I think yours was working because it was returning "cn=null, cn=users", which was a result of the fact that cn was null and the expression was assembled using the "+" operator. When I separated the ldap escape out, it caused a null pointer exception to be thrown instead. It should be fixed now.
Karl On Thu, May 5, 2011 at 7:19 PM, Kadri Atalay <atalay.ka...@gmail.com> wrote: > Fyi. The file I sent you was returning usernotfound. > > > Sent from my iPhone > > On May 5, 2011, at 7:12 PM, Karl Wright <daddy...@gmail.com> wrote: > >> It must mean we're somehow throwing an exception in the case where the >> user is missing. I bet I know why - the CN lookup is failing instead. >> I'll see if I can change it. >> >> Karl >> >> On Thu, May 5, 2011 at 6:43 PM, Kadri Atalay <atalay.ka...@gmail.com> wrote: >>> It works, only difference I see with previous one is: if a domain is >>> reachable, message usernotfound makes a better indicator, somehow we lost >>> that. >>> >>> >>> C:\OPT>testauthority >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser"; >>> UNREACHABLEAUTHORITY:TEQA-DC >>> TOKEN:TEQA-DC:DEAD_AUTHORITY >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeuser@fakedomain"; >>> UNREACHABLEAUTHORITY:TEQA-DC >>> TOKEN:TEQA-DC:DEAD_AUTHORITY >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeu...@teqa.filetek.com"; >>> UNREACHABLEAUTHORITY:TEQA-DC >>> TOKEN:TEQA-DC:DEAD_AUTHORITY >>> >>> Previous one >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=fakeu...@teqa.filetek.com"; >>> USERNOTFOUND:TEQA-DC >>> TOKEN:TEQA-DC:DEAD_AUTHORITY >>> >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_admin@teqa"; >>> UNREACHABLEAUTHORITY:TEQA-DC >>> TOKEN:TEQA-DC:DEAD_AUTHORITY >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >>> AUTHORIZED:TEQA-DC >>> TOKEN:TEQA-DC:S-1-5-32-545 >>> TOKEN:TEQA-DC:S-1-5-32-544 >>> TOKEN:TEQA-DC:S-1-5-32-555 >>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124 >>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480 >>> TOKEN:TEQA-DC:S-1-1-0 >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=kata...@teqa.filetek.com"; >>> AUTHORIZED:TEQA-DC >>> TOKEN:TEQA-DC:S-1-5-32-545 >>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1473 >>> TOKEN:TEQA-DC:S-1-1-0 >>> >>> C:\OPT>curl >>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay@fakedomain"; >>> UNREACHABLEAUTHORITY:TEQA-DC >>> TOKEN:TEQA-DC:DEAD_AUTHORITY >>> >>> >>> On Thu, May 5, 2011 at 6:29 PM, Karl Wright <daddy...@gmail.com> wrote: >>>> >>>> I've cleaned things up slightly to restore the objectSid and also to >>>> fix an infinite loop ifyou have more than one comma in the escape >>>> expression. I've attached the file, can you see if it works? >>>> >>>> Thanks, >>>> Karl >>>> >>>> >>>> On Thu, May 5, 2011 at 6:23 PM, Karl Wright <daddy...@gmail.com> wrote: >>>>> Thanks - we do need the user sid, so I will put that back. >>>>> >>>>> Also, I'd like to ask what you know about escaping the user name in >>>>> this expression: >>>>> >>>>> String searchFilter = "(&(objectClass=user)(sAMAccountName=" + userName >>>>> + "))"; >>>>> >>>>> It seems to me that there is probably some escaping needed, but I >>>>> don't know what style. Do you think it is the same (C-style, with \ >>>>> escape) as for the other case? >>>>> >>>>> Karl >>>>> >>>>> On Thu, May 5, 2011 at 6:20 PM, Kadri Atalay <atalay.ka...