Github user mike-jumper commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/204#discussion_r161586442 --- Diff: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java --- @@ -113,56 +123,65 @@ // looking for direct membership in the guacConfigGroup // and possibly any groups the user is a member of that are // referred to in the seeAlso attribute of the guacConfigGroup. - LDAPSearchResults results = ldapConnection.search( - configurationBaseDN, - LDAPConnection.SCOPE_SUB, - connectionSearchFilter, - null, - false, - confService.getLDAPSearchConstraints() - ); + SearchRequest request = new SearchRequestImpl(); + request.setBase(configurationBaseDN); + request.setDerefAliases(confService.getDereferenceAliases()); + request.setScope(SearchScope.SUBTREE); + request.setFilter(connectionSearchFilter); + request.setSizeLimit(confService.getMaxResults()); + request.setTimeLimit(confService.getOperationTimeout()); + request.setTypesOnly(false); + + if(confService.getFollowReferrals()) + request.followReferrals(); + + SearchCursor results = ldapConnection.search(request); // Build token filter containing credential tokens TokenFilter tokenFilter = new TokenFilter(); StandardTokens.addStandardTokens(tokenFilter, user); // Produce connections for each readable configuration Map<String, Connection> connections = new HashMap<String, Connection>(); - while (results.hasMore()) { - - try { - - LDAPEntry entry = results.next(); - - // Get common name (CN) - LDAPAttribute cn = entry.getAttribute("cn"); - if (cn == null) { - logger.warn("guacConfigGroup is missing a cn."); - continue; - } + while (results.next()) { + + // Get the entry + Response response = results.get(); + Entry entry; + if (response instanceof SearchResultEntry) + entry = ((SearchResultEntry)results).getEntry(); + else + continue; + + // Get common name (CN) + Attribute cn = entry.get("cn"); + if (cn == null) { + logger.warn("guacConfigGroup is missing a cn."); + continue; + } - // Get associated protocol - LDAPAttribute protocol = entry.getAttribute("guacConfigProtocol"); - if (protocol == null) { - logger.warn("guacConfigGroup \"{}\" is missing the " - + "required \"guacConfigProtocol\" attribute.", - cn.getStringValue()); - continue; - } + // Get associated protocol + Attribute protocol = entry.get("guacConfigProtocol"); + if (protocol == null) { + logger.warn("guacConfigGroup \"{}\" is missing the " + + "required \"guacConfigProtocol\" attribute.", + cn.getString()); + continue; + } - // Set protocol - GuacamoleConfiguration config = new GuacamoleConfiguration(); - config.setProtocol(protocol.getStringValue()); + // Set protocol + GuacamoleConfiguration config = new GuacamoleConfiguration(); + config.setProtocol(protocol.getString()); - // Get parameters, if any - LDAPAttribute parameterAttribute = entry.getAttribute("guacConfigParameter"); - if (parameterAttribute != null) { + // Get parameters, if any + Attribute parameterAttribute = entry.get("guacConfigParameter"); + if (parameterAttribute != null) { - // For each parameter - Enumeration<?> parameters = parameterAttribute.getStringValues(); - while (parameters.hasMoreElements()) { + // For each parameter + Iterator parameters = parameterAttribute.iterator(); --- End diff -- I don't see any problem with using an iterator - the issue here is that the type parameter for `Iterator` is not being used, and thus we are later having to typecast to `String`. Checking the API for [`Attribute`](http://directory.apache.org/api/gen-docs/latest/apidocs/org/apache/directory/api/ldap/model/entry/Attribute.html), the `iterator()` function returns an `Iterator<Value<?>>`, with `Value<?>` providing a `getString()`. I'm not sure why typecasting to `String` would be working, but I think we should be using proper Java generics.
---