src/main/java/com/amazon/dlic/auth/ldap/backend/LDAPAuthorizationBackend.java [891:945]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - continue; } final Set nestedRoles = resolveNestedRoles(roleLdapName, connection, userRoleNames, 0, rolesearchEnabled, nameRoleSearchBaseKeys); if (isTraceEnabled) { log.trace("{} nested roles for {}", nestedRoles.size(), roleLdapName); } nestedReturn.addAll(nestedRoles); } for (final LdapName roleLdapName : nestedReturn) { final String role = getRoleFromEntry(connection, roleLdapName, roleName); if (!Strings.isNullOrEmpty(role)) { user.addRole(role); } else { log.warn("No or empty attribute '{}' for entry {}", roleName, roleLdapName); } } } else { // DN roles, extract rolename according to config for (final LdapName roleLdapName : ldapRoles) { final String role = getRoleFromEntry(connection, roleLdapName, roleName); if (!Strings.isNullOrEmpty(role)) { user.addRole(role); } else { log.warn("No or empty attribute '{}' for entry {}", roleName, roleLdapName); } } } // add all non-LDAP roles from user attributes to the final set of backend roles for (String nonLdapRoleName : nonLdapRoles) { user.addRole(nonLdapRoleName); } if (isDebugEnabled) { log.debug("Roles for {} -> {}", user.getName(), user.getRoles()); } if (isTraceEnabled) { log.trace("returned user: {}", user); } } catch (final Exception e) { if (isDebugEnabled) { log.debug("Unable to fill user roles due to ", e); } throw new OpenSearchSecurityException(e.toString(), e); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/main/java/com/amazon/dlic/auth/ldap2/LDAPAuthorizationBackend2.java [351:405]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - continue; } final Set nestedRoles = resolveNestedRoles(roleLdapName, connection, userRoleNames, 0, rolesearchEnabled, nameRoleSearchBaseKeys); if (isTraceEnabled) { log.trace("{} nested roles for {}", nestedRoles.size(), roleLdapName); } nestedReturn.addAll(nestedRoles); } for (final LdapName roleLdapName : nestedReturn) { final String role = getRoleFromEntry(connection, roleLdapName, roleName); if (!Strings.isNullOrEmpty(role)) { user.addRole(role); } else { log.warn("No or empty attribute '{}' for entry {}", roleName, roleLdapName); } } } else { // DN roles, extract rolename according to config for (final LdapName roleLdapName : ldapRoles) { final String role = getRoleFromEntry(connection, roleLdapName, roleName); if (!Strings.isNullOrEmpty(role)) { user.addRole(role); } else { log.warn("No or empty attribute '{}' for entry {}", roleName, roleLdapName); } } } // add all non-LDAP roles from user attributes to the final set of backend roles for (String nonLdapRoleName : nonLdapRoles) { user.addRole(nonLdapRoleName); } if (isDebugEnabled) { log.debug("Roles for {} -> {}", user.getName(), user.getRoles()); } if (isTraceEnabled) { log.trace("returned user: {}", user); } } catch (final Exception e) { if (isDebugEnabled) { log.debug("Unable to fill user roles due to ", e); } throw new OpenSearchSecurityException(e.toString(), e); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -