Fixed unit testing to work with the agreed ldap acis

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

@@ -114,7 +114,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             "(groupdn = \"ldap:///<ACTUAL_GROUP>\");)";
     private static final String PUB_GROUP_ACI = "(targetattr = \"*\") " + 
             "(version 3.0;acl \"Group Public\";" + 
-            "allow (read,compare,search)userdn=\"ldap:///anyone\";)";
+            "allow (read,compare,search)userdn=\"ldap:///all\";)";
     
     private LdapUserDAO<T> userPersist;
 
@@ -327,7 +327,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             Filter filter = Filter.createANDFilter(
                     Filter.createEqualityFilter("cn", groupID),
                     Filter.createNOTFilter(
-                        Filter.createEqualityFilter("nsaccountlock", "true")));
+                        Filter.createEqualityFilter("nsaccountlock", "TRUE")));
             
             SearchRequest searchRequest =  new SearchRequest(
                     config.getGroupsDN(), SearchScope.SUB, 
@@ -379,7 +379,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                             User<X500Principal> user;
                             try
                             {
-                                user = userPersist.getMember(memberDN);
+                                user = userPersist.getMember(memberDN, false);
                             }
                             catch (UserNotFoundException e)
                             {
@@ -391,8 +391,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                         else if (memberDN.isDescendantOf(config.getGroupsDN(),
                                                          false))
                         {
-                            Group memberGroup = getGroup(memberDN);
-                            ldapGroup.getGroupMembers().add(memberGroup);
+                            ldapGroup.getGroupMembers().add(new Group(memberDN.getRDNString().replace("cn=", "")));
                         }
                         else
                         {
@@ -412,10 +411,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                             // TODO it's gotta be a better way to do this.
                             String grRead = aci.substring(
                                     aci.indexOf("ldap:///"));
-                            grRead = grRead.substring(grRead.indexOf("cn"),
-                                                      grRead.lastIndexOf('"'));
+                            grRead = grRead.substring(grRead.indexOf("cn=") + 3,
+                                                      grRead.indexOf(','));
 
-                            Group groupRead = getGroup(new DN(grRead));
+                            Group groupRead = new Group(grRead.trim());
                             ldapGroup.groupRead = groupRead;
                         }
                         else if (aci.contains("Group Write"))
@@ -423,10 +422,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
                             // TODO it's gotta be a better way to do this.
                             String grWrite = aci.substring(
                                     aci.indexOf("ldap:///"));
-                            grWrite = grWrite.substring(grWrite.indexOf("cn"), 
-                                                    grWrite.lastIndexOf('"'));
+                            grWrite = grWrite.substring(grWrite.indexOf("cn=") + 3, 
+                                                    grWrite.indexOf(','));
 
-                            Group groupWrite = getGroup(new DN(grWrite));
+                            Group groupWrite = getGroup(grWrite.trim());
                             ldapGroup.groupWrite = groupWrite;
                         }
                         else if (aci.equals(PUB_GROUP_ACI))
@@ -446,10 +445,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             // access control
             throw new TransientException("Error getting the group", e1);
         }
-        catch (UserNotFoundException e2)
-        {
-            throw new RuntimeException("BUG - owner or member not found", e2);
-        }
     }
 
     /**

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

@@ -129,7 +129,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
                     "Unsupported principal type " + userID.getClass());
         }
 
-        searchField = "(" + searchField + "=" + userID.getName() + ")";
+        searchField = "(&(objectclass=cadcaccount)(" + searchField + "=" + userID.getName() + "))";
 
         SearchResultEntry searchResult = null;
         try
@@ -137,7 +137,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
             SearchRequest searchRequest = new SearchRequest(config.getUsersDN(), 
                     SearchScope.SUB, searchField, 
                     new String[] {"cn", "entryid", "entrydn", "dn"});
-
+ 
             searchRequest.addControl(
                     new ProxiedAuthorizationV2RequestControl("dn:" + 
                             getSubjectDN().toNormalizedString()));
@@ -164,7 +164,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
                         searchResult.getAttributeValueAsInteger("entryid")));
 
         return user;
-    }
+    }   
 
     /**
      * Get all groups the user specified by userID belongs to.
@@ -335,11 +335,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
     /**
      * Returns a member user identified by the X500Principal only.
      * @param userDN
+     * @param bindAsSubject - true if Ldap commands executed as subject 
+     * (proxy authorization) or false if they are executed as the user
+     * in the connection.
      * @return
      * @throws UserNotFoundException
      * @throws LDAPException
      */
-    User<X500Principal> getMember(DN userDN)
+    User<X500Principal> getMember(DN userDN, boolean bindAsSubject)
         throws UserNotFoundException, LDAPException
     {
         Filter filter = 
@@ -352,9 +355,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
                                   (String[]) this.attribType.values().toArray(
                                   new String[this.attribType.values().size()]));
         
-        searchRequest.addControl(
-                    new ProxiedAuthorizationV2RequestControl("dn:" + 
-                            getSubjectDN().toNormalizedString()));
+        if (bindAsSubject)
+        {
+        	searchRequest.addControl(
+        				new ProxiedAuthorizationV2RequestControl("dn:" + 
+        						getSubjectDN().toNormalizedString()));
+        }
         
         SearchResultEntry searchResult = 
                 getConnection().searchForEntry(searchRequest);
@@ -371,6 +377,19 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 
         return user;
     }
+    
+    /**
+     * Returns a member user identified by the X500Principal only.
+     * @param userDN
+     * @return
+     * @throws UserNotFoundException
+     * @throws LDAPException
+     */
+    User<X500Principal> getMember(DN userDN)
+        throws UserNotFoundException, LDAPException
+    {
+        return getMember(userDN, true);
+    }
 
     DN getUserDN(User<? extends Principal> user)
         throws LDAPException, UserNotFoundException

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java

@@ -87,7 +87,7 @@ public class LdapDAOTest
 {
     static String server = "mach275.cadc.dao.nrc.ca";
     static int port = 389;
-    static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot";
+    static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot";
     static String adminPW = "go4it";
     static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
     static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java

@@ -70,10 +70,10 @@ public class LdapGroupDAOTest
     static int port = 389;
     static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot";
     static String adminPW = "go4it";
-//    static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-//    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
-    static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
-    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
+    static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
+    static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+    //static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
+    //static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
     
     static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
     static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca";

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java

@@ -94,7 +94,7 @@ public class LdapUserDAOTest
     
     static String server = "mach275.cadc.dao.nrc.ca";
     static int port = 389;
-    static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot";
+    static String adminDN = "uid=webproxy,ou=Webproxy,ou=topologymanagement,o=netscaperoot";
     static String adminPW = "go4it";
     static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
     static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";

projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java

@@ -199,7 +199,7 @@ public class Group
     @Override
     public int hashCode()
     {
-        return 31 + groupID.hashCode();
+        return 31 + groupID.toLowerCase().hashCode();
     }
 
     /* (non-Javadoc)
@@ -221,7 +221,7 @@ public class Group
             return false;
         }
         Group other = (Group) obj;
-        if (!groupID.equals(other.groupID))
+        if (!groupID.equalsIgnoreCase(other.groupID))
         {
             return false;
         }