You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2004/11/01 09:04:00 UTC
svn commit: rev 56217 - in incubator/directory/eve/trunk/jndi-provider/src: java/org/apache/eve java/org/apache/eve/auth java/org/apache/eve/jndi java/org/apache/eve/jndi/ibs test/org/apache/eve/jndi/ibs
Author: akarasulu
Date: Mon Nov 1 00:03:59 2004
New Revision: 56217
Modified:
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/BackingStore.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/auth/LdapPrincipal.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/BaseInterceptor.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContext.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveDirContext.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveLdapContext.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java
Log:
Changes ...
o rolled back http://nagoya.apache.org/jira/browse/DIREVE-67
o added guards against all operations except for list, search and lookup
o added some utility methods to SystemPartition
o replaced some code to use new utility methods in SystemPartition
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/BackingStore.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/BackingStore.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/BackingStore.java Mon Nov 1 00:03:59 2004
@@ -98,9 +98,7 @@
* retrieval.
*
* @param base the base distinguished/absolute name for the search/listing
- * @return a NamingEnumeration containing objects of type
- * <a href="http://java.sun.com/j2se/1.4.2/docs/api/
- * javax/naming/NameClassPair.html">NameClassPair</a>.
+ * @return a NamingEnumeration containing objects of type {@link Index}
* @throws NamingException if there are any problems
*/
NamingEnumeration list( Name base ) throws NamingException;
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/SystemPartition.java Mon Nov 1 00:03:59 2004
@@ -43,6 +43,11 @@
{
/** the default user principal or DN */
public final static String ADMIN_PRINCIPAL = "uid=admin,ou=system";
+ /** the base dn under which all users reside */
+ public final static String USERS_BASE_DN = "ou=users,ou=system";
+ /** the base dn under which all groups reside */
+ public final static String GROUPS_BASE_DN = "ou=groups,ou=system";
+ /** the admin super user uid */
public final static String ADMIN_UID = "admin";
/**
@@ -56,7 +61,86 @@
/** The suffix as a name. */
private final Name suffix ;
-
+
+ // ------------------------------------------------------------------------
+ // S T A T I C M E T H O D S
+ // ------------------------------------------------------------------------
+
+
+ /**
+ * Gets the DN for the base entry under which all non-admin users reside.
+ * A new Name instance is created and returned every time.
+ *
+ * @see #USERS_BASE_DN
+ * @return the users base DN
+ */
+ public static final Name getUsersBaseDn()
+ {
+ Name usersBaseDn = null;
+
+ try
+ {
+ usersBaseDn = new LdapName( USERS_BASE_DN );
+ }
+ catch ( NamingException e )
+ {
+ e.printStackTrace();
+ // should never really happen since names are correct
+ }
+
+ return usersBaseDn;
+ }
+
+
+ /**
+ * Gets the DN for the base entry under which all groups reside.
+ * A new Name instance is created and returned every time.
+ *
+ * @see #GROUPS_BASE_DN
+ * @return the groups base DN
+ */
+ public static final Name getGroupsBaseDn()
+ {
+ Name groupsBaseDn = null;
+
+ try
+ {
+ groupsBaseDn = new LdapName( GROUPS_BASE_DN );
+ }
+ catch ( NamingException e )
+ {
+ e.printStackTrace();
+ // should never really happen since names are correct
+ }
+
+ return groupsBaseDn;
+ }
+
+
+ /**
+ * Gets the DN for the admin user.
+ *
+ * @see #ADMIN_PRINCIPAL
+ * @return the admin user DN
+ */
+ public static final Name getAdminDn()
+ {
+ Name adminDn = null;
+
+ try
+ {
+ adminDn = new LdapName( ADMIN_PRINCIPAL );
+ }
+ catch ( NamingException e )
+ {
+ e.printStackTrace();
+ // should never really happen since names are correct
+ }
+
+ return adminDn;
+ }
+
+
// ------------------------------------------------------------------------
// C O N S T R U C T O R S
// ------------------------------------------------------------------------
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/auth/LdapPrincipal.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/auth/LdapPrincipal.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/auth/LdapPrincipal.java Mon Nov 1 00:03:59 2004
@@ -35,7 +35,7 @@
/** the normalized distinguished name of the principal */
private final Name name;
/** the no name anonymous user whose DN is the empty String */
- public static final Principal ANONYMOUS = new LdapPrincipal();
+ public static final LdapPrincipal ANONYMOUS = new LdapPrincipal();
/**
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/BaseInterceptor.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/BaseInterceptor.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/BaseInterceptor.java Mon Nov 1 00:03:59 2004
@@ -25,6 +25,7 @@
import javax.naming.directory.SearchControls;
import org.apache.ldap.common.filter.ExprNode;
+import org.apache.eve.auth.LdapPrincipal;
/**
@@ -74,6 +75,19 @@
static void setInvocation( Invocation invocation )
{
invocations.set( invocation );
+ }
+
+
+ /**
+ * Gets the invocation's current context's Principal.
+ *
+ * @param invocation the current invocation context's principal
+ * @return the principal making the call
+ */
+ public static LdapPrincipal getPrincipal( Invocation invocation )
+ {
+ EveContext ctx = ( EveContext ) invocation.getContextStack().peek();
+ return ctx.getPrincipal();
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContext.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContext.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContext.java Mon Nov 1 00:03:59 2004
@@ -18,7 +18,6 @@
import java.util.Hashtable;
-import java.security.Principal;
import javax.naming.*;
import javax.naming.ldap.Control;
@@ -31,6 +30,7 @@
import org.apache.ldap.common.message.LockableAttributesImpl;
import org.apache.eve.PartitionNexus;
+import org.apache.eve.auth.LdapPrincipal;
/**
@@ -51,7 +51,7 @@
/** The distinguished name of this Context */
private final LdapName dn;
/** The Principal associated with this context */
- private Principal principal;
+ private LdapPrincipal principal;
// ------------------------------------------------------------------------
@@ -116,7 +116,7 @@
* @param env the environment properties used by this context
* @param dn the distinguished name of this context
*/
- protected EveContext( Principal principal, PartitionNexus nexusProxy,
+ protected EveContext( LdapPrincipal principal, PartitionNexus nexusProxy,
Hashtable env, Name dn )
{
this.dn = ( LdapName ) dn.clone();
@@ -136,7 +136,7 @@
* Gets the principal of the authenticated user which also happens to own
* @return
*/
- public Principal getPrincipal()
+ public LdapPrincipal getPrincipal()
{
return principal;
}
@@ -148,7 +148,7 @@
*
* @param principal the directory user principal
*/
- void setPrincipal( Principal principal )
+ void setPrincipal( LdapPrincipal principal )
{
this.principal = principal;
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveContextFactory.java Mon Nov 1 00:03:59 2004
@@ -68,7 +68,8 @@
// for convenience
private static final String TYPE = Context.SECURITY_AUTHENTICATION;
private static final String PRINCIPAL = Context.SECURITY_PRINCIPAL;
- //private static final String ADMIN = SystemPartition.ADMIN_PRINCIPAL;
+ private static final String ADMIN = SystemPartition.ADMIN_PRINCIPAL;
+ private static final Name ADMIN_NAME = SystemPartition.getAdminDn();
/** property used to shutdown the system */
public static final String SHUTDOWN_OP_ENV = "eve.operation.shutdown";
@@ -197,8 +198,7 @@
+ "- this is not allowed ONLY the admin can bootstrap" );
}
else if ( initialEnv.containsKey( PRINCIPAL ) &&
- ! initialEnv.get( PRINCIPAL ).equals(
- SystemPartition.ADMIN_PRINCIPAL ) )
+ ! initialEnv.get( PRINCIPAL ).equals( ADMIN ) )
{
throw new EveConfigurationException( "user "
+ initialEnv.get( PRINCIPAL )
@@ -230,14 +230,12 @@
*/
private boolean createAdminAccount() throws NamingException
{
- Name admin = new LdapName( SystemPartition.ADMIN_PRINCIPAL );
-
/*
* If the admin entry is there, then the database was already created
* before so we just need to lookup the userPassword field to see if
* the password matches.
