Project

General

Profile

Actions
Copy link

Defect #3388

open

Copnfiguraiton of allowedAutoMappingOnExistingAccount=false is ignored when systemEntity exists and is not "wish"

Added by Vladimír Kotýnek 11 months ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assignee:
Peter Štrunc
Category:
Account managment
Target version:
13.0.7
Start date:
06/01/2023
Due date:
% Done:

0%

Estimated time:
Affected versions:
13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 12.2.5
Owner:

Description

In my environment, I synchronized AD accounts and linked them to identities in IdM through standard synchronization. Accounts that were not linked to identities remained in AD, and IdM created its SysSystemEntity objects with the "wish" attribute set to false . To prevent automapping and avoid linking the new user to the old existing account, I have set idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=false . However, a new user with the same login (identifier for AD) as an existing, non-linked account in AD was created. Instead of throwing an exception, IdM automapped and linked the account to the identity. This behavior occurs because the prepare-connector-object-processor runs the same code as if I had configured idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true , when a SysSystemEntity with the same identifier and "wish" attribute set to false exists.

Related issues

Related to IdStory Identity Manager - Task #864: Parameter for disable account reusingClosedVít Švanda12/05/2017

Actions
Actions
Copy link
 #2

Updated by Vladimír Kotýnek 11 months ago

  • Related to Task #864: Parameter for disable account reusing added
Actions
Copy link
 #3

Updated by Peter Štrunc 10 months ago

  • Target version set to 13.0.7
Actions
Copy link

Also available in: Atom PDF