package com.netscape.admin.dirserv.account;

import com.netscape.admin.dirserv.DSUtil;
import com.netscape.admin.dirserv.panel.MappingUtils;
import com.netscape.admin.dirserv.task.LDAPTask;
import com.netscape.management.client.ug.ResourcePageObservable;
import com.netscape.management.client.util.Debug;
import java.util.Enumeration;
import java.util.Vector;
import netscape.ldap.LDAPAttribute;
import netscape.ldap.LDAPAttributeSet;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPEntry;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPModification;
import netscape.ldap.LDAPSearchConstraints;
import netscape.ldap.util.DN;

/* loaded from: input_file:114273-02/IPLTdscon/reloc/usr/iplanet/console5.1/java/jars/ds51.jar:com/netscape/admin/dirserv/account/AccountInactivation.class */
public class AccountInactivation {
    String _dn;
    LDAPEntry _entry;
    int _initResult;
    private String _suffix;
    private Vector _throughRoles;
    private String _nsManagedDisabledRole;
    private String _nsDisabledRole;
    Vector _lockingInfrastructureDNs;
    public static final int SUCCESS = 0;
    public static final int ERROR = 1;
    public static final int CAN_NOT_ACTIVATE = 2;
    public static final int CAN_NOT_INACTIVATE = 3;
    public static final int INACTIVATED_THROUGH_UNKNOWN_MECHANICS = 4;
    public static final int ACTIVATED = 5;
    public static final int INACTIVATED = 6;
    public static final int ROOT_OR_CONFIG_ENTRY = 7;
    public static final int CAN_BE_ACTIVATED = 8;
    public static final int CAN_BE_INACTIVATED = 9;
    public static final int CANNOT_BE_ACTIVATED_INACTIVATED = 10;
    private final String DN = "dn";
    private final String CN = LDAPTask.CN;
    private final String USERPASSWORD = "userpassword";
    private final String NSROLE = "nsrole";
    private final String NSROLEDN = "nsroledn";
    private final String OBJECTCLASS = LDAPTask.OBJECTCLASS;
    private final String ACCOUNT_LOCK = "nsAccountLock";
    private final String LOCKED = "true";
    private final String SUFFIX_ATTR = MappingUtils.SUFFIX_ATTR;
    private final String BACKEND_ATTR = LDAPTask.CN;
    String[] ATTRS = {LDAPTask.CN, "userpassword", "nsrole", "nsroledn", LDAPTask.OBJECTCLASS, "nsAccountLock"};

    public AccountInactivation(LDAPEntry lDAPEntry) {
        this._entry = lDAPEntry;
        if (lDAPEntry != null) {
            this._dn = lDAPEntry.getDN();
        }
    }

    public AccountInactivation(ResourcePageObservable resourcePageObservable) {
        this._entry = getEntry(resourcePageObservable);
        if (this._entry != null) {
            this._dn = this._entry.getDN();
        }
    }

    public int getState(LDAPConnection lDAPConnection) throws LDAPException {
        if (!isLocked(lDAPConnection)) {
            return 5;
        }
        if (this._throughRoles == null) {
            updateThroughRoles(lDAPConnection);
        }
        return (this._throughRoles == null || this._throughRoles.size() <= 0) ? 4 : 6;
    }

    public int operationAllowed(LDAPConnection lDAPConnection) throws LDAPException {
        int i = 10;
        if (isLocked(lDAPConnection)) {
            if (this._throughRoles == null) {
                updateThroughRoles(lDAPConnection);
            }
            if (this._throughRoles != null && this._throughRoles.size() > 0) {
                i = 8;
            }
        } else {
            if (this._suffix == null) {
                updateSuffixAndRoleDNs(lDAPConnection);
            }
            if (this._suffix != null && this._suffix.length() > 0) {
                i = 9;
            }
        }
        return i;
    }

    public Vector getLockingRolesForRole(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._throughRoles == null) {
            updateThroughRolesForRole(lDAPConnection);
        }
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._throughRoles == null || this._suffix == null) {
            return null;
        }
        Vector vector = new Vector();
        DN dn = new DN(this._nsDisabledRole);
        for (int i = 0; i < this._throughRoles.size(); i++) {
            String str = (String) this._throughRoles.elementAt(i);
            if (!dn.equals(new DN(str))) {
                vector.addElement(str);
            }
        }
        return vector;
    }

