Move GraalVM compilation to SLC

[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / util / directory / ldap / AbstractLdapDirectory.java

diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
index 9c35e4660797a252a98505d701f711f4a709e4e6..71a87887b85c7fd066d0230b341a312315caa1c7 100644 (file)
--- a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
+++ b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
@@ -19,6 +19,7 @@ import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 import javax.transaction.xa.XAResource;
@@ -37,8 +38,8 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
        protected static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
        protected static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
 
-       protected final LdapName baseDn;
-       protected final Hashtable<String, Object> configProperties;
+       private final LdapName baseDn;
+       private final Hashtable<String, Object> configProperties;
        private final Rdn userBaseRdn, groupBaseRdn, systemRoleBaseRdn;
        private final String userObjectClass, groupObjectClass;
        private String memberAttributeId = "member";
@@ -253,8 +254,17 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
                                        Object value = values.next();
                                        LdapName groupDn = new LdapName(value.toString());
                                        LdapEntry group = doGetRole(groupDn);
-                                       if (group != null)
+                                       if (group != null) {
                                                allRoles.add(group);
+                                       }else {
+                                               // user doesn't have the right to retrieve role, but we know it exists
+                                               // otherwise memberOf would not work
+                                               Attributes a = new BasicAttributes();
+                                               a.put(LdapNameUtils.getLastRdn(groupDn).getType(), LdapNameUtils.getLastRdn(groupDn).getValue());
+                                               a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
+                                               group = newGroup(groupDn, a);
+                                               allRoles.add(group);
+                                       }
                                }
                        } catch (NamingException e) {
                                throw new IllegalStateException("Cannot get memberOf groups for " + user, e);
@@ -365,6 +375,10 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
        /*
         * UTILITIES
         */
+       protected boolean isExternal(LdapName name) {
+               return !name.startsWith(baseDn);
+       }
+       
        protected static boolean hasObjectClass(Attributes attrs, LdapObjs objectClass) {
                return hasObjectClass(attrs, objectClass.name());
        }