using real DNs for LdapNodes.

ldap-connector/src/main/java/com/innoq/ldap/connector/LdapEntry.java

@@ -21,7 +21,6 @@ public class LdapEntry extends LdapNode implements Comparable<LdapEntry> {
 
     public LdapEntry(String cn, String owner) {
         super();
-        this.cn = cn;
         this.owner = owner;
     }
 

ldap-connector/src/main/java/com/innoq/ldap/connector/LdapGroup.java

@@ -95,7 +95,7 @@ public boolean isEmpty() {
     @Override
     public int hashCode() {
         int hash = 7;
-        hash = 79 * hash + (this.cn != null ? this.cn.hashCode() : 0);
+        hash = 79 * hash + (get("cn") != null ? get("cn").hashCode() : 0);
         hash = 79 * hash + (this.attributes != null ? this.attributes.hashCode() : 0);
         return hash;
     }
@@ -109,7 +109,7 @@ public boolean equals(Object obj) {
             return false;
         }
         final LdapGroup other = (LdapGroup) obj;
-        if ((this.cn == null) ? (other.cn != null) : !this.cn.equals(other.cn)) {
+        if ((get("cn") == null) ? (other.get("cn") != null) : !get("cn").equals(get("cn"))) {
             return false;
         }
         return true;
@@ -125,7 +125,7 @@ public int compareTo(LdapGroup t) {
 
     @Override
     public String toString() {
-        return this.cn + " # " + attributes.size();
+        return get("cn") + " # " + attributes.size();
     }
 
     @Override

ldap-connector/src/main/java/com/innoq/ldap/connector/LdapHelper.java

@@ -618,6 +618,7 @@ public boolean checkCredentials(final String uid, final String password) {
      */
     public LdapUser getUserTemplate(String uid) {
         LdapUser user = new LdapUser(uid, this);
+        user.set("dn", getDNForNode(user));
         for (String oc : userObjectClasses) {
             user.addObjectClass(oc.trim());
         }
@@ -662,6 +663,7 @@ public LdapUser getUserTemplate(String uid) {
      */
     public LdapGroup getGroupTemplate(String cn) {
         LdapGroup group = new LdapGroup(cn, this);
+        group.set("dn", getDNForNode(group));
         for (String oc : groupObjectClasses) {
             group.addObjectClass(oc.trim());
         }
@@ -917,6 +919,10 @@ private List<ModificationItem> buildMemberChangeSets(List<ModificationItem> miLi
         }
         for (LdapUser member : oldLdapGroup.getUsers()) {
             if (!newLdapGroup.getUsers().contains(member)) {
+            	if(oldLdapGroup.getUsers().size() == 1) {
+            		Logger.error("Group "+oldLdapGroup.getName()+" has only one member left. Cannot remove "+member.getName());
+            		return miList;
+            	}
                 a = new BasicAttribute(groupMemberAttribut, member.getDn());
                 miList.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, a));
             }

ldap-connector/src/main/java/com/innoq/ldap/connector/LdapNode.java

@@ -33,8 +33,7 @@ public class LdapNode implements Node {
     protected Set<String> keys;
     protected Set<String> objectClasses;
     protected String name;
-    protected String dn;
-    protected String cn;
+	private String dn;
 
     /**
      * Basic Constructor.
@@ -52,9 +51,8 @@ public LdapNode() {
     @Override
     public String get(String key) {
     	if("dn".equals(key)) {
-    		return dn;
-    	}
-        if (key != null
+    		return this.dn;
+    	} else if (key != null
                 && attributes != null
                 && getKeys().contains(key)
                 && attributes.get(key) != null) {
@@ -82,9 +80,9 @@ public boolean isEmpty() {
      */
     @Override
     public void set(String key, String value) {
-        if("dn".equals(key)) {
-        	dn = value;
-        } else if (value != null
+    	if("dn".equals(key)) {
+    		this.dn = value;
+    	} else if (value != null
                 && !value.isEmpty()
                 && key != null
                 && !key.isEmpty()) {
@@ -112,11 +110,11 @@ public void setAttributes(BasicAttributes attributes) {
     }
 
     public void setCn(String cn) {
-        this.cn = cn;
+        set("cn", cn);
     }
 
     public String getCn() {
-        return this.cn == null ? "" : this.cn;
+        return get("cn");
     }
 
     public boolean isNew() {
@@ -177,14 +175,11 @@ public void addObjectClass(final String objectClass) {
 
     @Override
     public String getName() {
-        return name;
+        return getCn();
     }
 
     @Override
     public String getDn() {
-        if (dn == null) {
-            dn = LdapHelper.getInstance().getDNForNode(this);
-        }
         return dn;
     }
 

ldap-connector/src/test/java/com/innoq/ldap/connector/TestGroup.java

@@ -144,6 +144,33 @@ public void testRemoveUserFromGroup() throws Exception {
         Utils.removeTestUsers(users);
     }
 
+    @Test
+    public void testRemoveUserFromGroupNotAllowed() throws Exception {
+    	LdapGroup g1 = Utils.createTestGroup(CN);
+    	assertTrue(g1.getUsers().size() == 1);
+    	Node principal = HELPER.getPrincipal();	
+    	LdapUser principalUser = (LdapUser) principal;
+    	g1.rmUser(principalUser);
+    	HELPER.setGroup(g1);
+    	LdapGroup g2 = Utils.createTestGroup(CN);
+    	assertTrue(g2.getUsers().size() == 1);
+        Utils.removeTestGroup(g1);
+    }
+
+    @Test
+    public void testLoadPrincipalUserFromGroup() throws Exception {
+    	LdapGroup g1 = Utils.createTestGroup(CN);
+    	assertTrue(g1.getUsers().size() == 1);
+    	Node principal = HELPER.getPrincipal();	
+    	LdapUser principalUser = (LdapUser) principal;
+    	Set<LdapUser> users = g1.getUsers();
+    	assertTrue(users.size() == 1);
+    	for(LdapUser user : users) {
+        	assertEquals(principalUser.getDn(), user.getDn());    		
+    	}
+        Utils.removeTestGroup(g1);
+    }
+
     @Test
     public void testAddUsersToGroup() throws Exception {
 		testUser2 = HELPER.getUserTemplate("U4_" + System.currentTimeMillis());