Jetspeed 2
  1. Jetspeed 2
  2. JS2-1068

LDAP When last user is removed from a role a uniqueMember with uid=foobar is left

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.1
    • Component/s: LDAP
    • Labels:
      None
    • Environment:
      Linux with the Fedora Directory Server

      Description

      When using the Jetspeed admin interface with Jetspeed configured to use LDAP and the last user is disassociated or removed from a role Jetspeed does not remove the uniqueMember attribute but instead changes the value to be "uid=foobar". This seems like a strange piece of trash to leave around in a directory.

        Activity

        Hide
        Ate Douma added a comment -

        This is not really a bug but the side-effect of some default/example LDAP configurations provided by Jetspeed.
        You should validate and setup the proper configuration used for mapping to LDAP.
        I already removed the uid=foobar example configuration some time ago so I consider this "issue" fixed.

        Show
        Ate Douma added a comment - This is not really a bug but the side-effect of some default/example LDAP configurations provided by Jetspeed. You should validate and setup the proper configuration used for mapping to LDAP. I already removed the uid=foobar example configuration some time ago so I consider this "issue" fixed.
        Hide
        Ate Douma added a comment -

        Ugh, I just checked again and noticed I didn't commit those changes yet.
        Will take care of this before the 2.2.1 release

        Show
        Ate Douma added a comment - Ugh, I just checked again and noticed I didn't commit those changes yet. Will take care of this before the 2.2.1 release
        Hide
        Ate Douma added a comment -

        This "problem" comes from the fact that LDAP GroupOfNames (or GroupOfUniqueNames) requires the member (or uniqueMember) attribute to have a value.
        This issue is commonly regarded as a undesired restriction as it doesn't allow creating/maintaining empty entries of these types.
        Most common solution or better workaround this is by providing a "dummy" or known value always, or by always using the entry own dn as default value.

        The "uid=foobar" is just an example "default" required value configured in the security-ldap.xml assembly configuration, which you can change to something else if you want.

        However, I'm going to provide an alternative solution which will allow you to use a predefined marker value, "#dn", which Jetspeed then will replace automatically with the current entry its full qualified dn itself.

        Show
        Ate Douma added a comment - This "problem" comes from the fact that LDAP GroupOfNames (or GroupOfUniqueNames) requires the member (or uniqueMember) attribute to have a value. This issue is commonly regarded as a undesired restriction as it doesn't allow creating/maintaining empty entries of these types. Most common solution or better workaround this is by providing a "dummy" or known value always, or by always using the entry own dn as default value. The "uid=foobar" is just an example "default" required value configured in the security-ldap.xml assembly configuration, which you can change to something else if you want. However, I'm going to provide an alternative solution which will allow you to use a predefined marker value, "#dn", which Jetspeed then will replace automatically with the current entry its full qualified dn itself.
        Hide
        Ate Douma added a comment -

        "fixed"

        Show
        Ate Douma added a comment - "fixed"

          People

          • Assignee:
            Ate Douma
            Reporter:
            Christopher Marshall
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development