@gmail.com> >>>>> wrote: >>>>>> Hi Karl, >>>>>> >>>>>> String returnedAtts[]={"tokenGroups"} is ONLY returning the >>>>>> memberGroups, >>>>>> >>>>>> C:\OPT>curl >>>>>> >>>>>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >>>>>> AUTHORIZED:TEQA-DC >>>>>> TOKEN:TEQA-DC:S-1-5-32-545 >>>>>> TOKEN:TEQA-DC:S-1-5-32-544 >>>>>> TOKEN:TEQA-DC:S-1-5-32-555 >>>>>> TOKEN:TEQA-DC:S-1-5-21- >>>>>> 1212545812-2858578934-3563067286-1124 >>>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >>>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >>>>>> TOKEN:TEQA-DC:S-1-1-0 >>>>>> >>>>>> but, >>>>>> >>>>>> - String returnedAtts[] = {"tokenGroups","objectSid"}; is returning >>>>>> memberGroups AND SID for that user. >>>>>> >>>>>> C:\OPT>curl >>>>>> >>>>>> "http://localhost:8345/mcf-authority-service/UserACLs?username=katalay_ad...@teqa.filetek.com"; >>>>>> AUTHORIZED:TEQA-DC >>>>>> TOKEN:TEQA-DC:S-1-5-32-545 >>>>>> TOKEN:TEQA-DC:S-1-5-32-544 >>>>>> TOKEN:TEQA-DC:S-1-5-32-555 >>>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1124 >>>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-512 >>>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-513 >>>>>> TOKEN:TEQA-DC:S-1-5-21-1212545812-2858578934-3563067286-1480 >>>>>> TOKEN:TEQA-DC:S-1-1-0 >>>>>> >>>>>> Since we are only interested in the member groups, tokenGroups is >>>>>> sufficient, but if you also need user SID then you might keep the >>>>>> objectSID >>>>>> as well. >>>>>> >>>>>> Thanks >>>>>> >>>>>> Kadri >>>>>> >>>>>> >>>>>> On Thu, May 5, 2011 at 6:01 PM, Karl Wright <daddy...@gmail.com> wrote: >>>>>>> >>>>>>> I am curious about the following change, which does not seem correct: >>>>>>> >>>>>>> >>>>>>> //Specify the attributes to return >>>>>>> - String returnedAtts[] = {"tokenGroups","objectSid"}; >>>>>>> + String returnedAtts[]={"tokenGroups"}; >>>>>>> searchCtls.setReturningAttributes(returnedAtts); >>>>>>> >>>>>>> Karl >>>>>>> >>>>>>> >>>>>>> On Thu, May 5, 2011 at 5:36 PM, Kadri Atalay <atalay.ka...@gmail.com> >>>>>>> wrote: >>>>>>>> Karl, >>>>>>>> >>>>>>>> The ActiveDirectoryAuthority.java is attached. >>>>>>>> >>>>>>>> I'm not sure about clicking "Grant ASF License", or how to do that >>>>>>>> from >>>>>>>> Tortoise. >>>>>>>> But, you got my consent for granting the ASF license. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> Kadri >>>>>>>> >>>>>>>> >>>>>>>> On Thu, May 5, 2011 at 5:28 PM, Karl Wright <daddy...@gmail.com> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> You may attach the whole ActiveDirectoryAuthority.java file to the >>>>>>>>> ticket if you prefer. But you must click the "Grant ASF License" >>>>>>>>> button. >>>>>>>>> >>>>>>>>> Karl >>>>>>>>> >>>>>>>>> On Thu, May 5, 2011 at 5:24 PM, Kadri Atalay >>>>>>>>> <atalay.ka...@gmail.com> >>>>>>>>> wrote: >>>>>>>>>> Karl, >>>>>>>>>> >>>>>>>>>> I'm using the Tortoise SVN, and new to SVN.. >>>>>>>>>> Do you know how to do this with Tortoise ? >>>>>>>>>> Otherwise, I can just send the source code directly to you. >>>>>>>>>> BTW, there are some changes in the ParseUser method also, you can >>>>>>>>>> see >>>>>>>>>> all >>>>>>>>>> when you run the diff. >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> >>>>>>>>>> Kadri >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>> >>> >>> >
