Deal with case when groups are not visible by the user

author Mathieu Baudier <mbaudier@argeo.org>

Wed, 29 Jun 2022 04:43:15 +0000 (06:43 +0200)

committer Mathieu Baudier <mbaudier@argeo.org>

Wed, 29 Jun 2022 04:43:15 +0000 (06:43 +0200)
author Mathieu Baudier <mbaudier@argeo.org>
Wed, 29 Jun 2022 04:43:15 +0000 (06:43 +0200)
committer Mathieu Baudier <mbaudier@argeo.org>
Wed, 29 Jun 2022 04:43:15 +0000 (06:43 +0200)
diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java

index 9c35e4660797a252a98505d701f711f4a709e4e6..9e70e84ea34de2a96e7d928b8a35dec5bcf866f4 100644 (file)
--- a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
+++ b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
@@ -19,6 +19,7 @@ import javax.naming.NamingEnumeration;
  import javax.naming.NamingException;
  import javax.naming.directory.Attribute;
  import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
  import javax.naming.ldap.LdapName;
  import javax.naming.ldap.Rdn;
  import javax.transaction.xa.XAResource;
@@ -253,8 +254,17 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
                                         Object value = values.next();
                                         LdapName groupDn = new LdapName(value.toString());
                                         LdapEntry group = doGetRole(groupDn);
-                                       if (group != null)
+                                       if (group != null) {
                                                 allRoles.add(group);
+                                       }else {
+                                               // user doesn't have the right to retrieve role, but we know it exists
+                                               // otherwise memberOf would not work
+                                               Attributes a = new BasicAttributes();
+                                               a.put(LdapNameUtils.getLastRdn(groupDn).getType(), LdapNameUtils.getLastRdn(groupDn).getValue());
+                                               a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
+                                               group = newGroup(groupDn, a);
+                                               allRoles.add(group);
+                                       }
                                 }
                         } catch (NamingException e) {
                                 throw new IllegalStateException("Cannot get memberOf groups for " + user, e);
author	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 29 Jun 2022 04:43:15 +0000 (06:43 +0200)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 29 Jun 2022 04:43:15 +0000 (06:43 +0200)