Commit 052da6ea authored by Radovan Semancik's avatar Radovan Semancik
Browse files

Support for additional search filter (MID-4925). Some cleanup.

parent 64dc8033
......@@ -359,6 +359,11 @@ public abstract class AbstractLdapConfiguration extends AbstractConfiguration {
*/
private String runAsStrategy = RUN_AS_STRATEGY_NONE;
/**
* Search filter that will be added to all searche operations that the connector does.
*/
private String additionalSearchFilter;
// TODO: failover, accountSynchronizationFilter
// MAYBE TODO: respectResourcePasswordPolicyChangeAfterReset? filterWithOrInsteadOfAnd?
// removeLogEntryObjectClassFromFilter? synchronizePasswords? passwordAttributeToSynchronize?
......@@ -723,6 +728,14 @@ public abstract class AbstractLdapConfiguration extends AbstractConfiguration {
this.runAsStrategy = runAsStrategy;
}
@ConfigurationProperty(order = 41)
public String getAdditionalSearchFilter() {
return additionalSearchFilter;
}
public void setAdditionalSearchFilter(String additionalSearchFilter) {
this.additionalSearchFilter = additionalSearchFilter;
}
@Override
public void validate() {
......
......@@ -470,31 +470,31 @@ public abstract class AbstractLdapConnector<C extends AbstractLdapConfiguration>
}
@Override
public void executeQuery(ObjectClass objectClass, Filter icfFilter, ResultsHandler handler, OperationOptions options) {
public void executeQuery(ObjectClass objectClass, Filter connIdFilter, ResultsHandler handler, OperationOptions options) {
prepareConnIdSchema();
org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass = getSchemaTranslator().toLdapObjectClass(objectClass);
SearchStrategy<C> searchStrategy;
if (isEqualsFilter(icfFilter, Name.NAME)) {
if (isEqualsFilter(connIdFilter, Name.NAME)) {
// Search by __NAME__, which means DN. This translated to a base search.
searchStrategy = searchByDn(schemaTranslator.toDn(((EqualsFilter)icfFilter).getAttribute()),
searchStrategy = searchByDn(schemaTranslator.toDn(((EqualsFilter)connIdFilter).getAttribute()),
objectClass, ldapObjectClass, handler, options);
} else if (isEqualsFilter(icfFilter, Uid.NAME)) {
} else if (isEqualsFilter(connIdFilter, Uid.NAME)) {
// Search by __UID__. Special case for performance.
searchStrategy = searchByUid((Uid)((EqualsFilter)icfFilter).getAttribute(),
searchStrategy = searchByUid((Uid)((EqualsFilter)connIdFilter).getAttribute(),
objectClass, ldapObjectClass, handler, options);
} else if (isSecondaryIdentifierOrFilter(icfFilter)) {
} else if (isSecondaryIdentifierOrFilter(connIdFilter)) {
// Very special case. Search by DN or other secondary identifier value. It is used by IDMs to get object by
// This is not supported by LDAP. But it can be quite common. Therefore we want to support it as a special
// case by executing two searches.
searchStrategy = searchBySecondaryIdenfiers(icfFilter, objectClass, ldapObjectClass, handler, options);
searchStrategy = searchBySecondaryIdenfiers(connIdFilter, objectClass, ldapObjectClass, handler, options);
} else {
searchStrategy = searchUsual(icfFilter, objectClass, ldapObjectClass, handler, options);
searchStrategy = searchUsual(connIdFilter, objectClass, ldapObjectClass, handler, options);
}
......
......@@ -61,6 +61,7 @@ import org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformExcep
import org.apache.directory.api.ldap.model.filter.AndNode;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.FilterParser;
import org.apache.directory.api.ldap.model.filter.PresenceNode;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.ldap.model.message.LdapResult;
......@@ -410,6 +411,14 @@ public class LdapUtil {
Value ldapValue = schemaTranslator.toLdapIdentifierValue(ldapAttributeType, uidValue);
return new EqualityNode<>(ldapAttributeType, ldapValue);
}
public static ExprNode parseSearchFilter(String stringFilter) {
try {
return FilterParser.parse(stringFilter);
} catch (ParseException e) {
throw new InvalidAttributeValueException(e.getMessage(), e);
}
}
public static String getUidValue(Entry entry, org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass,
AbstractLdapConfiguration configuration, AbstractSchemaTranslator schemaTranslator) {
......
......@@ -407,18 +407,17 @@ public abstract class AbstractSchemaTranslator<C extends AbstractLdapConfigurati
* Throws exception if the attribute is illegal.
* Return null if the attribute is legal, but we do not have any definition for it.
*/
public AttributeType toLdapAttribute(org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass,
String icfAttributeName) {
if (Name.NAME.equals(icfAttributeName)) {
public AttributeType toLdapAttribute(org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass, String connIdAttributeName) {
if (Name.NAME.equals(connIdAttributeName)) {
return null;
}
String ldapAttributeName;
if (Uid.NAME.equals(icfAttributeName)) {
if (Uid.NAME.equals(connIdAttributeName)) {
ldapAttributeName = configuration.getUidAttribute();
} else if (OperationalAttributeInfos.PASSWORD.is(icfAttributeName)) {
} else if (OperationalAttributeInfos.PASSWORD.is(connIdAttributeName)) {
ldapAttributeName = configuration.getPasswordAttribute();
} else {
ldapAttributeName = icfAttributeName;
ldapAttributeName = connIdAttributeName;
}
try {
AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry(ldapAttributeName);
......@@ -434,7 +433,7 @@ public abstract class AbstractSchemaTranslator<C extends AbstractLdapConfigurati
attributeType.setNames(ldapAttributeName);
return attributeType;
} else {
throw new IllegalArgumentException("Unknown LDAP attribute "+ldapAttributeName+" (translated from ICF attribute "+icfAttributeName+")", e);
throw new IllegalArgumentException("Unknown LDAP attribute "+ldapAttributeName+" (translated from ICF attribute "+connIdAttributeName+")", e);
}
}
}
......@@ -563,44 +562,44 @@ public abstract class AbstractSchemaTranslator<C extends AbstractLdapConfigurati
}
@SuppressWarnings({ "unchecked", "rawtypes" })
protected Value wrapInLdapValueClass(AttributeType ldapAttributeType, Object icfAttributeValue) {
protected Value wrapInLdapValueClass(AttributeType ldapAttributeType, Object connIdAttributeValue) {
String syntaxOid = ldapAttributeType.getSyntaxOid();
if (SchemaConstants.GENERALIZED_TIME_SYNTAX.equals(syntaxOid)) {
if (icfAttributeValue instanceof Long) {
if (connIdAttributeValue instanceof Long) {
try {
return new Value(ldapAttributeType, LdapUtil.toGeneralizedTime((Long)icfAttributeValue, acceptsFractionalGeneralizedTime()));
return new Value(ldapAttributeType, LdapUtil.toGeneralizedTime((Long)connIdAttributeValue, acceptsFractionalGeneralizedTime()));
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
}
} else if (icfAttributeValue instanceof ZonedDateTime) {
} else if (connIdAttributeValue instanceof ZonedDateTime) {
try {
return new Value(ldapAttributeType, LdapUtil.toGeneralizedTime((ZonedDateTime)icfAttributeValue, acceptsFractionalGeneralizedTime()));
return new Value(ldapAttributeType, LdapUtil.toGeneralizedTime((ZonedDateTime)connIdAttributeValue, acceptsFractionalGeneralizedTime()));
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
}
} else if (icfAttributeValue instanceof String) {
} else if (connIdAttributeValue instanceof String) {
try {
return new Value(ldapAttributeType, icfAttributeValue.toString());
return new Value(ldapAttributeType, connIdAttributeValue.toString());
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
}
} else {
throw new InvalidAttributeValueException("Wrong type for attribute "+ldapAttributeType+": "+icfAttributeValue.getClass());
throw new InvalidAttributeValueException("Wrong type for attribute "+ldapAttributeType+": "+connIdAttributeValue.getClass());
}
} else if (icfAttributeValue instanceof Boolean) {
} else if (connIdAttributeValue instanceof Boolean) {
LOG.ok("Converting to LDAP: {0} ({1}): boolean", ldapAttributeType.getName(), syntaxOid);
try {
return new Value(ldapAttributeType, icfAttributeValue.toString().toUpperCase());
return new Value(ldapAttributeType, connIdAttributeValue.toString().toUpperCase());
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
}
} else if (icfAttributeValue instanceof GuardedString) {
} else if (connIdAttributeValue instanceof GuardedString) {
try {
return new GuardedStringValue(ldapAttributeType, (GuardedString) icfAttributeValue);
return new GuardedStringValue(ldapAttributeType, (GuardedString) connIdAttributeValue);
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
......@@ -608,16 +607,16 @@ public abstract class AbstractSchemaTranslator<C extends AbstractLdapConfigurati
} else if (isBinarySyntax(syntaxOid)) {
LOG.ok("Converting to LDAP: {0} ({1}): explicit binary", ldapAttributeType.getName(), syntaxOid);
if (icfAttributeValue instanceof byte[]) {
if (connIdAttributeValue instanceof byte[]) {
// Do NOT set attributeType in the Value in this case.