*/
- if ( nexus.hasEntry( admin ) )
+ if ( nexus.hasEntry( ADMIN_NAME ) )
{
return false;
}
@@ -249,7 +247,7 @@
attributes.put( "objectClass", "inetOrgPerson" );
attributes.put( "uid", SystemPartition.ADMIN_UID );
attributes.put( "displayName", "Directory Superuser" );
- attributes.put( "creatorsName", SystemPartition.ADMIN_PRINCIPAL );
+ attributes.put( "creatorsName", ADMIN );
attributes.put( "createTimestamp", DateUtils.getGeneralizedTime() );
attributes.put( "displayName", "Directory Superuser" );
@@ -263,7 +261,7 @@
attributes.put( "userPassword", ArrayUtils.EMPTY_BYTE_ARRAY );
}
- nexus.add( SystemPartition.ADMIN_PRINCIPAL, admin, attributes );
+ nexus.add( ADMIN, ADMIN_NAME, attributes );
return true;
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveDirContext.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveDirContext.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveDirContext.java Mon Nov 1 00:03:59 2004
@@ -20,7 +20,6 @@
import java.io.IOException;
import java.util.Hashtable;
import java.text.ParseException;
-import java.security.Principal;
import javax.naming.Name;
import javax.naming.ldap.Control;
@@ -43,6 +42,7 @@
import org.apache.ldap.common.filter.FilterParserImpl;
import org.apache.eve.PartitionNexus;
+import org.apache.eve.auth.LdapPrincipal;
/**
@@ -82,7 +82,7 @@
* @param env the environment properties used by this context
* @param dn the distinguished name of this context
*/
- protected EveDirContext( Principal principal, PartitionNexus nexusProxy,
+ protected EveDirContext( LdapPrincipal principal, PartitionNexus nexusProxy,
Hashtable env, Name dn )
{
super( principal, nexusProxy, env, dn );
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveLdapContext.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveLdapContext.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/EveLdapContext.java Mon Nov 1 00:03:59 2004
@@ -18,7 +18,6 @@
import java.util.Hashtable;
-import java.security.Principal;
import javax.naming.NamingException;
import javax.naming.Name;
@@ -30,6 +29,7 @@
import org.apache.ldap.common.NotImplementedException;
import org.apache.eve.PartitionNexus;
+import org.apache.eve.auth.LdapPrincipal;
/**
@@ -68,7 +68,7 @@
* @param env the environment properties used by this context
* @param dn the distinguished name of this context
*/
- EveLdapContext( Principal principal, PartitionNexus nexusProxy, Hashtable env, Name dn )
+ EveLdapContext( LdapPrincipal principal, PartitionNexus nexusProxy, Hashtable env, Name dn )
{
super( principal, nexusProxy, env, dn );
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java Mon Nov 1 00:03:59 2004
@@ -17,8 +17,17 @@
package org.apache.eve.jndi.ibs;
+import javax.naming.Name;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.ModificationItem;
+
import org.apache.eve.RootNexus;
+import org.apache.eve.SystemPartition;
+import org.apache.eve.exception.EveNoPermissionException;
import org.apache.eve.jndi.BaseInterceptor;
+import org.apache.eve.jndi.Invocation;
+import org.apache.eve.jndi.InvocationStateEnum;
/**
@@ -29,6 +38,11 @@
*/
public class AuthorizationService extends BaseInterceptor
{
+ /** the administrator's distinguished {@link Name} */
+ private static final Name ADMIN_DN = SystemPartition.getAdminDn();
+ /** the base distinguished {@link Name} for all users */
+ private static final Name USER_BASE_DN = SystemPartition.getUsersBaseDn();
+
/** the root nexus to all database partitions */
private final RootNexus nexus;
@@ -41,5 +55,162 @@
public AuthorizationService( RootNexus nexus )
{
this.nexus = nexus;
+ }
+
+
+ // Note:
+ // Lookup, search and list operations need to be handled using a filter
+ // and so we need access to the filter service.