    public Vector getLockingRolesForEntry(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._throughRoles == null) {
            updateThroughRolesForEntry(lDAPConnection);
        }
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._throughRoles == null || this._suffix == null) {
            return null;
        }
        Vector vector = new Vector();
        DN dn = new DN(this._nsManagedDisabledRole);
        for (int i = 0; i < this._throughRoles.size(); i++) {
            String str = (String) this._throughRoles.elementAt(i);
            if (!dn.equals(new DN(str))) {
                vector.addElement(str);
            }
        }
        return vector;
    }

    public Vector getLockingRoles(LDAPConnection lDAPConnection) throws LDAPException {
        if (isRole()) {
            return getLockingRolesForRole(lDAPConnection);
        }
        if (hasUserPassword()) {
            return getLockingRolesForEntry(lDAPConnection);
        }
        return null;
    }

    public boolean canBeActivated(LDAPConnection lDAPConnection) throws LDAPException {
        if (isRole()) {
            return canRoleBeActivated(lDAPConnection);
        }
        if (hasUserPassword()) {
            return canEntryBeActivated(lDAPConnection);
        }
        return false;
    }

    public boolean canEntryBeActivated(LDAPConnection lDAPConnection) throws LDAPException {
        if (!isLocked(lDAPConnection)) {
            return true;
        }
        if (this._throughRoles == null) {
            updateThroughRolesForEntry(lDAPConnection);
        }
        return this._throughRoles != null && this._throughRoles.size() == 1 && new DN((String) this._throughRoles.elementAt(0)).equals(new DN(this._nsManagedDisabledRole));
    }

    public boolean canRoleBeActivated(LDAPConnection lDAPConnection) throws LDAPException {
        if (!isLocked(lDAPConnection)) {
            return true;
        }
        if (this._throughRoles == null) {
            updateThroughRolesForRole(lDAPConnection);
        }
        return this._throughRoles != null && this._throughRoles.size() == 1 && new DN((String) this._throughRoles.elementAt(0)).equals(new DN(this._nsDisabledRole));
    }

    public boolean canBeInactivated() {
        return isRole() || hasUserPassword();
    }

    public boolean isLocked(LDAPConnection lDAPConnection) throws LDAPException {
        LDAPAttribute attribute;
        String str;
        if (!isRole()) {
            return (!hasUserPassword() || this._entry == null || (attribute = this._entry.getAttribute("nsAccountLock")) == null || (str = (String) attribute.getStringValues().nextElement()) == null || !str.equalsIgnoreCase("true")) ? false : true;
        }
        if (this._throughRoles == null) {
            updateThroughRolesForRole(lDAPConnection);
        }
        if (this._throughRoles == null || this._throughRoles.size() <= 0) {
            return this._nsDisabledRole != null && new DN(this._entry.getDN()).equals(new DN(this._nsDisabledRole));
        }
        Debug.println(0, new StringBuffer().append("AccountInactivation.isLocked(): entry ").append(this._dn).append(" belongs to locking roles ").append(this._throughRoles.toString()).toString());
        return true;
    }

    public boolean isLockingInfrastructureCreated(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._suffix == null) {
            return false;
        }
        String[] strArr = {new StringBuffer().append("cn=nsManagedDisabledRole,").append(this._suffix).toString(), new StringBuffer().append("cn=nsDisabledRole,").append(this._suffix).toString(), new StringBuffer().append("cn=nsAccountInactivationTmp,").append(this._suffix).toString(), new StringBuffer().append("cn=\"cn=nsDisabledRole,").append(this._suffix).append("\",cn=nsAccountInactivationTmp,").append(this._suffix).toString(), new StringBuffer().append("cn=nsAccountInactivation_cos,").append(this._suffix).toString()};
        LDAPSearchConstraints lDAPSearchConstraints = (LDAPSearchConstraints) lDAPConnection.getSearchConstraints().clone();
        for (String str : strArr) {
            try {
                if (DSUtil.readEntry(lDAPConnection, str, null, lDAPSearchConstraints) == null) {
                    return false;
                }
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() == 32) {
                    return false;
                }
                Debug.println(new StringBuffer().append("AccountInactivation.isLockingInfrastructureCreated() ").append(e).toString());
                throw e;
            }
        }
        return true;
    }

