Markus Okon created SYNCOPE-1921:
------------------------------------
Summary: LDAPMembershipPropagationActions deletes memberships of
groups not managed by Syncope
Key: SYNCOPE-1921
URL: https://issues.apache.org/jira/browse/SYNCOPE-1921
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 3.0.12
Reporter: Markus Okon
When propagating a user with reverse group membership references to groups not
managed by Syncope the propagation task currently deletes these memberships
instead of preserving them.
For example the user is member in 4 Syncope groups and one group outside of
Syncope named "200004_groupOutsideOfSyncope", which is part of the subtree
Syncope searches in, therefore the expected value for "ldapGroups" in the
propagation is the following:
{
"name": "ldapGroups",
"value": [
"cn=T11,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"cn=T1100,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"cn=VIP,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"CN=200004_groupOutsideOfSyncope,OU=200004,OU=tuda,OU=campus-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"cn=T110099,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de"
]
}
However in reality Syncope sends the following and therefore removes the
membership:
{
"name": "ldapGroups",
"value": [
"cn=T11,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"cn=T1100,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"cn=VIP,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de",
"cn=T110099,ou=groups,ou=central-it,DC=ads-test,DC=tu-darmstadt,DC=de"
]
}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
