Commit 1e75e99c authored by Nik Okuntseff's avatar Nik Okuntseff Committed by Guus der Kinderen

A fix for OF-1041

Made a search by distinguishedName Active Directory specific
as it is difficult to come up with a generic solution.
parent a875c686
......@@ -226,8 +226,12 @@ public class LdapGroupProvider extends AbstractGroupProvider {
Pattern pattern =
Pattern.compile("(?i)(^" + manager.getUsernameField() + "=)([^,]+)(.+)");
// We have to process Active Directory differently.
boolean isAD = manager.getUsernameField().equals("sAMAccountName");
String[] returningAttributes = isAD ? new String[] { "distinguishedName", manager.getUsernameField() } : new String[] { manager.getUsernameField() };
SearchControls searchControls = new SearchControls();
searchControls.setReturningAttributes(new String[] { "distinguishedName", manager.getUsernameField() });
searchControls.setReturningAttributes(returningAttributes);
// See if recursive searching is enabled. Otherwise, only search one level.
if (manager.isSubTreeSearch()) {
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
......@@ -289,9 +293,16 @@ public class LdapGroupProvider extends AbstractGroupProvider {
while(usrAnswer.hasMoreElements()) {
searchResult = (SearchResult) usrAnswer.nextElement();
Attributes attrs = searchResult.getAttributes();
Attribute userdnAttr = attrs.get("distinguishedName");
if (username.equals((String)userdnAttr.get())) {
// Exact match found, use it.
if (isAD) {
Attribute userdnAttr = attrs.get("distinguishedName");
if (username.equals((String)userdnAttr.get())) {
// Exact match found, use it.
username = (String)attrs.get(manager.getUsernameField()).get();
break;
}
}
else {
// No iteration occurs here, which is probably a bug.
username = (String)attrs.get(manager.getUsernameField()).get();
break;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment