[NXP-23783] Cannot update multidir group through REST or Java client - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 8.10, 9.2
Fix Version/s: 8.10-HF21, 9.10
Component/s: Directory

Release Notes Summary:
Groups from readonly users can be updated
Tags:
Backlog priority:
800
Sprint:
nxcore 9.10.2
Story Points:
3

Description

start an LDAP docker container:

sudo docker run --env LDAP_ADMIN_PASSWORD="password" --env LDAP_CONFIG_PASSWORD="password" --env LDAP_ORGANISATION="Nuxeo" \
--env LDAP_DOMAIN="nuxeo.com" --env LDAP_BASE_DN="dc=nuxeo,dc=com" --name my-openldap-container -p 0.0.0.0:389:389 -p 0.0.0.0:636:636 --detach osixia/openldap:1.1.10

Populate it:

sudo docker exec -i my-openldap-container ldapmodify -c -h localhost -p 389 -D "cn=admin,dc=nuxeo,dc=com" -w password << EOF
dn: ou=Groups,dc=nuxeo,dc=com
changetype: add
objectClass: organizationalUnit
ou: Groups

dn: ou=subjects,dc=nuxeo,dc=com
changetype: add
objectClass: organizationalUnit
ou: subjects

dn: uid=nuxeotest,ou=subjects,dc=nuxeo,dc=com
changetype: add
objectClass: inetOrgPerson
cn: nuxeotest
uid: nuxeotest
userPassword: password
mail: nuxeotest@nuxeo.com
sn: nuxeotest

dn: uid=someuser,ou=subjects,dc=nuxeo,dc=com
changetype: add
objectClass: inetOrgPerson
cn: someuser
uid: someuser
userPassword: password
mail: someuser@nuxeo.com
sn: someuser

dn: cn=mygroupA,ou=Groups,dc=nuxeo,dc=com
changetype: add
objectClass: top
objectClass: groupOfUniqueNames
cn: mygroupA
uniqueMember:

EOF

Install Nuxeo 8.10 with latest fixes in multidir (see attached default-ldap-users-directory-bundle.xml for configuration)
In the UI create a group named pouetgroup (this will be stored in the local Nuxeo DB)
In the UI, assign the LDAP user nuxeotest to pouet group
Observe the user is correctly assigned
Unassign it

From Java Client (2.6 or 3.0) run the following:

    	NuxeoClient nuxeoClient;
    	nuxeoClient = new NuxeoClient("http://127.0.0.1:8080/nuxeo", "Administrator", "Administrator");
    	nuxeoClient = nuxeoClient.schemas("*");
    	UserManager userManager = nuxeoClient.getUserManager();
    	userManager.addUserToGroup("nuxeotest", "pouetgroup");
    	System.out.println("Ok.");

Observe no error is displayed and the user is NOT assigned to the group

Now try the same through REST:

curl -X POST -u Administrator:Administrator http://127.0.0.1:8080/nuxeo/api/v1/user/nuxeotest/group/pouetgroup

Observe no error is displayed and the output matches the content of the group before running the command. The user is not assigned to the group.
Trying to disable the readonly directives present in the ldap configuration does not change anything:
```
nuxeo.ldap.user.readonly=false
nuxeo.ldap.group.readonly=false
```

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

default-ldap-users-directory-bundle.xml
11 kB
2017-11-28 11:49

Activity

People

Assignee:

Florent Guillaume

Reporter:

Frantz Fischer

Participants:

Florent Guillaume, Frantz Fischer, Jenkins

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2017-11-28 11:45

Updated:

2018-01-14 15:12

Resolved:

2017-12-11 23:41

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: