Hi Enrique,

You're right we have to find a better way to deal with this problem.  I did not have the time to do this right but I added the exception to warn folks like you from some serious bugs that could result from not using a normalized DN. 

I really would stay away from using the overloaded version of the method that does not require a normalized DN , if you could please make that one throw an exception as well.  The best thing to do is to normalize the DN.  You can do this by getting a handle on the directoryService and using that to get access to the attributeType registry.  Then use this to get the normalizer to attribute type mapping that is fed into the normalize() method as the argument.

HTH,
Alex

On Dec 19, 2007 4:43 PM, Enrique Rodriguez <enriquer9@gmail.com> wrote:
On Dec 19, 2007 12:14 AM, Emmanuel Lecharny <elecharny@gmail.com> wrote:
> Hi Enrique,
>
> you can use the ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED constant.
> It's a normalized form of the admin principal.

I saw this constant, but the problem is that the LdapPrincipal
constructor calls LdapDN#isNormalized() and throws the
IllegalStateException.  I would need to create the LdapDN with the
above normalized constant AND somehow set isNormalized to return
'true'.

Anyway, I got around this (for now) by noticing that an alternate form
of the LdapPrincipal constructor won't evaluate the
LdapDN#isNormalized and thus won't ever throw the
IllegalStateException.  I just have to pass in a null userPassword.
This doesn't feel like a real solution, but it does allow me to have
SASL GSSAPI integration tests working again.

Enrique