String msg = "Access to user account '" + normalizedDn.getUpName() + "' not permitted";
msg += " for user '" + principalDn.getUpName() + "'. Only the admin can";
msg += " access user account information";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
if ( normalizedDn.startsWith( GROUP_BASE_DN ) )
{
// allow for self reads
if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
{
return;
}
String msg = "Access to group '" + normalizedDn.getUpName() + "' not permitted";
msg += " for user '" + principalDn.getUpName() + "'. Only the admin can";
msg += " access group information";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
}
if ( isTheAdministrator( normalizedDn ) )
{
// allow for self reads
if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
{
return;
}
String msg = "Access to admin account not permitted for user '";
msg += principalDn.getUpName() + "'. Only the admin can";
msg += " access admin account information";
LOG.error( msg );
throw new LdapNoPermissionException( msg );
}
}
}