X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifWriter.java;h=ba393cad13ba1992bde1dba35a35c682ded31563;hb=6342d1d28f8338866c876f8b6364ce3f1eac28aa;hp=001d78d8b13a97e2f86a905dac9828a1fcc67679;hpb=137290df09ccfb49fcdfc72b611aa8d32182342c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java
index 001d78d8b..ba393cad1 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifWriter.java
@@ -1,5 +1,7 @@
 package org.argeo.osgi.useradmin;
 
+import static org.argeo.osgi.useradmin.LdifName.dn;
+
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
@@ -10,6 +12,7 @@ import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
 
 import org.apache.commons.codec.binary.Base64;
 
@@ -17,21 +20,28 @@ import org.apache.commons.codec.binary.Base64;
 class LdifWriter {
 	private final Writer writer;
 
-	public LdifWriter(OutputStream out) {
+	LdifWriter(OutputStream out) {
 		this.writer = new OutputStreamWriter(out);
 	}
 
 	void writeEntry(LdapName name, Attributes attributes) throws IOException {
 		try {
-			// TODO check consistency of DN with attributes
-			writer.append("dn:").append(name.toString()).append('\n');
+			// check consistency
+			Rdn nameRdn = name.getRdn(name.size() - 1);
+			Attribute nameAttr = attributes.get(nameRdn.getType());
+			if (!nameAttr.get().equals(nameRdn.getValue()))
+				throw new UserDirectoryException("Attribute "
+						+ nameAttr.getID() + "=" + nameAttr.get()
+						+ " not consistent with DN " + name);
+
+			writer.append(dn.name() + ":").append(name.toString()).append('\n');
 			Attribute objectClassAttr = attributes.get("objectClass");
 			if (objectClassAttr != null)
 				writeAttribute(objectClassAttr);
 			for (NamingEnumeration<? extends Attribute> attrs = attributes
 					.getAll(); attrs.hasMore();) {
 				Attribute attribute = attrs.next();
-				if (attribute.getID().equals("dn")
+				if (attribute.getID().equals(dn.name())
 						|| attribute.getID().equals("objectClass"))
 					continue;// skip DN attribute
 				writeAttribute(attribute);