diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index e1b8af7e4e1f0201041b131378ec6232d05407c0..f15ba746cd73139b0a848da991898f826147da25 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -114,7 +114,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
"(groupdn = \"ldap:///<ACTUAL_GROUP>\");)";
private static final String PUB_GROUP_ACI = "(targetattr = \"*\") " +
"(version 3.0;acl \"Group Public\";" +
- "allow (read,compare,search)userdn=\"ldap:///anyone\";)";
+ "allow (read,compare,search)userdn=\"ldap:///all\";)";
private LdapUserDAO<T> userPersist;
@@ -327,7 +327,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
Filter filter = Filter.createANDFilter(
Filter.createEqualityFilter("cn", groupID),
Filter.createNOTFilter(
- Filter.createEqualityFilter("nsaccountlock", "true")));
+ Filter.createEqualityFilter("nsaccountlock", "TRUE")));
SearchRequest searchRequest = new SearchRequest(
config.getGroupsDN(), SearchScope.SUB,
@@ -379,7 +379,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
User<X500Principal> user;
try
{
- user = userPersist.getMember(memberDN);
+ user = userPersist.getMember(memberDN, false);
}
catch (UserNotFoundException e)
{
@@ -391,8 +391,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
else if (memberDN.isDescendantOf(config.getGroupsDN(),
false))
{
- Group memberGroup = getGroup(memberDN);
- ldapGroup.getGroupMembers().add(memberGroup);
+ ldapGroup.getGroupMembers().add(new Group(memberDN.getRDNString().replace("cn=", "")));
}
else
{
@@ -412,10 +411,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
// TODO it's gotta be a better way to do this.
String grRead = aci.substring(
aci.indexOf("ldap:///"));
- grRead = grRead.substring(grRead.indexOf("cn"),
- grRead.lastIndexOf('"'));
+ grRead = grRead.substring(grRead.indexOf("cn=") + 3,
+ grRead.indexOf(','));
- Group groupRead = getGroup(new DN(grRead));
+ Group groupRead = new Group(grRead.trim());
ldapGroup.groupRead = groupRead;
}
else if (aci.contains("Group Write"))
@@ -423,10 +422,10 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
// TODO it's gotta be a better way to do this.
String grWrite = aci.substring(
aci.indexOf("ldap:///"));
- grWrite = grWrite.substring(grWrite.indexOf("cn"),
- grWrite.lastIndexOf('"'));
+ grWrite = grWrite.substring(grWrite.indexOf("cn=") + 3,
+ grWrite.indexOf(','));
- Group groupWrite = getGroup(new DN(grWrite));
+ Group groupWrite = getGroup(grWrite.trim());
ldapGroup.groupWrite = groupWrite;
}
else if (aci.equals(PUB_GROUP_ACI))
@@ -446,10 +445,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
// access control
throw new TransientException("Error getting the group", e1);
}
- catch (UserNotFoundException e2)
- {
- throw new RuntimeException("BUG - owner or member not found", e2);
- }
}
/**
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index b42433070313bca4613f0bf3b99d1287bb39bd0c..b58ade6f8eec036820fbff5e77c8d1640c964039 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -129,7 +129,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
"Unsupported principal type " + userID.getClass());
}
- searchField = "(" + searchField + "=" + userID.getName() + ")";
+ searchField = "(&(objectclass=cadcaccount)(" + searchField + "=" + userID.getName() + "))";
SearchResultEntry searchResult = null;
try
@@ -137,7 +137,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
SearchRequest searchRequest = new SearchRequest(config.getUsersDN(),
SearchScope.SUB, searchField,
new String[] {"cn", "entryid", "entrydn", "dn"});
-
+
searchRequest.addControl(
new ProxiedAuthorizationV2RequestControl("dn:" +
getSubjectDN().toNormalizedString()));
@@ -164,7 +164,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
searchResult.getAttributeValueAsInteger("entryid")));
return user;
- }
+ }
/**
* Get all groups the user specified by userID belongs to.
@@ -335,11 +335,14 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
/**
* Returns a member user identified by the X500Principal only.
* @param userDN
+ * @param bindAsSubject - true if Ldap commands executed as subject
+ * (proxy authorization) or false if they are executed as the user
+ * in the connection.
* @return
* @throws UserNotFoundException
* @throws LDAPException
*/
- User<X500Principal> getMember(DN userDN)
+ User<X500Principal> getMember(DN userDN, boolean bindAsSubject)
throws UserNotFoundException, LDAPException
{
Filter filter =
@@ -352,9 +355,12 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
(String[]) this.attribType.values().toArray(
new String[this.attribType.values().size()]));
- searchRequest.addControl(
- new ProxiedAuthorizationV2RequestControl("dn:" +
- getSubjectDN().toNormalizedString()));
+ if (bindAsSubject)
+ {
+ searchRequest.addControl(
+ new ProxiedAuthorizationV2RequestControl("dn:" +
+ getSubjectDN().toNormalizedString()));
+ }
SearchResultEntry searchResult =
getConnection().searchForEntry(searchRequest);
@@ -371,6 +377,19 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
return user;
}
+
+ /**
+ * Returns a member user identified by the X500Principal only.
+ * @param userDN
+ * @return
+ * @throws UserNotFoundException
+ * @throws LDAPException
+ */
+ User<X500Principal> getMember(DN userDN)
+ throws UserNotFoundException, LDAPException
+ {
+ return getMember(userDN, true);
+ }
DN getUserDN(User<? extends Principal> user)
throws LDAPException, UserNotFoundException
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
index da506f7299ee19dbd848974f7f4990de8fa553dd..9a2c2caddd06d278b8fd4ff6e13e7047e55019a0 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
@@ -87,7 +87,7 @@ public class LdapDAOTest
{
static String server = "mach275.cadc.dao.nrc.ca";
static int port = 389;
- static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot";
+ static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot";
static String adminPW = "go4it";
static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index f03f82a9f7333b33fbf2a235e75ba6ff208a012d..cdde99c29e103ff8309b7eec0c7d0a060757e5b7 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -70,10 +70,10 @@ public class LdapGroupDAOTest
static int port = 389;
static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot";
static String adminPW = "go4it";
-// static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-// static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
- static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
- static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
+ static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
+ static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
+ //static String userBaseDN = "ou=Users,ou=ds,dc=canfar,dc=net";
+ //static String groupBaseDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca";
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
index 84ed2d88f298e99ca6b000734e46bb217572f71e..a742fe5b6d586fa00596cc5df4939262c9b54188 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java
@@ -94,7 +94,7 @@ public class LdapUserDAOTest
static String server = "mach275.cadc.dao.nrc.ca";
static int port = 389;
- static String adminDN = "uid=webproxy,ou=administrators,ou=topologymanagement,o=netscaperoot";
+ static String adminDN = "uid=webproxy,ou=Webproxy,ou=topologymanagement,o=netscaperoot";
static String adminPW = "go4it";
static String userBaseDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
static String groupBaseDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java
index 3bb88cd475cc97d943ec1ea02f6150f7e5255d4c..f4e11a97265d9930588d70b671f160c6ea014de1 100644
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Group.java
@@ -199,7 +199,7 @@ public class Group
@Override
public int hashCode()
{
- return 31 + groupID.hashCode();
+ return 31 + groupID.toLowerCase().hashCode();
}
/* (non-Javadoc)
@@ -221,7 +221,7 @@ public class Group
return false;
}
Group other = (Group) obj;
- if (!groupID.equals(other.groupID))
+ if (!groupID.equalsIgnoreCase(other.groupID))
{
return false;
}