X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifWriter.java;h=ba393cad13ba1992bde1dba35a35c682ded31563;hb=0b8aa4c76cb7a1d19abf93a4c1ae0c973abdab5b;hp=6dfd539956d89e233e7108ad4dfc1e1910f80e53;hpb=563ee18b53fa90f14dc3f443f29f6d020ffdee2b;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java
index 6dfd53995..ba393cad1 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java
@@ -1,5 +1,7 @@
 package org.argeo.osgi.useradmin;
 
+import static org.argeo.osgi.useradmin.LdifName.dn;
+
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
@@ -10,6 +12,7 @@ import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
 
 import org.apache.commons.codec.binary.Base64;
 
@@ -23,15 +26,22 @@ class LdifWriter {
 
 	void writeEntry(LdapName name, Attributes attributes) throws IOException {
 		try {
-			// TODO check consistency of DN with attributes
-			writer.append("dn:").append(name.toString()).append('\n');
+			// check consistency
+			Rdn nameRdn = name.getRdn(name.size() - 1);
+			Attribute nameAttr = attributes.get(nameRdn.getType());
+			if (!nameAttr.get().equals(nameRdn.getValue()))
+				throw new UserDirectoryException("Attribute "
+						+ nameAttr.getID() + "=" + nameAttr.get()
+						+ " not consistent with DN " + name);
+
+			writer.append(dn.name() + ":").append(name.toString()).append('\n');
 			Attribute objectClassAttr = attributes.get("objectClass");
 			if (objectClassAttr != null)
 				writeAttribute(objectClassAttr);
 			for (NamingEnumeration<? extends Attribute> attrs = attributes
 					.getAll(); attrs.hasMore();) {
 				Attribute attribute = attrs.next();
-				if (attribute.getID().equals("dn")
+				if (attribute.getID().equals(dn.name())
 						|| attribute.getID().equals("objectClass"))
 					continue;// skip DN attribute
 				writeAttribute(attribute);