// The attributeType might not match the Value class
// e.g. human-readable jpegPhoto attribute will expect StringValue
return new Value((byte[])icfAttributeValue);
} else if (icfAttributeValue instanceof String) {
return new Value((byte[])connIdAttributeValue);
} else if (connIdAttributeValue instanceof String) {
// this can happen for userPassword
byte[] bytes;
try {
bytes = ((String)icfAttributeValue).getBytes("UTF-8");
bytes = ((String)connIdAttributeValue).getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
throw new IllegalArgumentException("Cannot encode attribute value to UTF-8 for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
......@@ -627,22 +626,22 @@ public abstract class AbstractSchemaTranslator<C extends AbstractLdapConfigurati
// e.g. human-readable jpegPhoto attribute will expect StringValue
return new Value(bytes);
} else {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": expected byte[] but got "+icfAttributeValue.getClass()
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": expected byte[] but got "+connIdAttributeValue.getClass()
+"; attributeType="+ldapAttributeType);
}
} else if (!isBinaryAttribute(syntaxOid)) {
} else if (!isBinarySyntax(syntaxOid)) {
LOG.ok("Converting to LDAP: {0} ({1}): explicit string", ldapAttributeType.getName(), syntaxOid);
try {
return new Value(ldapAttributeType, icfAttributeValue.toString());
return new Value(ldapAttributeType, connIdAttributeValue.toString());
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
}
} else {
if (icfAttributeValue instanceof byte[]) {
if (connIdAttributeValue instanceof byte[]) {
LOG.ok("Converting to LDAP: {0} ({1}): detected binary", ldapAttributeType.getName(), syntaxOid);
try {
return new Value(ldapAttributeType, (byte[])icfAttributeValue);
return new Value(ldapAttributeType, (byte[])connIdAttributeValue);
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
......@@ -650,7 +649,7 @@ public abstract class AbstractSchemaTranslator<C extends AbstractLdapConfigurati
} else {
LOG.ok("Converting to LDAP: {0} ({1}): detected string", ldapAttributeType.getName(), syntaxOid);
try {
return new Value(ldapAttributeType, icfAttributeValue.toString());
return new Value(ldapAttributeType, connIdAttributeValue.toString());
} catch (LdapInvalidAttributeValueException e) {
throw new IllegalArgumentException("Invalid value for attribute "+ldapAttributeType.getName()+": "+e.getMessage()
+"; attributeType="+ldapAttributeType, e);
......
......@@ -54,6 +54,7 @@ import org.identityconnectors.framework.common.objects.filter.StartsWithFilter;
import com.evolveum.polygon.common.SchemaUtil;
import com.evolveum.polygon.connector.ldap.AbstractLdapConfiguration;
import com.evolveum.polygon.connector.ldap.LdapUtil;
/**
* @author Radovan Semancik
......@@ -73,39 +74,25 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
/**
* Translate filter, also add AND statement for objectClass.
*/
public ScopedFilter translate(Filter icfFilter, ObjectClass ldapObjectClass) {
ScopedFilter plainScopedFilter = translate(icfFilter);
EqualityNode<String> objectClassEqFilter = createObjectClassEqFilter(ldapObjectClass);
if (plainScopedFilter == null) {
return new ScopedFilter(objectClassEqFilter);
}
ExprNode plainFilter = plainScopedFilter.getFilter();
if (plainFilter == null) {
return new ScopedFilter(objectClassEqFilter, plainScopedFilter.getBaseDn());
}
if (plainFilter instanceof AndNode) {
((AndNode)plainFilter).addNode(objectClassEqFilter);
public ScopedFilter translate(Filter connIdFilter, ObjectClass ldapObjectClass) {
ScopedFilter plainScopedFilter = translate(connIdFilter);
if (plainScopedFilter != null) {
return plainScopedFilter;
} else {
return new ScopedFilter(new AndNode(objectClassEqFilter, plainFilter), plainScopedFilter.getBaseDn());
return new ScopedFilter(LdapUtil.createObjectClassFilter(ldapObjectClass));
}
}
private EqualityNode<String> createObjectClassEqFilter(ObjectClass ldapObjectClass) {
return new EqualityNode<String>(SchemaConstants.OBJECT_CLASS_AT, ldapObjectClass.getName());
}
public ScopedFilter translate(AndFilter icfFilter) {
if (icfFilter == null) {
public ScopedFilter translate(AndFilter connIdFilter) {
if (connIdFilter == null) {
return null;
}
Collection<Filter> icfSubfilters = icfFilter.getFilters();
List<ExprNode> subNodes = new ArrayList<ExprNode>(icfSubfilters.size());
Collection<Filter> connIdSubfilters = connIdFilter.getFilters();
List<ExprNode> subNodes = new ArrayList<ExprNode>(connIdSubfilters.size());
Dn baseDn = null;
for (Filter icfSubFilter: icfSubfilters) {
for (Filter icfSubFilter: connIdSubfilters) {
ScopedFilter subNode = translate(icfSubFilter);
if (subNode.getBaseDn() != null) {
......@@ -125,16 +112,16 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
}
public ScopedFilter translate(OrFilter icfFilter) {
if (icfFilter == null) {
public ScopedFilter translate(OrFilter connIdFilter) {
if (connIdFilter == null) {
return null;
}
Collection<Filter> icfSubfilters = icfFilter.getFilters();
List<ExprNode> subNodes = new ArrayList<ExprNode>(icfSubfilters.size());
Collection<Filter> connIdSubfilters = connIdFilter.getFilters();
List<ExprNode> subNodes = new ArrayList<ExprNode>(connIdSubfilters.size());
for (Filter icfSubFilter: icfSubfilters) {
ScopedFilter subNode = translate(icfSubFilter);
for (Filter connIdSubFilter: connIdSubfilters) {
ScopedFilter subNode = translate(connIdSubFilter);
if (subNode.getBaseDn() != null) {
throw new InvalidAttributeValueException("Filter for __NAME__ cannot be used in OR clauses");
......@@ -147,13 +134,13 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
}
public ScopedFilter translate(NotFilter icfFilter) {
if (icfFilter == null) {
public ScopedFilter translate(NotFilter connIdFilter) {
if (connIdFilter == null) {
return null;
}
Filter icfSubfilter = icfFilter.getFilter();
ScopedFilter subNode = translate(icfSubfilter);
Filter connIdSubfilter = connIdFilter.getFilter();
ScopedFilter subNode = translate(connIdSubfilter);
if (subNode.getBaseDn() != null) {
throw new InvalidAttributeValueException("Filter for __NAME__ cannot be used in NOT clauses");
......@@ -163,22 +150,22 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
}
public ScopedFilter translate(ContainsAllValuesFilter icfFilter) {
if (icfFilter == null) {
public ScopedFilter translate(ContainsAllValuesFilter connIdFilter) {
if (connIdFilter == null) {
return null;
}
Attribute icfAttribute = icfFilter.getAttribute();
String icfAttributeName = icfAttribute.getName();
List<Object> icfAttributeValue = icfAttribute.getValue();
Attribute connIdAttribute = connIdFilter.getAttribute();
String connIdAttributeName = connIdAttribute.getName();
List<Object> connIdAttributeValue = connIdAttribute.getValue();
if (Name.NAME.equals(icfAttributeName)) {
Dn dn = schemaTranslator.toDn(icfAttribute);
if (Name.NAME.equals(connIdAttributeName)) {
Dn dn = schemaTranslator.toDn(connIdAttribute);
return new ScopedFilter(dn);
}
AttributeType ldapAttributeType = schemaTranslator.toLdapAttribute(ldapObjectClass, icfAttributeName);
List<Value> ldapValues = schemaTranslator.toLdapValues(ldapAttributeType, icfAttributeValue);
AttributeType ldapAttributeType = schemaTranslator.toLdapAttribute(ldapObjectClass, connIdAttributeName);
List<Value> ldapValues = schemaTranslator.toLdapValues(ldapAttributeType, connIdAttributeValue);
if (ldapValues == null || ldapValues.isEmpty()) {
throw new IllegalArgumentException("Does it make sense to have empty ContainsAllValuesFilter?");
......@@ -219,20 +206,20 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
}
public ScopedFilter translate(EqualsFilter icfFilter) {
if (icfFilter == null) {
public ScopedFilter translate(EqualsFilter connIdFilter) {
if (connIdFilter == null) {
return null;
}
Attribute icfAttribute = icfFilter.getAttribute();
String icfAttributeName = icfAttribute.getName();
Attribute connIdAttribute = connIdFilter.getAttribute();
String connIdAttributeName = connIdAttribute.getName();
if (Name.NAME.equals(icfAttributeName)) {
if (Name.NAME.equals(connIdAttributeName)) {
throw new IllegalArgumentException("Cannot use wildcard filter on DN (__NAME__)");
}
AttributeType ldapAttributeType = schemaTranslator.toLdapAttribute(ldapObjectClass, icfAttributeName);
String pattern = SchemaUtil.getSingleStringNonBlankValue(icfAttribute);
AttributeType ldapAttributeType = schemaTranslator.toLdapAttribute(ldapObjectClass, connIdAttributeName);
String pattern = SchemaUtil.getSingleStringNonBlankValue(connIdAttribute);
return new ScopedFilter(new SubstringNode(ldapAttributeType, pattern, null));
}
......@@ -346,8 +333,8 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
}
public ScopedFilter translate(Filter icfFilter) {
if (icfFilter == null) {
public ScopedFilter translate(Filter connIdFilter) {
if (connIdFilter == null) {
return null;
}
......@@ -355,53 +342,53 @@ public class LdapFilterTranslator<C extends AbstractLdapConfiguration> {
// it is unlikely that they will appear every day. Therefore we do not need
// any OO magic here. And this is still quite readable.
if (icfFilter instanceof AndFilter) {
return translate((AndFilter)icfFilter);
} else if (icfFilter instanceof OrFilter) {
return translate((OrFilter)icfFilter);
} else if (icfFilter instanceof NotFilter) {
return translate((NotFilter)icfFilter);
} else if (icfFilter instanceof EqualsFilter) {
return translateEqualsFilter((EqualsFilter)icfFilter);
} else if (icfFilter instanceof ContainsAllValuesFilter) {
return translate((ContainsAllValuesFilter)icfFilter);
} else if (icfFilter instanceof ContainsFilter) {
return translate((ContainsFilter)icfFilter);
} else if ((icfFilter instanceof StartsWithFilter) || (icfFilter instanceof EndsWithFilter)) {
return translate((EqualsFilter)icfFilter);
} else if (icfFilter instanceof GreaterThanFilter) {
return translate((GreaterThanFilter)icfFilter);
} else if (icfFilter instanceof GreaterThanOrEqualFilter) {
return translate((GreaterThanOrEqualFilter)icfFilter);
} else if (icfFilter instanceof LessThanFilter) {
return translate((LessThanFilter)icfFilter);
} else if (icfFilter instanceof LessThanOrEqualFilter) {
return translate((LessThanOrEqualFilter)icfFilter);
} else if (icfFilter instanceof ExternallyChainedFilter) {
return translate(((ExternallyChainedFilter)icfFilter).getFilter());
if (connIdFilter instanceof AndFilter) {
return translate((AndFilter)connIdFilter);
} else if (connIdFilter instanceof OrFilter) {
return translate((OrFilter)connIdFilter);
