add check timeout codes and throw TransientException; re-implement...

add check timeout codes and throw TransientException; re-implement checkgroupExists as a filtered search instead of using getGroupNames

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

@@ -227,6 +227,11 @@ public abstract class LdapDAO
             throws TransientException
     {
     	logger.debug("Ldap result: " + code);
+    	if (code == ResultCode.SUCCESS 
+                || code == ResultCode.NO_SUCH_OBJECT)
+        {
+            return;
+        }
         
         if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
         {
@@ -236,20 +241,20 @@ public abstract class LdapDAO
         {
             throw new AccessControlException("Invalid credentials ");
         }
-        else if ((code == ResultCode.SUCCESS) || (code
-                                                  == ResultCode.NO_SUCH_OBJECT))
-        {
-            // all good. nothing to do
-        }
         else if (code == ResultCode.PARAM_ERROR)
         {
             throw new IllegalArgumentException("Error in Ldap parameters ");
         }
-        else if (code == ResultCode.BUSY ||
-                 code == ResultCode.CONNECT_ERROR)
+        else if (code == ResultCode.BUSY 
+                || code == ResultCode.CONNECT_ERROR)
         {
             throw new TransientException("Connection problems ");
         }
+        else if (code == ResultCode.TIMEOUT
+                || code == ResultCode.TIME_LIMIT_EXCEEDED)
+        {
+            throw new TransientException("ldap timeout");
+        }
         else
         {
             throw new RuntimeException("Ldap error (" + code.getName() + ")");

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java

@@ -235,7 +235,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         for (Group groupMember : groups)
         {
             final String groupMemberID = groupMember.getID();
-            if (!checkGroupExists(groupMemberID))
+            if (!checkGroupExists(groupMemberID, false))
             {
                 throw new GroupNotFoundException(groupMemberID);
             }
@@ -346,12 +346,11 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             catch (LDAPSearchException e)
             {
                 logger.debug("Could not find groups root", e);
+                LdapDAO.checkLdapResult(e.getResultCode());
                 if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT)
                 {
                     throw new IllegalStateException("Could not find groups root");
                 }
-                else if (e.getResultCode() == ResultCode.TIME_LIMIT_EXCEEDED)
-                    throw new TransientException("time limit exceeded", e);
                 
                 throw new IllegalStateException("unexpected failure", e);
             }
@@ -622,7 +621,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         {
             mods.add(new Modification(ModificationType.REPLACE, "description", group.description));
         }
-        
+        try
+        {
             Set<String> newMembers = new HashSet<String>();
             for (User<?> member : group.getUserMembers())
             {
@@ -631,7 +631,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             }
             for (Group gr : group.getGroupMembers())
             {
-            if (!checkGroupExists(gr.getID()))
+                if (!checkGroupExists(gr.getID(), false))
                 {
                     throw new GroupNotFoundException(gr.getID());
                 }
@@ -662,7 +662,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             }
             for (Group gr : group.getGroupAdmins())
             {
-            if (!checkGroupExists(gr.getID()))
+                if (!checkGroupExists(gr.getID(), false))
                 {
                     throw new GroupNotFoundException(gr.getID());
                 }
@@ -680,8 +680,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
             adminMods.add(new Modification(ModificationType.REPLACE, "uniquemember", 
                     (String[]) newAdmins.toArray(new String[newAdmins.size()])));
         
-        try
-        {
             // modify admin group first (if necessary)
             if (adminChanges)
             {   
@@ -1117,17 +1115,43 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
         }
     }
     
-    private boolean checkGroupExists(String groupID) 
-            throws TransientException
+    private boolean checkGroupExists(String groupID, boolean lockedGroupsExist)
+            throws LDAPException, TransientException
     {
-        for (String groupName : getGroupNames())
+        try
         {
-            if (groupName.equalsIgnoreCase(groupID))
+            DN groupDN = getGroupDN(groupID);
+            Filter filter = Filter.createEqualityFilter("entrydn", groupDN.toNormalizedString());
+        
+            SearchRequest searchRequest =  new SearchRequest(
+                        config.getGroupsDN(), SearchScope.SUB, filter, 
+                        "cn", "nsaccountlock");
+
+            //searchRequest.addControl(
+            //            new ProxiedAuthorizationV2RequestControl("dn:" + 
+            //                    getSubjectDN().toNormalizedString()));
+
+            SearchResultEntry searchResult = 
+                    getConnection().searchForEntry(searchRequest);
+
+            if (searchResult == null)
             {
-                return true;
+                String msg = "Group not found " + groupDN;
+                logger.debug(msg);
+                return false;
             }
+
+            if (searchResult.getAttribute("nsaccountlock") != null)
+            {
+                // deleted group
+                String msg = "Group marked deleted " + groupDN;
+                logger.debug(msg);
+                return lockedGroupsExist;
             }
-        return false;
+
+            return true;
+        }
+        finally { }
     }        
 
 }