Every character counts

I have been fixing up some funny Spring/Acegi<->LDAP issue in the past two days. What I was trying to achieve is some AOP using BeanNameAutoProxyCreator to intercept invocations to methods of a particular interface/class, so that it authenticates against an LDAP repository and validate if a user has one of the specified roles. Something wasn't really working at the DefaultLdapAuthoritiesPopulator -- the authorities/roles list was empty.

Now, it's solved, yes it is.. with shame.

I turned on an even detailed debug logging and that's when I started to realized my.. stupidity ;-)

conn=2 op=1 SRCH base="ou=groups,dc=my,dc=com,dc=customware" scope=2 deref=3

filter="(member=uid=clim,ou=people,dc=my,dc=com,dc=customware)"
conn=2 op=1 SRCH attr=cn
bdb_idl_fetch_key: [01872a84]
bdb_idl_fetch_key: @ou=groups,dc=my,dc=com,dc=customware
<= bdb_equality_candidates: (member) index_param failed (18) => access_allowed: search access to "ou=groups,dc=my,dc=com,dc=customware" "member" requested
<= root access granted => access_allowed: search access to "cn=mule01,ou=groups,dc=my,dc=com,dc=customware" "member" requested
<= root access granted dnMatch 0        "uid=clim,ou=people,dc=my,dc=com,dc=customware"        "uid=clim,ou=people,dc=my,dc=com,dc=customware" => access_allowed: read access to "cn=mule01,ou=groups,dc=my,dc=com,dc=customware" "entry" requested
<= root access granted => access_allowed: read access to "cn=mule01,ou=groups,dc=my,dc=com,dc=customware" "cn" requested
<= root access granted => access_allowed: search access to "cn=managers,ou=groups,dc=my,dc=com,dc=customware" "member" requested
<= root access granted dnMatch -1        "uid=clim,cn=people,dc=my,dc=com,dc=customware"        "uid=clim,ou=people,dc=my,dc=com,dc=customware" send_ldap_result: err=0 matched="" text="" conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Did you see that? I will do it again:

dnMatch 0
    "uid=clim,ou=people,dc=my,dc=com,dc=customware"
    "uid=clim,ou=people,dc=my,dc=com,dc=customware"
...
dnMatch -1
    "uid=clim,cn=people,dc=my,dc=com,dc=customware"
    "uid=clim,ou=people,dc=my,dc=com,dc=customware"

cn=people and ou=people?!

dn: ou=people,dc=my,dc=com,dc=customware
...

dn: cn=managers,ou=groups,dc=my,dc=com,dc=customware
member: uid=clim,cn=people,dc=my,dc=com,dc=customware
...

dn: uid=clim,ou=people,dc=my,dc=com,dc=customware
...

WTF! Worse than failure hey! LDAP did not fail me at the time I was importing from the LDIF with invalid member attribute value. I could have saved a few hours to do something.. more significant than sitting in front of my Eclipse to figure out why wasn't DirContext.search() returning any results. In fact, I have learned a very good lesson.

- yc, rantinggggggggggg!