src/main/java/com/amazon/dlic/auth/ldap/backend/LDAPAuthorizationBackend.java [847:888]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - f.setParameter(ONE_PLACEHOLDER, originalUserName); f.setParameter(TWO_PLACEHOLDER, userRoleAttributeValue == null ? TWO_PLACEHOLDER : userRoleAttributeValue); List rolesResult = LdapHelper.search(connection, roleSearchSettings.get(ConfigConstants.LDAP_AUTHCZ_BASE, DEFAULT_ROLEBASE), f, SearchScope.SUBTREE); if (isTraceEnabled) { log.trace("Results for LDAP group search for {} in base {}:\n{}", escapedDn, roleSearchSettingsEntry.getKey(), rolesResult); } if (rolesResult != null && !rolesResult.isEmpty()) { for (final Iterator iterator = rolesResult.iterator(); iterator.hasNext();) { LdapEntry searchResultEntry = iterator.next(); LdapName ldapName = new LdapName(searchResultEntry.getDn()); ldapRoles.add(ldapName); resultRoleSearchBaseKeys.put(ldapName, roleSearchSettingsEntry); } } } } if (isTraceEnabled) { log.trace("roles count total {}", ldapRoles.size()); } // nested roles, makes only sense for DN style role names if (nestedRoleMatcher != null) { if (isTraceEnabled) { log.trace("Evaluate nested roles"); } final Set nestedReturn = new HashSet<>(ldapRoles); for (final LdapName roleLdapName : ldapRoles) { Set> nameRoleSearchBaseKeys = resultRoleSearchBaseKeys .get(roleLdapName); if (nameRoleSearchBaseKeys == null) { - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/com/amazon/dlic/auth/ldap2/LDAPAuthorizationBackend2.java [307:348]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - f.setParameter(ONE_PLACEHOLDER, originalUserName); f.setParameter(TWO_PLACEHOLDER, userRoleAttributeValue == null ? TWO_PLACEHOLDER : userRoleAttributeValue); List rolesResult = LdapHelper.search(connection, roleSearchSettings.get(ConfigConstants.LDAP_AUTHCZ_BASE, DEFAULT_ROLEBASE), f, SearchScope.SUBTREE); if (isTraceEnabled) { log.trace("Results for LDAP group search for {} in base {}:\n{}", escapedDn, roleSearchSettingsEntry.getKey(), rolesResult); } if (rolesResult != null && !rolesResult.isEmpty()) { for (final Iterator iterator = rolesResult.iterator(); iterator.hasNext();) { LdapEntry searchResultEntry = iterator.next(); LdapName ldapName = new LdapName(searchResultEntry.getDn()); ldapRoles.add(ldapName); resultRoleSearchBaseKeys.put(ldapName, roleSearchSettingsEntry); } } } } if (isTraceEnabled) { log.trace("roles count total {}", ldapRoles.size()); } // nested roles, makes only sense for DN style role names if (nestedRoleMatcher != null) { if (isTraceEnabled) { log.trace("Evaluate nested roles"); } final Set nestedReturn = new HashSet<>(ldapRoles); for (final LdapName roleLdapName : ldapRoles) { Set> nameRoleSearchBaseKeys = resultRoleSearchBaseKeys .get(roleLdapName); if (nameRoleSearchBaseKeys == null) { - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -