[
https://issues.apache.org/jira/browse/FC-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14244101#comment-14244101
]
Shawn McKinney commented on FC-29:
----------------------------------
To fix this problem we need to add the OpenLDAP Proxy control to the compare
operation during authorization. Here is how it was performed using unbound lib:
private static final String OPENLDAP_PROXY_CONTROL =
"2.16.840.1.113730.3.4.18";
protected boolean compareNode( LDAPConnection ld,
String dn,
String userDn,
LDAPAttribute attribute )
throws LDAPException, UnsupportedEncodingException
{
counters.incrementCompare();
LDAPControl proxyCtl = new LDAPControl( OPENLDAP_PROXY_CONTROL, true,
( GlobalIds.DN + ": " + userDn ).getBytes( GlobalIds.UTF8 ) );
LDAPSearchConstraints opt = new LDAPSearchConstraints();
opt.setServerControls( proxyCtl );
return ld.compare( dn, attribute, opt );
}
> AuditMgr.getUserAuthZ cannot pull back failedOnly
> -------------------------------------------------
>
> Key: FC-29
> URL: https://issues.apache.org/jira/browse/FC-29
> Project: FORTRESS
> Issue Type: Bug
> Affects Versions: 1.0.0-RC39
> Reporter: Emmanuel Lecharny
> Fix For: 1.0.0
>
>
> This search filter:
> filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
> in AuditDAO.getAllAuthZs does not work. It appears the reqAssertion attribute
> cannot be searched on within the auditCompare object class. Have tested with
> ldapbrowser and does not pull back entries. Will need to come up with a work
> around.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
