From 6405cb345894fe04251a037d5de53afce426d8dd Mon Sep 17 00:00:00 2001
From: Jeff Burke <Jeff.Burke@nrc-cnrc.gc.ca>
Date: Wed, 30 Mar 2016 15:14:14 -0700
Subject: [PATCH] t72796: check for presence of nsaccountlock when getting
 users

---
 .../ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java  | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 33ac9b27..0a830355 100755
--- a/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -473,7 +473,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         Filter filter = null;
         try
         {
-            filter = Filter.createEqualityFilter(searchField, userID.getName());
+            Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
+            Filter equalsFilter = Filter.createEqualityFilter(searchField, userID.getName());
+            filter = Filter.createANDFilter(notFilter, equalsFilter);
             logger.debug("search filter: " + filter);
 
             SearchRequest searchRequest =
@@ -571,7 +573,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         Filter filter = null;
         try
         {
-            filter = Filter.createEqualityFilter("email", emailAddress);
+            Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
+            Filter equalsFilter = Filter.createEqualityFilter("email", emailAddress);
+            filter = Filter.createANDFilter(notFilter, equalsFilter);
             logger.debug("search filter: " + filter);
 
             SearchRequest searchRequest =
@@ -683,7 +687,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 
         try
         {
-            Filter filter = Filter.createEqualityFilter(searchField, userID.getName());
+            Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
+            Filter equalsFilter = Filter.createEqualityFilter(searchField, userID.getName());
+            Filter filter = Filter.createANDFilter(notFilter, equalsFilter);
             profiler.checkpoint("getAugmentedUser.createFilter");
             logger.debug("search filter: " + filter);
 
@@ -792,7 +798,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
     {
         final Collection<User<Principal>> users = new ArrayList<User<Principal>>();
 
-        Filter filter =  Filter.createPresenceFilter(LDAP_UID);
+        Filter notFilter = Filter.createNOTFilter(Filter.createPresenceFilter(LDAP_NSACCOUNTLOCK));
+        Filter presenceFilter = Filter.createPresenceFilter(LDAP_UID);
+        Filter filter = Filter.createANDFilter(notFilter, presenceFilter);
         logger.debug("search filter: " + filter);
 
         final String[] attributes = new String[]
-- 
GitLab