Martin Choma created DIRSERVER-2421:
---------------------------------------
Summary: Referral objects are returned, although they were not
requested
Key: DIRSERVER-2421
URL: https://issues.apache.org/jira/browse/DIRSERVER-2421
Project: Directory ApacheDS
Issue Type: Bug
Components: ldap, referral
Affects Versions: 2.0.0.AM26
Reporter: Martin Choma
I have upgraded our EAP testsuite to version ApacheDS 2.0.0.AM26 from
2.0.0.AM25 and some referral tests stopped working. This is descritption of
test:
{code}
/**
* @tpTestDetails <br/>
* Given: Original LDAP includes user 'originalUserBothRole' <br/>
* and role 'OriginalRole' located in original LDAP is mapped to them <br/>
* and role 'ReferralRole' located in referral LDAP is mapped to them <br/>
* and ldap-realm uses filter with (objectclass=referral) for filtering
users <br/>
* and ldap-realm uses filter without (objectclass=referral) for filtering
roles. <br/>
* When user 'originalUserBothRole' with correct password tries to
authenticate, <br/>
* then authentication should succeed and just role 'OriginalRole' should
be assigned to user.
*/
@Test
@OperateOnDeployment(DEPLOYMENT + USER_REFERRAL_SUFFIX)
public void filterUserReferral_originalUserBothRole(@ArquillianResource URL
webAppURL) {
{code}
Problem is EAP is returning now also ReferralRole in this scenario which is
unexpected
{code}
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 << "HTTP/1.1
200 OK[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 << "Expires:
0[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 <<
"Connection: keep-alive[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 <<
"Cache-Control: no-cache, no-store, must-revalidate[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 << "Pragma:
no-cache[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 <<
"Content-Type: text/plain;charset=utf-8[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 <<
"Content-Length: 27[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 << "Date: Mon,
03 Nov 2025 07:43:58 GMT[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 << "[\r][\n]"
08:43:58,518 DEBUG [org.apache.http.wire] (main) http-outgoing-1 <<
",OriginalRole,ReferralRole,"
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 << HTTP/1.1
200 OK
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 << Expires: 0
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 <<
Connection: keep-alive
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 <<
Cache-Control: no-cache, no-store, must-revalidate
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 << Pragma:
no-cache
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 <<
Content-Type: text/plain;charset=utf-8
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 <<
Content-Length: 27
08:43:58,518 DEBUG [org.apache.http.headers] (main) http-outgoing-1 << Date:
Mon, 03 Nov 2025 07:43:58 GMT
{code}
This is how test setup ldap in EAP
{code}
08:03:29,273 DEBUG
[org.wildfly.extras.creaper.core.online.OnlineManagementClient] (main)
Executing operation
/subsystem=elytron/ldap-realm=elytron-ldap-realm-user-referrals:add(dir-context=elytron-ldap-dir-context,
direct-verification=true, identity-mapping={rdn-identifier => uid,
search-base-dn =>
o=FollowReferralObjectQueryLdapCommonReferralsTestCase310e9a7e,o=primary,dc=jboss,dc=org,
use-recursive-search => true, filter-name =>
(|(objectclass=referral)(uid={0})), attribute-mapping => [{from => cn, to =>
groups, filter => (member={1}), filter-base-dn =>
o=FollowReferralObjectQueryLdapCommonReferralsTestCase310e9a7e,o=primary,dc=jboss,dc=org}]})
{code}
When I compare changes between 2.0.0.AM25 and 2.0.0.AM26 I see this code
changed
https://github.com/apache/directory-server/compare/2.0.0.AM25...2.0.0.AM26#diff-23c0681a741c6c2e0728ee94ec03ca395b88ec5c118b042e7c736f6962221505L157,
which may be changing that part of logic. Although I do not see how that could
change behaviour in this way. Any idea?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
