Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-6765

LDAP/AD binary data type attributes

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 4.0.2, 4.0.3
    • 4.3, 4.0.3
    • Connectors
    • Active subscription
    • v4.0.2-197-gf444426c0e

    Description

      The behavior of midPoint when modifying binary data type attributes on LDAP/AD is not correct. The table below lists all the states that occur depending on the mapping tolerance setting.

       

        tolerant not set tolerant=false
      Insert a new attribute value MidPoint writes the attribute value to LDAP/AD. MidPoint does not write the attribute value to LDAP/AD.
      Recompute without attribute value change MidPoint writes the attribute value to LDAP/AD. MidPoint writes the attribute value to LDAP/AD.
      All subsequent recomputes MidPoint writes the attribute value to LDAP/AD. MidPoint does not write the attribute value to LDAP/AD.

      *Attribute values did not change between recomputes.

      • Strikethrough text indicates incorrect behavior.

       

      The above mentioned behavior was observed in following environments:

      • In the customer's environment where midPoint is connected to AD using an LDAP connector version 2.4.1.
      • On the official demo version (demo.evolveum.com), where midPoint is connected to OpenLDAP using the LDAP connector version 2.3.

      Steps to reproduce error:

      1. Copy paste following code into your AD/LDAP resource schema handling.
      2. Insert new binary value into user's atribute. If you choose a certificate, you must have a pre-coded string of the correct length and format.
      3. Now you can see the incorrect behavior in the preview.

      Code (also on pastebin):

      <attribute>
          <attribute>
              <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:userCertificate</ref>
              <tolerant>false</tolerant>
              <outbound>
                  <name>userCertificate:outbound</name>
                  <strength>strong</strength>
                  <source>
                      <c:path>description</c:path>
                  </source>
                  <expression>
                      <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType">
                          <code> return org.apache.commons.codec.binary.Hex.decodeHex(description.toCharArray());                </code>
                      </script>
                  </expression>
                  <condition>
                      <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType">
                          <code> if (description) return true; return false; </code>
                      </script>
                  </condition>
              </outbound>
          </attribute>
          <attribute>
              <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:description</ref>
              <tolerant>false</tolerant>
              <outbound>
                  <strength>strong</strength>
                  <source>
                      <c:path>description</c:path>
                  </source>
              </outbound>
          </attribute>
          <attribute>
              <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:jpegPhoto</ref>
              <tolerant>false</tolerant>
              <outbound>
                  <strength>strong</strength>
                  <source>
                      <c:path>$focus/jpegPhoto</c:path>
                  </source>
              </outbound>
          </attribute>

      Attachments

        Activity

          People

            mokracek93 Jan Mokráček
            mokracek93 Jan Mokráček
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: