From fcd9bc98f11e168fa724f4f459be3d5cd01f9e56 Mon Sep 17 00:00:00 2001
From: Adrian Damian <Adrian.Damian@nrc.ca>
Date: Fri, 21 Nov 2014 13:05:21 -0800
Subject: [PATCH] Fixed a problem with member groups
---
.../nrc/cadc/ac/server/ldap/LdapGroupDAO.java | 61 ++++++++++++++++---
1 file changed, 52 insertions(+), 9 deletions(-)
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index 6cdbbca3..6a7ec0cf 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -538,18 +538,13 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
try
{
ldapGroup.getGroupMembers().
- add(getGroup(memberDN));
+ add(new Group(getGroupID(memberDN)));
}
catch(GroupNotFoundException e)
{
// ignore as we are not cleaning up
// deleted groups from the group members
}
- catch (UserNotFoundException e)
- {
- throw new RuntimeException(
- "BUG: group owner not found");
- }
}
else
{
@@ -922,13 +917,14 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
/**
- * Returns a group based on its LDAP DN. The returned group is bare
- * (contains only group ID, description, modifytimestamp).
+ * Returns a group based on its LDAP DN. The returned group does not contain
+ * members or admins
*
* @param groupDN
* @return
* @throws com.unboundid.ldap.sdk.LDAPException
- * @throws ca.nrc.cadc.ac.GroupNotFoundException
+ * @throws ca.nrc.cadc.ac.GroupNotFoundException - if group does not exist,
+ * it's deleted or caller has no access to it.
*/
protected Group getGroup(final DN groupDN)
throws LDAPException, GroupNotFoundException, UserNotFoundException
@@ -970,6 +966,53 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
return group;
}
+ /**
+ * Returns a group ID corresponding to a DN. Although the groupID can be
+ * deduced from the group DN, this method checks if the group exists and
+ * it's active and throws an exception if any of those conditions are not
+ * met.
+ *
+ * @param groupDN
+ * @return
+ * @throws com.unboundid.ldap.sdk.LDAPException
+ * @throws ca.nrc.cadc.ac.GroupNotFoundException - Group not found or not
+ * active
+ */
+ protected String getGroupID(final DN groupDN)
+ throws LDAPException, GroupNotFoundException
+ {
+ Filter filter = Filter.createEqualityFilter("entrydn",
+ groupDN.toNormalizedString());
+
+ SearchRequest searchRequest = new SearchRequest(
+ config.getGroupsDN(), SearchScope.SUB, filter,
+ "cn", "nsaccountlock");
+
+ searchRequest.addControl(
+ new ProxiedAuthorizationV2RequestControl("dn:" +
+ getSubjectDN().toNormalizedString()));
+
+ SearchResultEntry searchResult =
+ getConnection().searchForEntry(searchRequest);
+
+ if (searchResult == null)
+ {
+ String msg = "Group not found " + groupDN;
+ logger.debug(msg);
+ throw new GroupNotFoundException(groupDN.toNormalizedString());
+ }
+
+ if (searchResult.getAttribute("nsaccountlock") != null)
+ {
+ // deleted group
+ String msg = "Group not found " + groupDN;
+ logger.debug(msg);
+ throw new GroupNotFoundException(groupDN.toNormalizedString());
+ }
+
+ return searchResult.getAttributeValue("cn");
+ }
+
/**
*
* @param groupID
--
GitLab