Defect #1594
closed
Workflow for synchronization of ldap/ad groups creates wrong script in system mapping
100%
Description
Affected versions: 9.4, 9.5
The workflow syncRoleLdap in acc module, which is used for synchronization of groups, creates roles with wrong configuration - the script "transform to" contains e.g. "[cn=group1,dc=test,dc=tld]". The square brackets shouldn't be there; there must be only distinguished name of the group.
Updated by Vít Švanda about 5 years ago
- Assignee changed from Vít Švanda to Patrik Stloukal
Updated by Alena Peterová about 5 years ago
How to fix on affected versions without upgrade:
A) Copy the workflow to some external location, fix it there, add the path to spring.activiti.processDefinitionLocationPrefix (https://wiki.czechidm.com/devel/documentation/application_configuration/dev/backend?s[]=template#activiti_workflow).
The workflow will be updated automatically after restart.
B) Copy the workflow, rename it (code and name), fix it, deploy it to IdM from GUI. Change the configuration of Synchronization to this workflow.
Problematic line:
execution.setVariable("transformationScript", MessageFormat.format(" \"[{0}]\"", distinguishedName));
Updated by Patrik Stloukal about 5 years ago
- Status changed from New to Needs feedback
- Assignee changed from Patrik Stloukal to Ondřej Kopr
- % Done changed from 0 to 90
i deleted bracets and made test for it.
Please could you lokk on it and write feedback?
commit: https://github.com/bcvsolutions/CzechIdMng/commit/b6e1ae39cf9f69ff187813d4e0ee16028fbc6444
Updated by Ondřej Kopr about 5 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Patrik Stloukal
- Target version set to Pyrite (9.5.1)
- % Done changed from 90 to 100
I checked you changes and seems ok. Thanks for fix. Branch was merged into develop and hotfix branch 9.5.1. Thank you.
Updated by Ondřej Kopr about 5 years ago
- Subject changed from Workflow for synchronization of groups creates wrong roles to Workflow for synchronization of ldap/ad groups creates wrong script in system mapping
Updated by Radek Tomiška about 5 years ago
- Status changed from Resolved to Closed