A fix for OF-1041

Made a search by distinguishedName Active Directory specific as it is difficult to come up with a generic solution.

A fix for OF-1041
Made a search by distinguishedName Active Directory specific as it is difficult to come up with a generic solution.
c66703d9 · Nik Okuntseff · fb9c6a39 · c66703d9
Commit c66703d9 authored Jan 13, 2016 by Nik Okuntseff
Show whitespace changes
Inline Side-by-side

Showing with 15 additions and 4 deletions

LdapGroupProvider.java ...ava/org/jivesoftware/openfire/ldap/LdapGroupProvider.java +15 -4

No files found.
--- a/src/java/org/jivesoftware/openfire/ldap/LdapGroupProvider.java
+++ b/src/java/org/jivesoftware/openfire/ldap/LdapGroupProvider.java
@@ -226,8 +226,12 @@ public class LdapGroupProvider extends AbstractGroupProvider {
        Pattern pattern =
                Pattern.compile("(?i)(^" + manager.getUsernameField() + "=)([^,]+)(.+)");
+        // We have to process Active Directory differently.
+        boolean isAD = manager.getUsernameField().equals("sAMAccountName");
+        String[] returningAttributes = isAD ? new String[] { "distinguishedName", manager.getUsernameField() } : new String[] { manager.getUsernameField() };
        SearchControls searchControls = new SearchControls();
-        searchControls.setReturningAttributes(new String[] { "distinguishedName", manager.getUsernameField() });
+        searchControls.setReturningAttributes(returningAttributes);
        // See if recursive searching is enabled. Otherwise, only search one level.
        if (manager.isSubTreeSearch()) {
            searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -289,6 +293,7 @@ public class LdapGroupProvider extends AbstractGroupProvider {
                                while(usrAnswer.hasMoreElements()) {
                                    searchResult = (SearchResult) usrAnswer.nextElement();
                                    Attributes attrs = searchResult.getAttributes();
+                                    if (isAD) {
                                        Attribute userdnAttr = attrs.get("distinguishedName");
                                        if (username.equals((String)userdnAttr.get())) {
                                            // Exact match found, use it.
@@ -296,6 +301,12 @@ public class LdapGroupProvider extends AbstractGroupProvider {
                                            break;
                                        }
                                    }
+                                    else {
+                                        // No iteration occurs here, which is probably a bug.
+                                        username = (String)attrs.get(manager.getUsernameField()).get();
+                                        break;
+                                    }
+                                }
                            }
                            // Close the enumeration.
                            usrAnswer.close();