[jira] [Commented] (SYNCOPE-354) LDAP Membership propagation does not process DELETE operations

Wed, 17 Apr 2013 06:17:22 -0700 

    [ 
https://issues.apache.org/jira/browse/SYNCOPE-354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13634013#comment-13634013
 ] 

Francesco Chicchiriccò commented on SYNCOPE-354:
------------------------------------------------

I have just been able to reproduce the issue by following these steps:

C 
C.1 create role 'ldapRole' with resource LDAP assigned => ldapRole found on 
LDAP 
C.2 create user 'ldapUser' with role 'ldapRole' and LDAP resource assigned 
(different from A.2 above) => ldapUser found on LDAP, with ldapRole assigned 
C.3 unassign 'ldapRole' from 'ldapUser' in Syncope => ldapUser not assigned 
anymore to ldapRole in Syncope, ldapUser still on LDAP (correct because 
ldapUser has still LDAP resource directly assigned), ldapRole on LDAP unchanged 
<- this means that next synchronization will re-add membership, e.g. the defect 
in the description above

I am going to slightly change name and description of this issue according to 
these findings.
                
> LDAP Membership propagation does not process DELETE operations
> --------------------------------------------------------------
>
>                 Key: SYNCOPE-354
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-354
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.1.0
>         Environment: n/a
>            Reporter: James Flemer
>            Assignee: Francesco Chicchiriccò
>              Labels: delete, ldap, propagation, role
>             Fix For: 1.1.1, 1.2.0
>
>
> Configure a LDAP connector and resource, use the 
> LDAPMembershipPropagationActions propagator class, add a LDAP role to a user, 
> then try to remove that role.  The role is removed in Syncope but not LDAP; 
> the next sync will add it back in Syncope.
> In LDAPMembershipPropagationActions, line 75 (Syncope 1.1.0), there is a 
> conditional on:
>     ResourceOperation.DELETE != task.getPropagationOperation
> So LDAPMembershipPropagationActions refuses to process any delete operations.
> Should the operation be DELETE here (vs UPDATE)?  If so, 
> LDAPMembershipPropagationActions needs to deal with DELETE appropriately.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to