[MID-6765] LDAP/AD binary data type attributes - Evolveum Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 4.0.2, 4.0.3
Fix Version/s: 4.3, 4.0.3
Component/s: Connectors
Labels:
- CPO

Subscription:
Active subscription
Backport Version:

4.0.3
Git Revision:
v4.0.2-197-gf444426c0e

Description

The behavior of midPoint when modifying binary data type attributes on LDAP/AD is not correct. The table below lists all the states that occur depending on the mapping tolerance setting.

	tolerant not set	tolerant=false
Insert a new attribute value	MidPoint writes the attribute value to LDAP/AD.	~~MidPoint does not write the attribute value to LDAP/AD.~~
Recompute without attribute value change	~~MidPoint writes the attribute value to LDAP/AD.~~	~~MidPoint writes the attribute value to LDAP/AD.~~
All subsequent recomputes	~~MidPoint writes the attribute value to LDAP/AD.~~	MidPoint does not write the attribute value to LDAP/AD.

*Attribute values did not change between recomputes.

Strikethrough text indicates incorrect behavior.

The above mentioned behavior was observed in following environments:

In the customer's environment where midPoint is connected to AD using an LDAP connector version 2.4.1.
On the official demo version (demo.evolveum.com), where midPoint is connected to OpenLDAP using the LDAP connector version 2.3.

Steps to reproduce error:

Copy paste following code into your AD/LDAP resource schema handling.
Insert new binary value into user's atribute. If you choose a certificate, you must have a pre-coded string of the correct length and format.
Now you can see the incorrect behavior in the preview.

Code (also on pastebin):

<attribute>
    <attribute>
        <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:userCertificate</ref>
        <tolerant>false</tolerant>
        <outbound>
            <name>userCertificate:outbound</name>
            <strength>strong</strength>
            <source>
                <c:path>description</c:path>
            </source>
            <expression>
                <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType">
                    <code> return org.apache.commons.codec.binary.Hex.decodeHex(description.toCharArray());                </code>
                </script>
            </expression>
            <condition>
                <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xsi:type="c:ScriptExpressionEvaluatorType">
                    <code> if (description) return true; return false; </code>
                </script>
            </condition>
        </outbound>
    </attribute>
    <attribute>
        <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:description</ref>
        <tolerant>false</tolerant>
        <outbound>
            <strength>strong</strength>
            <source>
                <c:path>description</c:path>
            </source>
        </outbound>
    </attribute>
    <attribute>
        <ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:jpegPhoto</ref>
        <tolerant>false</tolerant>
        <outbound>
            <strength>strong</strength>
            <source>
                <c:path>$focus/jpegPhoto</c:path>
            </source>
        </outbound>
    </attribute>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

incorrect_behavior_tolerant_false.png
265 kB
05/Jan/21 4:42 PM

Activity

People

Assignee:: Jan Mokráček

Reporter:: Jan Mokráček

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Jan/21 4:48 PM

Updated:: 25/Jan/21 1:55 PM

Resolved:: 24/Jan/21 6:36 PM