Hi, while trying to figure out how dynamics realms work, I think that I found a bug. I've created 2 dynamics realms (dynr1, dynr2) with the same conditions (for example "USER Dynamic Condition [ATTRIBUTE email NOT NULL]"). When I create or update a user only one dynamic realm is updated, while the other one remain outdated.
Both Syncope 3.0.6 and Syncope 2.1.13 have the same behavior. Steps to reproduce: 1. run the following docker-compose environment 2. create a user "user1" with email "us...@example.com" 3. create a dynamic realm "dynr1" with condition "USER Dynamic Condition [ATTRIBUTE email NOT NULL]" 4. create another dynamic realm "dynr2" with the same condition of "dynr1" 5. // Check that both dynamic realms contain the user "user1" 6. create a new user "user2" with email "us...@example.com" 7. // Check that only the realm "dynr1" contains the user "user2" while the other doesn't That problem could be caused by the following function within the query at line 168 because that query doesn't filter by the current dynamic realm, so it returns every row where the "any" exists (even if in other dynamic realms). https://github.com/apache/syncope/blob/2dca716795497d4a73d75212964d5991eea01a2b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPADynRealmDAO.java#L162 The docker-compose environment: ``` version: '3.3' services: db: image: postgres:12 environment: POSTGRES_DB: syncope POSTGRES_USER: syncope POSTGRES_PASSWORD: syncope ports: - "5432:5432" syncope: image: apache/syncope:2.1.13 depends_on: - db ports: - "8081:8080" environment: DBMS: postgresql DB_URL: jdbc:postgresql://db:5432/syncope DB_USER: syncope DB_PASSWORD: syncope DB_POOL_MAX: 10 DB_POOL_MIN: 2 OPENJPA_REMOTE_COMMIT: sjvm syncope-console: image: apache/syncope-console:2.1.13 depends_on: - syncope ports: - "8082:8080" environment: CORE_SCHEME: http CORE_HOST: syncope CORE_PORT: 8080 ``` Regards Federico Brignola