in kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java [298:350]
protected KrbIdentity doGetIdentity(String principalName) throws KrbException {
KrbIdentity krbIdentity = new KrbIdentity(principalName);
String searchFilter = FilterBuilder.and(
FilterBuilder.equal("objectclass", "krb5principal"),
FilterBuilder.equal("krb5PrincipalName", principalName)
).toString();
try {
EntryCursor cursor = new FailoverInvocationHandler<EntryCursor>() {
@Override
public EntryCursor execute() throws LdapException {
return connection.search(getConfig().getString("base_dn"), searchFilter,
SearchScope.SUBTREE, "dn");
}
}.run();
// there should be at most one entry with this principal name
if (cursor == null || !cursor.next()) {
return null;
}
Dn dn = cursor.get().getDn();
cursor.close();
Entry entry = new FailoverInvocationHandler<Entry>() {
@Override
public Entry execute() throws LdapException {
return connection.lookup(dn, "*", "+");
}
}.run();
if (entry == null) {
return null;
}
LdapIdentityGetHelper getHelper = new LdapIdentityGetHelper(entry);
krbIdentity.setPrincipal(getHelper.getPrincipalName());
krbIdentity.setKeyVersion(getHelper.getKeyVersion());
krbIdentity.addKeys(getHelper.getKeys());
krbIdentity.setCreatedTime(getHelper.getCreatedTime());
krbIdentity.setExpireTime(getHelper.getExpireTime());
krbIdentity.setDisabled(getHelper.getDisabled());
krbIdentity.setKdcFlags(getHelper.getKdcFlags());
krbIdentity.setLocked(getHelper.getLocked());
} catch (LdapException e) {
throw new KrbException("Failed to retrieve identity", e);
} catch (CursorException e) {
throw new KrbException("Failed to retrieve identity", e);
} catch (ParseException e) {
throw new KrbException("Failed to retrieve identity", e);
} catch (IOException e) {
throw new KrbException("Failed to retrieve identity", e);
}
return krbIdentity;
}