    public boolean createLockingInfrastructure(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._suffix == null) {
            return false;
        }
        String[] strArr = {new StringBuffer().append("cn=nsManagedDisabledRole,").append(this._suffix).toString(), new StringBuffer().append("cn=nsDisabledRole,").append(this._suffix).toString(), new StringBuffer().append("cn=nsAccountInactivationTmp,").append(this._suffix).toString(), new StringBuffer().append("cn=\"cn=nsDisabledRole,").append(this._suffix).append("\",cn=nsAccountInactivationTmp,").append(this._suffix).toString(), new StringBuffer().append("cn=nsAccountInactivation_cos,").append(this._suffix).toString()};
        LDAPAttributeSet[] lDAPAttributeSetArr = {new LDAPAttributeSet(new LDAPAttribute[]{new LDAPAttribute(LDAPTask.OBJECTCLASS, new String[]{"top", "ldapsubentry", "nsroledefinition", "nssimpleroledefinition", "nsmanagedroledefinition"}), new LDAPAttribute(LDAPTask.CN, "nsManagedDisabledRole")}), new LDAPAttributeSet(new LDAPAttribute[]{new LDAPAttribute(LDAPTask.OBJECTCLASS, new String[]{"ldapsubentry", "nsroledefinition", "nscomplexroledefinition", "nsnestedroledefinition"}), new LDAPAttribute("nsroledn", new StringBuffer().append("cn=nsmanageddisabledrole,").append(this._suffix).toString()), new LDAPAttribute(LDAPTask.CN, "nsDisabledRole")}), new LDAPAttributeSet(new LDAPAttribute[]{new LDAPAttribute(LDAPTask.OBJECTCLASS, new String[]{"top", "nscontainer"})}), new LDAPAttributeSet(new LDAPAttribute[]{new LDAPAttribute(LDAPTask.OBJECTCLASS, new String[]{"top", "ldapsubentry", "extensibleobject", "costemplate"}), new LDAPAttribute("nsaccountlock", "true"), new LDAPAttribute("cospriority", "1")}), new LDAPAttributeSet(new LDAPAttribute[]{new LDAPAttribute(LDAPTask.OBJECTCLASS, new String[]{"top", "ldapsubentry", "cossuperdefinition", "cosclassicdefinition"}), new LDAPAttribute("costemplatedn", new StringBuffer().append("cn=nsAccountInactivationTmp,").append(this._suffix).toString()), new LDAPAttribute("cosspecifier", "nsrole"), new LDAPAttribute("cosattribute", "nsaccountlock operational")})};
        boolean z = false;
        this._lockingInfrastructureDNs = new Vector();
        for (int i = 0; i < strArr.length; i++) {
            try {
                LDAPEntry lDAPEntry = new LDAPEntry(strArr[i], lDAPAttributeSetArr[i]);
                lDAPConnection.add(lDAPEntry);
                z = true;
                this._lockingInfrastructureDNs.addElement(lDAPEntry.getDN());
            } catch (LDAPException e) {
                if (e.getLDAPResultCode() != 68) {
                    Debug.println(new StringBuffer().append("AccountInactivation.createLockingInfrastructure(): Error adding ").append(strArr[i]).append("\n with attribute:\n").append(lDAPAttributeSetArr[i].toString()).append("\n\n").append(e).toString());
                    throw e;
                }
            }
        }
        if (!z) {
            return true;
        }
        try {
            Thread.sleep(1500L);
            return true;
        } catch (Exception e2) {
            return true;
        }
    }

    public Vector getLockingInfrastructureDNs() {
        return this._lockingInfrastructureDNs;
    }

    public boolean modifyEntryToActivateEntry(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._suffix == null) {
            return false;
        }
        try {
            lDAPConnection.modify(this._dn, new LDAPModification(1, new LDAPAttribute("nsroledn", this._nsManagedDisabledRole)));
            return true;
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 16) {
                Debug.println(new StringBuffer().append("AccountInactivation.modifyEntryToActivateEntry(): ").append(e).toString());
                throw e;
            }
            Debug.println(0, new StringBuffer().append("AccountInactivation.modifyEntryToActivateEntry(): ").append(e).toString());
            return true;
        }
    }

    public boolean modifyRolesToActivateRole(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._suffix == null) {
            return false;
        }
        try {
            lDAPConnection.modify(this._nsDisabledRole, new LDAPModification(1, new LDAPAttribute("nsroledn", this._dn)));
            return true;
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 16) {
                Debug.println(new StringBuffer().append("AccountInactivation.modifyRolesToActivateRole(): ").append(e).toString());
                throw e;
            }
            Debug.println(0, new StringBuffer().append("AccountInactivation.modifyRolesToActivateRole(): ").append(e).toString());
            return true;
        }
    }

    public boolean modifyEntryToInactivateEntry(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._suffix == null) {
            return false;
        }
        try {
            lDAPConnection.modify(this._dn, new LDAPModification(0, new LDAPAttribute("nsroledn", this._nsManagedDisabledRole)));
            return true;
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 20) {
                Debug.println(new StringBuffer().append("AccountInactivation.modifyEntryToInactivateEntry(): ").append(e).toString());
                throw e;
            }
            Debug.println(0, new StringBuffer().append("AccountInactivation.modifyEntryToInactivateEntry(): ").append(e).toString());
            return true;
        }
    }

    public boolean modifyRolesToInactivateRole(LDAPConnection lDAPConnection) throws LDAPException {
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        if (this._suffix == null) {
            return false;
        }
        try {
            lDAPConnection.modify(this._nsDisabledRole, new LDAPModification(0, new LDAPAttribute("nsroledn", this._dn)));
            return true;
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 20) {
                Debug.println(new StringBuffer().append("AccountInactivation.modifyRolesToInactivateRole(): ").append(e).toString());
                throw e;
            }
            Debug.println(0, new StringBuffer().append("AccountInactivation.modifyRolesToInactivateRole(): ").append(e).toString());
            return true;
        }
    }

    public int inactivate(LDAPConnection lDAPConnection) {
        try {
            int state = getState(lDAPConnection);
            if (state == 6) {
                Debug.println(new StringBuffer().append("AccountInactivation.inactivate(): entry ").append(this._dn).append(" was already inactivated ").toString());
                return 0;
            }
            if (state == 4) {
                Debug.println(new StringBuffer().append("AccountInactivation.inactivate(): entry ").append(this._dn).append(" was already inactivated through unknown mechanics").toString());
                return 4;
            }
            if (!canBeInactivated()) {
                Debug.println(new StringBuffer().append("AccountInactivation.inactivate(): entry ").append(this._dn).append(" can not be inactivated: it is not a role and has no userpassword ").toString());
                return 3;
            }
            try {
                if (!isLockingInfrastructureCreated(lDAPConnection)) {
                    createLockingInfrastructure(lDAPConnection);
                }
                try {
                    if (isRole()) {
                        if (!modifyRolesToInactivateRole(lDAPConnection) && this._suffix == null) {
                            return 7;
                        }
                    } else if (hasUserPassword() && !modifyEntryToInactivateEntry(lDAPConnection) && this._suffix == null) {
                        return 7;
                    }
                    return 0;
                } catch (LDAPException e) {
                    Debug.println(new StringBuffer().append("AccountInactivation: inactivate() modifying locking roles for entry ").append(this._dn).append(" ").append(e).toString());
                    return 1;
                }
            } catch (LDAPException e2) {
                Debug.println(new StringBuffer().append("AccountInactivation: inactivate() creating locking roles for entry ").append(this._dn).append(" ").append(e2).toString());
                return 1;
            }
        } catch (LDAPException e3) {
            Debug.println(new StringBuffer().append("AccountInactivation: inactivate() getting state of entry ").append(this._dn).append(" ").append(e3).toString());
            return 1;
        }
    }

    public int activate(LDAPConnection lDAPConnection) {
        try {
            int state = getState(lDAPConnection);
            if (state == 5) {
                Debug.println(new StringBuffer().append("AccountInactivation.activate(): entry ").append(this._dn).append(" was already activated ").toString());
                return 0;
            }
            if (state == 4) {
                Debug.println(new StringBuffer().append("AccountInactivation.activate(): entry ").append(this._dn).append(" is inactivated through unknown mechanics").toString());
                return 4;
            }
            try {
                if (!canBeActivated(lDAPConnection)) {
                    Debug.println(new StringBuffer().append("AccountInactivation.activate(): entry ").append(this._dn).append(" can't be activated because is locked trough roles ").append(getLockingRoles(lDAPConnection)).toString());
                    return 2;
                }
                try {
                    return isRole() ? (modifyRolesToActivateRole(lDAPConnection) || this._suffix != null) ? 0 : 7 : (hasUserPassword() && !modifyEntryToActivateEntry(lDAPConnection) && this._suffix == null) ? 7 : 0;
                } catch (LDAPException e) {
                    Debug.println(new StringBuffer().append("AccountInactivation: activate() modifying locking roles for entry ").append(this._dn).append(" ").append(e).toString());
                    return 1;
                }
            } catch (LDAPException e2) {
                Debug.println(new StringBuffer().append("AccountInactivation: activate() looking if we can activate entry ").append(this._dn).append(" ").append(e2).toString());
                return 1;
            }
        } catch (LDAPException e3) {
            Debug.println(new StringBuffer().append("AccountInactivation: activate() getting state for entry ").append(this._dn).append(" ").append(e3).toString());
            return 1;
        }
    }

    private LDAPEntry getEntry(ResourcePageObservable resourcePageObservable) {
        LDAPAttributeSet lDAPAttributeSet = new LDAPAttributeSet();
        Enumeration attributesList = resourcePageObservable.getAttributesList();
        while (attributesList.hasMoreElements()) {
            String str = (String) attributesList.nextElement();
            Vector vector = resourcePageObservable.get(str);
            String[] strArr = new String[vector.size()];
            vector.toArray(strArr);
            lDAPAttributeSet.add(new LDAPAttribute(str, strArr));
        }
        return new LDAPEntry(resourcePageObservable.getDN(), lDAPAttributeSet);
    }

    private boolean isRole() {
        LDAPAttribute attribute = this._entry.getAttribute(LDAPTask.OBJECTCLASS);
        if (attribute == null) {
            return false;
        }
        Enumeration stringValues = attribute.getStringValues();
        boolean z = false;
        boolean z2 = false;
        while (stringValues.hasMoreElements()) {
            String str = (String) stringValues.nextElement();
            if (str != null) {
                if (str.equalsIgnoreCase("nsroledefinition")) {
                    z = true;
                } else if (str.equalsIgnoreCase("ldapsubentry")) {
                    z2 = true;
                }
                if (z && z2) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean hasUserPassword() {
        return true;
    }

    private void updateSuffixAndRoleDNs(LDAPConnection lDAPConnection) {
        String dn;
        String str = null;
        DN dn2 = new DN(this._dn);
        DN parent = dn2.getParent();
        if (parent != null && (dn = parent.toString()) != null && !dn.equals("")) {
            str = MappingUtils.getTopSuffixForEntry(lDAPConnection, this._dn);
        }
        if (str == null || !DN.isDN(str)) {
            Debug.println(new StringBuffer().append("AccountInactivation(): could not get the suffix of the entry ").append(this._dn).toString());
        } else if (new DN(str).equals(dn2)) {
            str = null;
        }
        this._suffix = str;
        this._nsDisabledRole = new StringBuffer().append("cn=nsdisabledrole,").append(this._suffix).toString();
        this._nsManagedDisabledRole = new StringBuffer().append("cn=nsmanageddisabledrole,").append(this._suffix).toString();
    }

    private void updateThroughRoles(LDAPConnection lDAPConnection) throws LDAPException {
        if (isRole()) {
            updateThroughRolesForRole(lDAPConnection);
        } else if (hasUserPassword()) {
            updateThroughRolesForEntry(lDAPConnection);
        }
    }

    private void updateThroughRolesForEntry(LDAPConnection lDAPConnection) throws LDAPException {
        this._throughRoles = null;
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        try {
            if (this._nsDisabledRole == null || lDAPConnection == null) {
                return;
            }
            LDAPEntry readEntry = DSUtil.readEntry(lDAPConnection, this._nsDisabledRole, this.ATTRS, (LDAPSearchConstraints) lDAPConnection.getSearchConstraints().clone());
            if (readEntry == null) {
                Debug.println(new StringBuffer().append("AccountInactivation.updateThroughRolesForEntry(): could not read the nsDisabledRoleEntry ").append(this._nsDisabledRole).toString());
                return;
            }
            Vector attributeValues = getAttributeValues(this._entry, "nsrole");
            Vector attributeValues2 = getAttributeValues(readEntry, "nsroledn");
            if (attributeValues == null || attributeValues2 == null) {
                Debug.println(new StringBuffer().append("AccountInactivation.updateThroughRolesForEntry(): the entry ").append(this._dn).append(" has no nsrole or the role has no nsroledn").toString());
                return;
            }
            for (int i = 0; i < attributeValues.size(); i++) {
                DN dn = new DN((String) attributeValues.elementAt(i));
                for (int i2 = 0; i2 < attributeValues2.size(); i2++) {
                    if (dn.equals(new DN((String) attributeValues2.elementAt(i2)))) {
                        if (this._throughRoles == null) {
                            this._throughRoles = new Vector();
                        }
                        this._throughRoles.addElement(attributeValues2.elementAt(i2));
                    }
                }
            }
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 32) {
                Debug.println(new StringBuffer().append("AccountInactivation.updateThroughRolesForEntry(): ").append(e).toString());
                throw e;
            }
        }
    }

    private void updateThroughRolesForRole(LDAPConnection lDAPConnection) throws LDAPException {
        this._throughRoles = null;
        if (this._suffix == null) {
            updateSuffixAndRoleDNs(lDAPConnection);
        }
        try {
            if (this._nsDisabledRole == null || lDAPConnection == null) {
                return;
            }
            LDAPEntry readEntry = DSUtil.readEntry(lDAPConnection, this._nsDisabledRole, this.ATTRS, (LDAPSearchConstraints) lDAPConnection.getSearchConstraints().clone());
            if (readEntry == null) {
                Debug.println(new StringBuffer().append("AccountInactivation.updateThroughRolesForRole(): could not read the nsDisabledRoleEntry ").append(this._nsDisabledRole).toString());
            } else {
                lookForRolesLockingRole(this._dn, readEntry, lDAPConnection);
            }
        } catch (LDAPException e) {
            if (e.getLDAPResultCode() != 32) {
                Debug.println(new StringBuffer().append("AccountInactivation.updateThroughRolesForRole(): ").append(e).toString());
                throw e;
            }
        }
    }

    private void lookForRolesLockingRole(String str, LDAPEntry lDAPEntry, LDAPConnection lDAPConnection) throws LDAPException {
        Vector attributeValues;
        if (lDAPEntry == null || (attributeValues = getAttributeValues(lDAPEntry, "nsroledn")) == null) {
            return;
        }
        DN dn = new DN(str);
        if (dn.isDescendantOf(new DN(lDAPEntry.getDN()).getParent())) {
            for (int i = 0; i < attributeValues.size(); i++) {
                if (new DN((String) attributeValues.elementAt(i)).equals(dn)) {
                    if (this._throughRoles == null) {
                        this._throughRoles = new Vector();
                    }
                    this._throughRoles.addElement(lDAPEntry.getDN());
                } else {
                    try {
                        if (attributeValues.elementAt(i) != null && lDAPConnection != null) {
                            LDAPEntry readEntry = DSUtil.readEntry(lDAPConnection, (String) attributeValues.elementAt(i), this.ATTRS, (LDAPSearchConstraints) lDAPConnection.getSearchConstraints().clone());
                            if (readEntry != null) {
                                lookForRolesLockingRole(str, readEntry, lDAPConnection);
                            }
                        }
                    } catch (LDAPException e) {
                        if (e.getLDAPResultCode() != 32) {
                            Debug.println(new StringBuffer().append("AccountInactivation.lookForRolesLockingRole(): ").append(e).toString());
                            throw e;
                        }
                    }
                }
            }
        }
    }

    private Vector getAttributeValues(LDAPEntry lDAPEntry, String str) {
        Vector vector = new Vector();
        LDAPAttribute attribute = lDAPEntry.getAttribute(str);
        if (attribute != null) {
            Enumeration stringValues = attribute.getStringValues();
            while (stringValues.hasMoreElements()) {
                vector.addElement(stringValues.nextElement());
            }
        }
        if (vector.isEmpty()) {
            return null;
        }
        return vector;
    }
}
