You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2004/11/01 05:14:10 UTC
svn commit: rev 56195 - in incubator/directory/eve/trunk/backend/core/src: java/org/apache/eve/jndi/ibs test/org/apache/eve/jndi/ibs
Author: akarasulu
Date: Sun Oct 31 20:14:10 2004
New Revision: 56195
Modified:
incubator/directory/eve/trunk/backend/core/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java
incubator/directory/eve/trunk/backend/core/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java
Log:
made creatorsName be the DN of the user under ou=users,ou=system
Modified: incubator/directory/eve/trunk/backend/core/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java
==============================================================================
--- incubator/directory/eve/trunk/backend/core/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java (original)
+++ incubator/directory/eve/trunk/backend/core/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java Sun Oct 31 20:14:10 2004
@@ -37,6 +37,7 @@
import org.apache.ldap.common.util.DateUtils;
import org.apache.ldap.common.schema.AttributeType;
import org.apache.ldap.common.schema.UsageEnum;
+import org.apache.ldap.common.name.LdapName;
/**
@@ -84,6 +85,7 @@
/** a service used to filter search and lookup operations */
private final FilterService filteringService;
private final AttributeTypeRegistry registry;
+ private static Name usersBaseDn;
/**
@@ -116,6 +118,15 @@
this.filteringService.addLookupFilter( LOOKUP_FILTER );
this.filteringService.addSearchResultFilter( SEARCH_FILTER );
+
+ try
+ {
+ usersBaseDn = new LdapName( "ou=users,ou=system" );
+ }
+ catch ( NamingException e )
+ {
+ // never gets thrown since the DN used is static and correct
+ }
}
@@ -130,12 +141,22 @@
if ( invocation.getState() == InvocationStateEnum.PREINVOCATION )
{
+ String principal;
+ if ( normName.startsWith( usersBaseDn ) && normName.size() > 2 )
+ {
+ principal = upName;
+ }
+ else
+ {
+ principal = getPrincipal( invocation );
+ }
+
BasicAttribute attribute = new BasicAttribute( "creatorsName" );
- attribute.add( getPrincipal( invocation ) );
+ attribute.add( principal );
entry.put( attribute );
attribute = new BasicAttribute( "createTimestamp" );
- attribute.add( DateUtils.getGeneralizedTime( System.currentTimeMillis() ) );
+ attribute.add( DateUtils.getGeneralizedTime() );
entry.put( attribute );
}
}
Modified: incubator/directory/eve/trunk/backend/core/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java
==============================================================================
--- incubator/directory/eve/trunk/backend/core/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java (original)
+++ incubator/directory/eve/trunk/backend/core/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java Sun Oct 31 20:14:10 2004
@@ -117,4 +117,21 @@
assertNotNull( attributes.get( "creatorsName" ) );
assertNotNull( attributes.get( "createTimestamp" ) );
}
+
+
+ /**
+ * Test which confirms that all new users created under the user's dn
+ * (ou=users,ou=system) have the creatorsName set to the DN of the new
+ * user even though the admin is creating the user. This is the basis
+ * for some authorization rules to protect passwords.
+ *
+ * @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-67">JIRA Issue DIREVE-67</a>
+ */
+ public void testConfirmNonAdminUserDnIsCreatorsName() throws NamingException
+ {
+ Attributes attributes = sysRoot.getAttributes( "uid=akarasulu,ou=users",
+ new String[] { "creatorsName" } );
+ assertEquals( "uid=akarasulu,ou=users,ou=system",
+ attributes.get( "creatorsName" ).get() );
+ }
}