Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 4.0.2, 4.0.3
-
Component/s: Connectors
-
Labels:
-
Subscription:Active subscription
-
Backport Version:
-
Git Revision:v4.0.2-197-gf444426c0e
Description
The behavior of midPoint when modifying binary data type attributes on LDAP/AD is not correct. The table below lists all the states that occur depending on the mapping tolerance setting.
tolerant not set | tolerant=false | |
---|---|---|
Insert a new attribute value | MidPoint writes the attribute value to LDAP/AD. | |
Recompute without attribute value change | ||
All subsequent recomputes | MidPoint does not write the attribute value to LDAP/AD. |
*Attribute values did not change between recomputes.
- Strikethrough text indicates incorrect behavior.
The above mentioned behavior was observed in following environments:
- In the customer's environment where midPoint is connected to AD using an LDAP connector version 2.4.1.
- On the official demo version (demo.evolveum.com), where midPoint is connected to OpenLDAP using the LDAP connector version 2.3.
Steps to reproduce error:
- Copy paste following code into your AD/LDAP resource schema handling.
- Insert new binary value into user's atribute. If you choose a certificate, you must have a pre-coded string of the correct length and format.
- Now you can see the incorrect behavior in the preview.
Code (also on pastebin):
<attribute> <attribute> <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:userCertificate</ref> <tolerant>false</tolerant> <outbound> <name>userCertificate:outbound</name> <strength>strong</strength> <source> <c:path>description</c:path> </source> <expression> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType"> <code> return org.apache.commons.codec.binary.Hex.decodeHex(description.toCharArray()); </code> </script> </expression> <condition> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType"> <code> if (description) return true; return false; </code> </script> </condition> </outbound> </attribute> <attribute> <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:description</ref> <tolerant>false</tolerant> <outbound> <strength>strong</strength> <source> <c:path>description</c:path> </source> </outbound> </attribute> <attribute> <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:jpegPhoto</ref> <tolerant>false</tolerant> <outbound> <strength>strong</strength> <source> <c:path>$focus/jpegPhoto</c:path> </source> </outbound> </attribute>