Bläddra i källkod

fix issue with ldap group permissions not resolving issue #583

Jason Rivard 4 år sedan
förälder
incheckning
496bb646ea

+ 0 - 1
server/src/main/java/password/pwm/AppProperty.java

@@ -75,7 +75,6 @@ public enum AppProperty
     CONFIG_JBCRYPT_PWLIB_ENABLE                     ( "config.enableJbCryptPwLibrary" ),
     CONFIG_EDITOR_BLOCK_OLD_IE                      ( "configEditor.blockOldIE" ),
     CONFIG_EDITOR_USER_PERMISSION_MATCH_LIMIT       ( "configEditor.userPermission.matchResultsLimit" ),
-    CONFIG_EDITOR_USER_PERMISSION_TIMEOUT_SECONDS   ( "configEditor.userPermission.matchTimeoutSeconds" ),
     CONFIG_EDITOR_IDLE_TIMEOUT                      ( "configEditor.idleTimeoutSeconds" ),
     CONFIG_GUIDE_IDLE_TIMEOUT                       ( "configGuide.idleTimeoutSeconds" ),
     CONFIG_MANAGER_ZIPDEBUG_MAXLOGBYTES             ( "configManager.zipDebug.maxLogBytes" ),

+ 1 - 1
server/src/main/java/password/pwm/config/function/UserMatchViewerFunction.java

@@ -106,7 +106,7 @@ public class UserMatchViewerFunction implements SettingUIFunction
 
         validateUserPermissionLdapValues( tempApplication, permissions );
 
-        final int maxSearchSeconds = Integer.parseInt( pwmApplication.getConfig().readAppProperty( AppProperty.CONFIG_EDITOR_USER_PERMISSION_TIMEOUT_SECONDS ) );
+        final long maxSearchSeconds = config.getLdapProfiles().getOrDefault( profile, config.getDefaultLdapProfile() ).readSettingAsLong( PwmSetting.LDAP_SEARCH_TIMEOUT );
         final TimeDuration maxSearchTime = TimeDuration.of( maxSearchSeconds, TimeDuration.Unit.SECONDS );
         return UserPermissionUtility.discoverMatchingUsers( tempApplication, permissions, SessionLabel.SYSTEM_LABEL, maxResultSize, maxSearchTime );
     }

+ 2 - 2
server/src/main/java/password/pwm/ldap/permission/LdapGroupTypeHelper.java

@@ -49,14 +49,14 @@ class LdapGroupTypeHelper implements PermissionTypeHelper
             throws PwmUnrecoverableException
     {
         final Instant startTime = Instant.now();
-        final String groupDN = userPermission.getLdapQuery();
+        final String groupDN = userPermission.getLdapBase();
 
         if ( userIdentity == null )
         {
             return false;
         }
 
-        LOGGER.trace( sessionLabel, () -> "begin check for ldapGroup match for " + userIdentity + " using queryMatch: " + groupDN );
+        LOGGER.trace( sessionLabel, () -> "begin check for ldapGroup match for " + userIdentity + " using groupMatch: " + groupDN );
 
         boolean result = false;
         if ( StringUtil.isEmpty( groupDN ) )

+ 4 - 3
server/src/main/java/password/pwm/ldap/permission/UserPermissionUtility.java

@@ -178,9 +178,10 @@ public class UserPermissionUtility
         }
 
         final List<UserIdentity> strippedResults = stripUserMatchesOutsideUserContexts( sessionLabel, pwmApplication, resultSet );
-        final List<UserIdentity> sortedResults = new ArrayList<>( strippedResults );
-        Collections.sort( sortedResults );
-        return Collections.unmodifiableList( sortedResults );
+        return strippedResults.stream()
+                .distinct()
+                .sorted()
+                .collect( Collectors.toUnmodifiableList() );
     }
 
     static String profileIdForPermission( final UserPermission userPermission )

+ 0 - 1
server/src/main/resources/password/pwm/AppProperty.properties

@@ -74,7 +74,6 @@ config.theme=pwm
 config.enableJbCryptPwLibrary=true
 configEditor.blockOldIE=true
 configEditor.userPermission.matchResultsLimit=5000
-configEditor.userPermission.matchTimeoutSeconds=10
 configEditor.idleTimeoutSeconds=900
 configGuide.idleTimeoutSeconds=3600
 configManager.zipDebug.maxLogBytes=50000000