsystem.java @@ -190,45 +190,54 @@ public final class UGSubsystem implements IUGSubsystem { /** * Retrieves a user from LDAP */ - public IUser getUser(String userid) throws EUsrGrpException { - if (userid == null) { + public IUser getUser(String userID) throws EUsrGrpException { + + if (userID == null) { return null; } + String userDN; + + if (userID.indexOf('=') < 0) { // user ID is not a DN + userDN = getUserDN(userID); + + } else { // user ID is a DN + // TODO: use a separate method for user ID and DN + userDN = userID; + } + try { - if (userid.indexOf('=') == -1) { - Enumeration<IUser> e = findUsers(userid); + LDAPConnection ldapconn = null; - if (e != null && e.hasMoreElements()) { - IUser u = e.nextElement(); + try { + ldapconn = getConn(); - return u; - } else { - throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USER_NOT_FOUND")); - } - } else { - LDAPConnection ldapconn = null; + // use base search to find the exact user + LDAPSearchResults res = ldapconn.search( + userDN, + LDAPv2.SCOPE_BASE, + "(objectclass=*)", + null, + false); - try { - ldapconn = getConn(); - // read DN - LDAPSearchResults res = - ldapconn.search(userid, - LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false); - Enumeration<IUser> e = buildUsers(res); - - if (e.hasMoreElements()) { - return e.nextElement(); - } - } finally { - if (ldapconn != null) - returnConn(ldapconn); - } + // throw EUsrGrpException if result is empty + Enumeration<IUser> e = buildUsers(res); + + // user found + return e.nextElement(); + + } finally { + if (ldapconn != null) + returnConn(ldapconn); } + } catch (Exception e) { + // currently this will catch all exceptions + // TODO: catch user not found exception only, rethrow everything else log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_GET_USER", e.toString())); - // throws... } + + // user not found or other error occurs return null; } @@ -1902,6 +1911,10 @@ public final class UGSubsystem implements IUGSubsystem { return "ou=People," + mBaseDN; } + public String getUserDN(String userID) { + return "uid=" + LDAPUtil.escapeRDNValue(userID) + "," + getUserBaseDN(); + } + /** * Retrieves group base dn. */ |