diff options
author | Doug Kelly <doug.kelly@garmin.com> | 2013-11-18 09:00:35 -0600 |
---|---|---|
committer | Doug Kelly <doug.kelly@garmin.com> | 2013-11-18 09:37:33 -0600 |
commit | d0b6de2d6aa38c93e57a1cf066a748211863bd2c (patch) | |
tree | a7f65d9891928e972dcc7d60e84723c65ce090a4 | |
parent | 8b49b130ef5b514b5462a0dd31c170f269f4d909 (diff) |
Catch missing LDAP accounts in group membership
This catches missing LDAP accounts when looking up group membership.
This prevents throwing excessive LDAP stack traces to the log file,
since a user that doesn't exist won't be a member of anything.
Bug: Issue 1640
Change-Id: I75fd86fb9b8c5836125d261957893f34ffc48407
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java index 7d0ad24325..63ef2e63f3 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java @@ -198,7 +198,13 @@ import javax.security.auth.login.LoginException; final HashMap<String, String> params = new HashMap<String, String>(); if (account == null) { - account = findAccount(schema, ctx, username); + try { + account = findAccount(schema, ctx, username); + } catch (AccountException e) { + LdapRealm.log.warn("Account " + username + + " not found, assuming empty group membership"); + return Collections.emptySet(); + } } for (String name : schema.groupMemberQueryList.get(0).getParameters()) { params.put(name, account.get(name)); @@ -215,7 +221,13 @@ import javax.security.auth.login.LoginException; if (schema.accountMemberField != null) { if (account == null) { - account = findAccount(schema, ctx, username); + try { + account = findAccount(schema, ctx, username); + } catch (AccountException e) { + LdapRealm.log.warn("Account " + username + + " not found, assuming empty group membership"); + return Collections.emptySet(); + } } final Attribute groupAtt = account.getAll(schema.accountMemberField); |