/** * Search for the user's entry. Determine the distinguished name of the user's entry and * optionally an authorization identity for the user. * * @param ctx an LDAP context to use for the search * @return the user's distinguished name or an empty string if none was found. * @exception LoginException if the user's entry cannot be found. */ private String findUserDN(LdapContext ctx) throws LoginException { String userDN = ""; // Locate the user's LDAP entry if (userFilter != null) { if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "searching for entry belonging to user: "******"\t\t[LdapLoginModule] " + "cannot search for entry belonging to user: "******"Cannot find user's LDAP entry"); } try { NamingEnumeration results = ctx.search("", replaceUsernameToken(filterMatcher, userFilter), constraints); // Extract the distinguished name of the user's entry // (Use the first entry if more than one is returned) if (results.hasMore()) { SearchResult entry = (SearchResult) results.next(); // %%% - use the SearchResult.getNameInNamespace method // available in JDK 1.5 and later. // (can remove call to constraints.setReturningObjFlag) userDN = ((Context) entry.getObject()).getNameInNamespace(); if (debug) { System.out.println("\t\t[LdapLoginModule] found entry: " + userDN); } // Extract a value from user's authorization identity attribute if (authzIdentityAttr != null) { Attribute attr = entry.getAttributes().get(authzIdentityAttr); if (attr != null) { Object val = attr.get(); if (val instanceof String) { authzIdentity = (String) val; } } } results.close(); } else { // Bad username if (debug) { System.out.println("\t\t[LdapLoginModule] user's entry " + "not found"); } } } catch (NamingException e) { // ignore } if (userDN.equals("")) { throw (LoginException) new FailedLoginException("Cannot find user's LDAP entry"); } else { return userDN; } }