src/main/java/com/amazon/dlic/auth/ldap/backend/LDAPAuthorizationBackend.java [787:835]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - if (isValidDn(possibleRoleDN)) { LdapName ldapName = new LdapName(possibleRoleDN); ldapRoles.add(ldapName); resultRoleSearchBaseKeys.putAll(ldapName, this.roleBaseSettings); } else { nonLdapRoles.add(possibleRoleDN); } } } } if (isTraceEnabled) { log.trace("User attr. ldap roles count: {}", ldapRoles.size()); log.trace("User attr. ldap roles {}", ldapRoles); log.trace("User attr. non-ldap roles count: {}", nonLdapRoles.size()); log.trace("User attr. non-ldap roles {}", nonLdapRoles); } // The attribute in a role entry containing the name of that role, Default is // "name". // Can also be "dn" to use the full DN as rolename. // rolename: name final String roleName = settings.get(ConfigConstants.LDAP_AUTHZ_ROLENAME, DEFAULT_ROLENAME); if (isTraceEnabled) { log.trace("roleName: {}", roleName); } // Specify the name of the attribute which value should be substituted with {2} // Substituted with an attribute value from user's directory entry, of the // authenticated user // userroleattribute: null final String userRoleAttributeName = settings.get(ConfigConstants.LDAP_AUTHZ_USERROLEATTRIBUTE, null); if (isTraceEnabled) { log.trace("userRoleAttribute: {}", userRoleAttributeName); log.trace("rolesearch: {}", settings.get(ConfigConstants.LDAP_AUTHZ_ROLESEARCH, DEFAULT_ROLESEARCH)); } String userRoleAttributeValue = null; final LdapAttribute userRoleAttribute = entry.getAttribute(userRoleAttributeName); if (userRoleAttribute != null) { userRoleAttributeValue = Utils.getSingleStringValue(userRoleAttribute); } if (rolesearchEnabled) { String escapedDn = dn; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/com/amazon/dlic/auth/ldap2/LDAPAuthorizationBackend2.java [251:299]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - if (isValidDn(possibleRoleDN)) { LdapName ldapName = new LdapName(possibleRoleDN); ldapRoles.add(ldapName); resultRoleSearchBaseKeys.putAll(ldapName, this.roleBaseSettings); } else { nonLdapRoles.add(possibleRoleDN); } } } } if (isTraceEnabled) { log.trace("User attr. ldap roles count: {}", ldapRoles.size()); log.trace("User attr. ldap roles {}", ldapRoles); log.trace("User attr. non-ldap roles count: {}", nonLdapRoles.size()); log.trace("User attr. non-ldap roles {}", nonLdapRoles); } // The attribute in a role entry containing the name of that role, Default is // "name". // Can also be "dn" to use the full DN as rolename. // rolename: name final String roleName = settings.get(ConfigConstants.LDAP_AUTHZ_ROLENAME, DEFAULT_ROLENAME); if (isTraceEnabled) { log.trace("roleName: {}", roleName); } // Specify the name of the attribute which value should be substituted with {2} // Substituted with an attribute value from user's directory entry, of the // authenticated user // userroleattribute: null final String userRoleAttributeName = settings.get(ConfigConstants.LDAP_AUTHZ_USERROLEATTRIBUTE, null); if (isTraceEnabled) { log.trace("userRoleAttribute: {}", userRoleAttributeName); log.trace("rolesearch: {}", settings.get(ConfigConstants.LDAP_AUTHZ_ROLESEARCH, DEFAULT_ROLESEARCH)); } String userRoleAttributeValue = null; final LdapAttribute userRoleAttribute = entry.getAttribute(userRoleAttributeName); if (userRoleAttribute != null) { userRoleAttributeValue = Utils.getSingleStringValue(userRoleAttribute); } if (rolesearchEnabled) { String escapedDn = dn; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -