opendev/gerrit
Code Issues Proposed changes

Catch missing LDAP accounts in group membership

Browse Source 
This catches missing LDAP accounts when looking up group membership.
This prevents throwing excessive LDAP stack traces to the log file,
since a user that doesn't exist won't be a member of anything.

Bug: Issue 1640
Change-Id: I75fd86fb9b8c5836125d261957893f34ffc48407
This commit is contained in:
Doug Kelly
2013-11-18 09:00:35 -06:00
parent 8b49b130ef
commit d0b6de2d6a
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
View File

@@ -198,7 +198,13 @@ import javax.security.auth.login.LoginException;
final HashMap<String, String> params = new HashMap<String, String>(); final HashMap<String, String> params = new HashMap<String, String>();
if (account == null) { if (account == null) {
account = findAccount(schema, ctx, username); try {
account = findAccount(schema, ctx, username);
} catch (AccountException e) {
LdapRealm.log.warn("Account " + username +
" not found, assuming empty group membership");
return Collections.emptySet();
}
} }
for (String name : schema.groupMemberQueryList.get(0).getParameters()) { for (String name : schema.groupMemberQueryList.get(0).getParameters()) {
params.put(name, account.get(name)); params.put(name, account.get(name));
@@ -215,7 +221,13 @@ import javax.security.auth.login.LoginException;
if (schema.accountMemberField != null) { if (schema.accountMemberField != null) {
if (account == null) { if (account == null) {
account = findAccount(schema, ctx, username); try {
account = findAccount(schema, ctx, username);
} catch (AccountException e) {
LdapRealm.log.warn("Account " + username +
" not found, assuming empty group membership");
return Collections.emptySet();
}
} }
final Attribute groupAtt = account.getAll(schema.accountMemberField); final Attribute groupAtt = account.getAll(schema.accountMemberField);