public Name getMatchedName( NextInterceptor next, Name dn, boolean normalized ) throws NamingException
{
// Access the principal requesting the operation, and bypass checks if it is the admin
Invocation invocation = InvocationStack.getInstance().peek();
DirectoryPartitionNexusProxy proxy = invocation.getProxy();
LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();
if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) || ! enabled )
{
return next.getMatchedName( dn, normalized );
}
// get the present matched name
Attributes entry;
Name matched = next.getMatchedName( dn, normalized );
// check if we have disclose on error permission for the entry at the matched dn
// if not remove rdn and check that until nothing is left in the name and return
// that but if permission is granted then short the process and return the dn
while ( matched.size() > 0 )
{
if ( normalized )
{
entry = proxy.lookup( matched, DirectoryPartitionNexusProxy.GETMATCHEDDN_BYPASS );
}
else
{
entry = proxy.lookup( matched, DirectoryPartitionNexusProxy.LOOKUP_BYPASS );
}
Set userGroups = groupCache.getGroups( user.getName() );
Collection tuples = new HashSet();
addPerscriptiveAciTuples( proxy, tuples, matched, entry );
addEntryAciTuples( tuples, entry );
addSubentryAciTuples( proxy, tuples, matched, entry );
if ( engine.hasPermission( proxy, userGroups, user.getJndiName(),
user.getAuthenticationLevel(), matched, null, null,
MATCHEDNAME_PERMS, tuples, entry ) )
{
return matched;
}