+
+
+ protected void delete( Name name ) throws NamingException
+ {
+ Invocation invocation = getInvocation();
+
+ if ( invocation.getState() == InvocationStateEnum.PREINVOCATION )
+ {
+ Name principalDn = getPrincipal( invocation ).getDn();
+
+ if ( name == ADMIN_DN || name.equals( ADMIN_DN ) )
+ {
+ String msg = "User " + principalDn;
+ msg += " does not have permission to delete the admin account.";
+ msg += " No one not even the admin can delete this account!";
+ throw new EveNoPermissionException( msg );
+ }
+
+ if ( name.startsWith( USER_BASE_DN ) && ! principalDn.equals( ADMIN_DN ) )
+ {
+ String msg = "User " + principalDn;
+ msg += " does not have permission to delete the user account: ";
+ msg += name + ". Only the admin can delete user accounts.";
+ throw new EveNoPermissionException( msg );
+ }
+ }
+ }
+
+
+ /**
+ * Note that we do nothing here. First because this is not an externally
+ * exposed function via the JNDI interfaces. It is used internally be the
+ * provider for optimization purposes so there is no reason for us to start
+ * to constrain it.
+ *
+ * @see BaseInterceptor#hasEntry(Name)
+ */
+ protected void hasEntry( Name dn ) throws NamingException
+ {
+ }
+
+
+ // ------------------------------------------------------------------------
+ // Entry Modification Operations
+ // ------------------------------------------------------------------------
+
+
+ /**
+ * This policy needs to be really tight too because some attributes may
+ * take part in giving the user permissions to protected resources. We
+ * do not want users to self access these resources. As far as we're
+ * concerned no one but the admin needs access.
+ *
+ * @see BaseInterceptor#modify(Name, int, Attributes)
+ */
+ protected void modify( Name dn, int modOp, Attributes mods ) throws NamingException
+ {
+ protectModifyAlterations( dn );
+ }
+
+
+ /**
+ * This policy needs to be really tight too because some attributes may
+ * take part in giving the user permissions to protected resources. We
+ * do not want users to self access these resources. As far as we're
+ * concerned no one but the admin needs access.
+ *
+ * @see BaseInterceptor#modify(Name, ModificationItem[])
+ */
+ protected void modify( Name dn, ModificationItem[] mods ) throws NamingException
+ {
+ protectModifyAlterations( dn );
+ }
+
+
+ private void protectModifyAlterations( Name dn ) throws EveNoPermissionException
+ {
+ Invocation invocation = getInvocation();
+
+ if ( invocation.getState() == InvocationStateEnum.PREINVOCATION )
+ {
+ Name principalDn = getPrincipal( invocation ).getDn();
+
+ if ( dn.startsWith( USER_BASE_DN ) && ! principalDn.equals( ADMIN_DN ) )
+ {
+ String msg = "User " + principalDn;
+ msg += " does not have permission to modify the account of the";
+ msg += " user " + dn + ".\nEven the owner of an account cannot";
+ msg += " modify it.\nUser accounts can only be modified by the";
+ msg += " administrator.";
+ throw new EveNoPermissionException( msg );
+ }
+ }
+ }
+
+
+ // ------------------------------------------------------------------------
+ // DN altering operations are a no no for any user entry. Basically here
+ // are the rules of conduct to follow:
+ //
+ // o No user should have the ability to move or rename their entry
+ // o Only the administrator can move or rename non-admin user entries
+ // o The administrator entry cannot be moved or renamed by anyone
+ // ------------------------------------------------------------------------
+
+
+ protected void modifyRdn( Name dn, String newRdn, boolean deleteOldRdn ) throws NamingException
+ {
+ protectDnAlterations( dn );
+ }
+
+
+ protected void move( Name oriChildName, Name newParentName ) throws NamingException
+ {
+ protectDnAlterations( oriChildName );
+ }
+
+
+ protected void move( Name oriChildName, Name newParentName, String newRdn,
+ boolean deleteOldRdn ) throws NamingException
+ {
+ protectDnAlterations( oriChildName );
+ }
+
+
+ private void protectDnAlterations( Name dn ) throws EveNoPermissionException
+ {
+ Invocation invocation = getInvocation();
+
+ if ( invocation.getState() == InvocationStateEnum.PREINVOCATION )
+ {
+ Name principalDn = getPrincipal( invocation ).getDn();
+
+ if ( dn == ADMIN_DN || dn.equals( ADMIN_DN ) )
+ {
+ String msg = "User " + principalDn;
+ msg += " does not have permission to move or rename the admin";
+ msg += " account. No one not even the admin can move or";
+ msg += " rename " + dn + "!";
+ throw new EveNoPermissionException( msg );
+ }
+
+ if ( dn.startsWith( USER_BASE_DN ) && ! principalDn.equals( ADMIN_DN ) )
+ {
+ String msg = "User " + principalDn;
+ msg += " does not have permission to move or rename the user";
+ msg += " account: " + dn + ". Only the admin can move or";
+ msg += " rename user accounts.";
+ throw new EveNoPermissionException( msg );
+ }
+ }
}
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/OperationalAttributeService.java Mon Nov 1 00:03:59 2004
@@ -18,14 +18,12 @@
import javax.naming.Name;
-import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.NamingEnumeration;
import javax.naming.ldap.LdapContext;
import javax.naming.directory.*;
import org.apache.eve.RootNexus;
-import org.apache.eve.SystemPartition;
import org.apache.eve.db.DbSearchResult;
import org.apache.eve.db.SearchResultFilter;
import org.apache.eve.jndi.Invocation;
@@ -37,7 +35,6 @@
import org.apache.ldap.common.util.DateUtils;
import org.apache.ldap.common.schema.AttributeType;
import org.apache.ldap.common.schema.UsageEnum;
-import org.apache.ldap.common.name.LdapName;
/**
@@ -85,7 +82,6 @@
/** a service used to filter search and lookup operations */
private final FilterService filteringService;
private final AttributeTypeRegistry registry;
- private static Name usersBaseDn;
/**
@@ -118,15 +114,6 @@
this.filteringService.addLookupFilter( LOOKUP_FILTER );
this.filteringService.addSearchResultFilter( SEARCH_FILTER );
-
- try
- {
- usersBaseDn = new LdapName( "ou=users,ou=system" );
- }
- catch ( NamingException e )
- {
- // never gets thrown since the DN used is static and correct
- }
}
@@ -141,15 +128,7 @@
if ( invocation.getState() == InvocationStateEnum.PREINVOCATION )
{
- String principal;
- if ( normName.startsWith( usersBaseDn ) && normName.size() > 2 )
- {
- principal = upName;
- }
- else
- {
- principal = getPrincipal( invocation );
- }
+ String principal = getPrincipal( invocation ).toString();
BasicAttribute attribute = new BasicAttribute( "creatorsName" );
attribute.add( principal );
@@ -298,18 +277,4 @@
}
- /**
- * Gets the DN of the principal associated with this operation.
- *
- * @param invocation the invocation to get the principal for
- * @return the principal as a String
- * @throws NamingException if there are problems
- */
- private String getPrincipal( Invocation invocation ) throws NamingException
- {
- String principal;
- Context ctx = ( ( Context ) invocation.getContextStack().peek() );
- principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
- return principal == null ? SystemPartition.ADMIN_PRINCIPAL : principal;
- }
}
Modified: incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java
==============================================================================
--- incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java (original)
+++ incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/ibs/OperationalAttributeServiceTest.java Mon Nov 1 00:03:59 2004
@@ -125,13 +125,16 @@
* user even though the admin is creating the user. This is the basis
* for some authorization rules to protect passwords.
*
+ * NOTE THIS CHANGE WAS REVERTED SO WE ADAPTED THE TEST TO MAKE SURE THE
+ * CHANGE DOES NOT PERSIST!
+ *
* @see <a href="http://nagoya.apache.org/jira/browse/DIREVE-67">JIRA Issue DIREVE-67</a>
*/
public void testConfirmNonAdminUserDnIsCreatorsName() throws NamingException
{
Attributes attributes = sysRoot.getAttributes( "uid=akarasulu,ou=users",
new String[] { "creatorsName" } );
- assertEquals( "uid=akarasulu,ou=users,ou=system",
- attributes.get( "creatorsName" ).get() );
+ assertFalse( "uid=akarasulu,ou=users,ou=system"
+ .equals( attributes.get( "creatorsName" ).get() ) );
}
}