You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2011/05/04 07:00:30 UTC

svn commit: r1099322 - in /incubator/lcf/trunk: ./ CHANGES.txt connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java

Author: kwright
Date: Wed May  4 05:00:30 2011
New Revision: 1099322

URL: http://svn.apache.org/viewvc?rev=1099322&view=rev
Log:
Fix for CONNECTORS-195.  Since every user has a SID, if no SIDs come back from our attempt to get them, the user must not exist.

Modified:
    incubator/lcf/trunk/   (props changed)
    incubator/lcf/trunk/CHANGES.txt
    incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java

Propchange: incubator/lcf/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May  4 05:00:30 2011
@@ -1,3 +1,4 @@
 /incubator/lcf/branches/CONNECTORS-151-branch:1063444-1071206
 /incubator/lcf/branches/CONNECTORS-160-branch:1071241-1071534
+/incubator/lcf/branches/CONNECTORS-195:1098950-1099321
 /incubator/lcf/branches/CONNECTORS-32:1092556-1094216

Modified: incubator/lcf/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/lcf/trunk/CHANGES.txt?rev=1099322&r1=1099321&r2=1099322&view=diff
==============================================================================
--- incubator/lcf/trunk/CHANGES.txt (original)
+++ incubator/lcf/trunk/CHANGES.txt Wed May  4 05:00:30 2011
@@ -3,6 +3,10 @@ $Id$
 
 ======================= 0.3-dev =========================
 
+CONNECTORS-195: Active directory authority does not properly identify
+non-existing users on all versions of Java and all versions of AD.
+(Kadri Atalay, Karl Wright)
+
 CONNECTORS-192: Specification processing would sometimes be called
 without the specification data being posted.
 (Karl Wright)

Modified: incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
URL: http://svn.apache.org/viewvc/incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java?rev=1099322&r1=1099321&r2=1099322&view=diff
==============================================================================
--- incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java (original)
+++ incubator/lcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java Wed May  4 05:00:30 2011
@@ -205,17 +205,17 @@ public class ActiveDirectoryAuthority ex
   {
     getSession();
 
-    //Create the search controls 		
-    SearchControls searchCtls = new SearchControls();
-
-    //Specify the search scope, must be base level search for tokenGroups
-    searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
- 
     //specify the LDAP search filter
     String searchFilter = "(objectClass=user)";
 		
     //Specify the Base for the search
     String searchBase = parseUser(userName);
+
+    //Create the search controls for finding the access tokens	
+    SearchControls searchCtls = new SearchControls();
+
+    //Specify the search scope, must be base level search for tokenGroups
+    searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
  
     //Specify the attributes to return
     String returnedAtts[] = {"tokenGroups","objectSid"};
@@ -223,12 +223,10 @@ public class ActiveDirectoryAuthority ex
 
     try
     {
-      //Search for objects using the filter
+      //Search for tokens.  Since every user *must* have a SID, the no user detection should be safe.
       NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
 
       ArrayList theGroups = new ArrayList();
-      // All users get certain well-known groups
-      theGroups.add("S-1-1-0");
 
       //Loop through the search results
       while (answer.hasMoreElements())
@@ -259,7 +257,13 @@ public class ActiveDirectoryAuthority ex
 				
         }
       }
+
+      if (theGroups.size() == 0)
+        return userNotFoundResponse;
       
+      // All users get certain well-known groups
+      theGroups.add("S-1-1-0");
+
       String[] tokens = new String[theGroups.size()];
       int k = 0;
       while (k < tokens.length)