From e8940ede67f503e360f3492b352f836dc16f89a3 Mon Sep 17 00:00:00 2001
From: Adrian Damian <Adrian.Damian@nrc-cnrc.gc.ca>
Date: Mon, 6 Oct 2014 10:05:59 -0700
Subject: [PATCH] Fixed problem with non-canonized DNs in ac search

---
 .../nrc/cadc/ac/server/RequestValidator.java  | 10 +++----
 .../nrc/cadc/ac/server/ldap/LdapUserDAO.java  | 27 ++-----------------
 2 files changed, 7 insertions(+), 30 deletions(-)

diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
index 25889a69..f35fef41 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/RequestValidator.java
@@ -68,16 +68,16 @@
  */
 package ca.nrc.cadc.ac.server;
 
-import ca.nrc.cadc.ac.IdentityType;
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
 import ca.nrc.cadc.ac.Role;
 import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.uws.Parameter;
 import ca.nrc.cadc.uws.ParameterUtil;
 
-import java.security.Principal;
-import java.util.List;
-import org.apache.log4j.Logger;
-
 /**
  * Request Validator. This class extracts and validates the ID, TYPE, ROLE
  * and GURI parameters.
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index 1d7cd6f4..c3e33dca 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -407,11 +407,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
             throw new IllegalArgumentException(
                 "Unsupported principal type " + user.getUserID().getClass());
         }
-        
-        String name = getUserName(searchField, user);
 
         searchField = "(" + searchField + "=" + 
-                name + ")";
+                user.getUserID().getName() + ")";
 
         SearchResultEntry searchResult = null;
         try
@@ -430,32 +428,11 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 
         if (searchResult == null)
         {
-            String msg = "User not found " + name;
+            String msg = "User not found " + user.getUserID().getName();
             logger.debug(msg);
             throw new UserNotFoundException(msg);
         }
         return searchResult.getAttributeValueAsDN("entrydn");
     }
-    
-    /**
-     * If the principal is of type x500, canonize the name for the
-     * search.
-     * 
-     * @param searchField
-     * @param user
-     * @return
-     */
-    private String getUserName(String searchField, User<? extends Principal> user)
-    {
-        if (searchField != null)
-        {
-            if (searchField.equals("distinguishedname"))
-            {
-                return AuthenticationUtil.canonizeDistinguishedName(user.getUserID().getName());
-            }
-            return user.getUserID().getName();
-        }
-        return null;
-    }
 
 }
-- 
GitLab