[NXP-10549] Resolving a LDAP reference should not crash in a MultiReference resolution - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.4.2
Fix Version/s: 5.4.2-HF30, 5.5.0-HF17, 5.6.0-HF06, 5.7.1
Component/s: Directory

Description

Let's have a multi directory built with 3 Group directories (2 ldap and 1 sql) defined with these references :

LDAP1

    <directory name="groupDirectoryLdap1">
      <references>
        <ldapReference field="subGroups" directory="groupDirectoryLdap1" forceDnConsistencyCheck="true" staticAttributeId="member" dynamicAttributeId="memberURL"/>
        <inverseReference field="parentGroups" directory="groupDirectoryMulti" dualReferenceField="subGroups" />
      </references>
      </references>
    </directory>

LDAP2

    <directory name="groupDirectoryLdap2">
      <references>
        <ldapReference field="subGroups" directory="groupDirectoryLdap2" forceDnConsistencyCheck="true" staticAttributeId="member" dynamicAttributeId="memberURL"/>
        <inverseReference field="parentGroups" directory="groupDirectoryMulti" dualReferenceField="subGroups" />
      </references>
      </references>
    </directory>

SQL

  <directory name="groupDirectory">
      <references>
        <tableReference field="subGroups" directory="groupDirectoryMulti"
          table="group2group" sourceColumn="parentGroupId" 
          targetColumn="childGroupId" schema="group2group" />
        <inverseReference field="parentGroups" directory="groupDirectory"
          dualReferenceField="subGroups" />
      </references>
    </directory>

and the multi directory for groups defined with

   <directory name="groupDirectoryMulti">
      <schema>group</schema>
      <idField>groupname</idField>
      <source name="ldap1" creation="false">
        <subDirectory name="groupDirectoryLdap1"/>
      </source>
      <source name="ldap2" creation="false">
        <subDirectory name="groupDirectoryLdap2"/>
      </source>
      <source name="sql" creation="true">
        <subDirectory name="groupDirectory"/>
      </source>
    </directory>
  </extension>

Then it should be possible to add LDAP groups as sub groups of the SQL directory, and keeping the internal coherence of LDAP directory where their subgroups are only from their own directory
This works fine, until the system tries to resolve the parent groups, which is an inverse reference of sub groups

And at this moment, we got this exception

Exception: org.nuxeo.ecm.directory.DirectoryException. 
  message: Failed to perform inverse lookup on LDAPReference resolving field 'subGroups' of 'null' 
  to entries of 'groupDirectoryLdap2' using the static content of attribute 'member': 
  entry 'user1' cannot be found in 'groupDirectoryLdap2'
	at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:873)

In the case of multireference, the system should not crash if an entry is not found in one of the directories that compound a multidirectory

Attachments

Activity

People

Assignee:

Thierry Martins

Reporter:

Thierry Martins

Participants:

Jenkins, Thierry Martins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2012-11-27 18:09

Updated:

2014-11-11 22:38

Resolved:

2012-12-03 10:39