Catch missing LDAP accounts in group membership

This catches missing LDAP accounts when looking up group membership. This prevents throwing excessive LDAP stack traces to the log file, since a user that doesn't exist won't be a member of anything. Bug: Issue 1640 Change-Id: I75fd86fb9b8c5836125d261957893f34ffc48407
2013-11-18 09:00:35 -06:00
parent 8b49b130ef
commit d0b6de2d6a
1 changed files with 14 additions and 2 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
@@ -198,7 +198,13 @@ import javax.security.auth.login.LoginException;
      final HashMap<String, String> params = new HashMap<String, String>();

      if (account == null) {
-        account = findAccount(schema, ctx, username);
+        try {
+          account = findAccount(schema, ctx, username);
+        } catch (AccountException e) {
+          LdapRealm.log.warn("Account " + username +
+              " not found, assuming empty group membership");
+          return Collections.emptySet();
+        }
      }
      for (String name : schema.groupMemberQueryList.get(0).getParameters()) {
        params.put(name, account.get(name));
@@ -215,7 +221,13 @@ import javax.security.auth.login.LoginException;

    if (schema.accountMemberField != null) {
      if (account == null) {
-        account = findAccount(schema, ctx, username);
+        try {
+          account = findAccount(schema, ctx, username);
+        } catch (AccountException e) {
+          LdapRealm.log.warn("Account " + username +
+              " not found, assuming empty group membership");
+          return Collections.emptySet();
+        }
      }

      final Attribute groupAtt = account.getAll(schema.accountMemberField);