Package com.atlassian.crowd.directory.ldap.util

Class DNStandardiser

java.lang.Object
com.atlassian.crowd.directory.ldap.util.DNStandardiser
public class DNStandardiser extends Object

This class is used to normalise DNs so that equivalent DNs will be transformed into equal strings. Often, a better way to compare DNs is to use CrowdLdapName.

  • Constructor Details

    • DNStandardiser

      public DNStandardiser()

  • Method Details

    • standardise

      public static String standardise(String dn, boolean forceProperStandard)
      Converts a DN string into a "standard" DN string representation consumable by caches.

      This is particularly useful when matching group memberDNs to entity DNs as the two DN formats need to be equivalent.

      AD returns DN's that have mixed case attribute labels, eg. member attribute might look like: CN=user-1100,CN=Users,DC=sydney,DC=atlassian,DC=com for AD.

      Similar to DirContextAdapter, the NameAttributesPair which we use does not adjust the dn/name but does ensure lookups of attribute names are case-insensitive.

      We need consistency between the dn's returned by nameAttributePair.getName() and other dn's which we obtain from attribute values (e.g. memberDNs for a group). Note that inconsistencies can occur due to case or due to spaces near delimiters - comma-space-delimited (", ") vs. compacted comma-only (",").

      It is critical that the DN and memberDN are comparable based on a raw String comparison (String.equals) for things like group membership determination and cache consistency.

      Therefore, if it is known that the directory server always returns DNs that do not have ", " but have "," separating the naming components, then we do not need to force "proper" (i.e. complete + expensive) standardisation. Thus if forceProperStandard is false, then the compact (spaceless) comma delimited DNs are transformed to lower case. This method assumes that the DNs are case-insensitive.

      If it is not known whether the directory server will return spaceless or spaced commas, we need to use the full DN standardisation. Set forceProperStandard to true for the significantly slower, 100% effective, standardisation. This method also assumes nothing about the case of DNs.

      Parameters:
      dn - original DN.
      forceProperStandard - true if you want to enforce the slow but effective standardisation process.
      Returns:
      DN in standard form.

    • standardiseToName

      public static CrowdLdapName standardiseToName(String dn, boolean forceProperStandard)
      This method is the preferred approach for standardising a DN.

      One of the goals here is to reduce the memory usage for customers with larger instances. We achieve this goal by calling this method on the String returned by AD rather than creating a CrowdLdapName for the AD string and then creating an extra instance for the standardised name.

    • ensureNameIsStandardised

      public static CrowdLdapName ensureNameIsStandardised(CrowdLdapName name, boolean forceProperStandard)
      Convert a CrowdLdapName to a standardised CrowdLdapName.

      This method should ideally only be used in cases where you should already have a standardised name, but you need to ensure that the name is already standardised.

      In general, callers should try to move the standardisation call earlier (to the point where you have a String 'dn' from AD that hasn't yet been parsed into a CrowdLdapName. And then call the preferred standardiseToName(String, boolean) variant of this method.