} else if (connIdFilter instanceof NotFilter) {
return translate((NotFilter)connIdFilter);
} else if (connIdFilter instanceof EqualsFilter) {
return translateEqualsFilter((EqualsFilter)connIdFilter);
} else if (connIdFilter instanceof ContainsAllValuesFilter) {
return translate((ContainsAllValuesFilter)connIdFilter);
} else if (connIdFilter instanceof ContainsFilter) {
return translate((ContainsFilter)connIdFilter);
} else if ((connIdFilter instanceof StartsWithFilter) || (connIdFilter instanceof EndsWithFilter)) {
return translate((EqualsFilter)connIdFilter);
} else if (connIdFilter instanceof GreaterThanFilter) {
return translate((GreaterThanFilter)connIdFilter);
} else if (connIdFilter instanceof GreaterThanOrEqualFilter) {
return translate((GreaterThanOrEqualFilter)connIdFilter);
} else if (connIdFilter instanceof LessThanFilter) {
return translate((LessThanFilter)connIdFilter);
} else if (connIdFilter instanceof LessThanOrEqualFilter) {
return translate((LessThanOrEqualFilter)connIdFilter);
} else if (connIdFilter instanceof ExternallyChainedFilter) {
return translate(((ExternallyChainedFilter)connIdFilter).getFilter());
} else {
throw new IllegalArgumentException("Unknown filter "+icfFilter.getClass());
throw new IllegalArgumentException("Unknown filter "+connIdFilter.getClass());
}
}
protected ScopedFilter translateEqualsFilter(EqualsFilter icfFilter) {
Attribute icfAttribute = icfFilter.getAttribute();
String icfAttributeName = icfAttribute.getName();
List<Object> icfAttributeValue = icfAttribute.getValue();
if (Name.NAME.equals(icfAttributeName)) {
Dn dn = schemaTranslator.toDn(icfAttribute);
protected ScopedFilter translateEqualsFilter(EqualsFilter connIdFilter) {
Attribute connIdAttribute = connIdFilter.getAttribute();
String connIdAttributeName = connIdAttribute.getName();
List<Object> connIdAttributeValue = connIdAttribute.getValue();
if (Name.NAME.equals(connIdAttributeName)) {
Dn dn = schemaTranslator.toDn(connIdAttribute);
return new ScopedFilter(null, dn);
}
AttributeType ldapAttributeType = schemaTranslator.toLdapAttribute(ldapObjectClass, icfAttributeName);
AttributeType ldapAttributeType = schemaTranslator.toLdapAttribute(ldapObjectClass, connIdAttributeName);
Value ldapValue;
if (Uid.NAME.equals(icfAttributeName)) {
if (icfAttributeValue.size() != 1) {
throw new InvalidAttributeValueException("Expected single value for UID, but got " + icfAttributeValue);
if (Uid.NAME.equals(connIdAttributeName)) {
if (connIdAttributeValue.size() != 1) {
throw new InvalidAttributeValueException("Expected single value for UID, but got " + connIdAttributeValue);
}
ldapValue = schemaTranslator.toLdapIdentifierValue(ldapAttributeType, (String)icfAttributeValue.get(0));
ldapValue = schemaTranslator.toLdapIdentifierValue(ldapAttributeType, (String)connIdAttributeValue.get(0));
} else {
ldapValue = schemaTranslator.toLdapValue(ldapAttributeType, icfAttributeValue);
ldapValue = schemaTranslator.toLdapValue(ldapAttributeType, connIdAttributeValue);
}
return new ScopedFilter(new EqualityNode<Object>(ldapAttributeType, ldapValue));
}
......
......@@ -325,12 +325,16 @@ public abstract class SearchStrategy<C extends AbstractLdapConfiguration> {
protected ExprNode preProcessSearchFilter(ExprNode filterNode) {
if (configuration.isIncludeObjectClassFilter() && !LdapUtil.containsObjectClassFilter(filterNode)) {
return LdapUtil.filterAnd(
filterNode = LdapUtil.filterAnd(
LdapUtil.createObjectClassFilter(ldapObjectClass),
filterNode);
} else {
return filterNode;
}
if (configuration.getAdditionalSearchFilter() != null) {
filterNode = LdapUtil.filterAnd(
filterNode,
LdapUtil.parseSearchFilter(configuration.getAdditionalSearchFilter()));
}
return filterNode;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment