Project

General

Profile

Actions

Defect #981

closed

Wrong object class is used when retrieving account attributes

Added by Peter Štrunc almost 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Vít Švanda
Category:
Provisioning
Target version:
Start date:
02/22/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

I found a bug in otherwise awesome and magnificent feature of getting account attributes from system (Systems -> select system -> Entities (or Accounts) -> select entity (or account)). When IdM tries to get the object from system, it always uses objectClass=__ACCOUNT__. This creates serious problem for example when different identifiers are used for accounts and groups (in connector configuration).

What is strange is that provisioning of roles (groups) to that system works well so i think only this feature is affected by this behavior.

I set the target version to 7.6.1 because it is the version which i was using and also i need the bugfix to be done on this version (create 7.6.2).

Actions #1

Updated by Vít Švanda almost 7 years ago

  • Target version changed from Forsterite (7.6.1) to Hematite (8.0.0)
Actions #2

Updated by Peter Štrunc almost 7 years ago

  • Status changed from New to In Progress
  • Assignee changed from Vít Švanda to Peter Štrunc
Actions #3

Updated by Peter Štrunc almost 7 years ago

I wanted to unit test ConnIdIcConnectorService, but it cannot be done since it uses static method ConnectorFacadeFactory.getManagedInstance() hence it cannot be mocked. I dropped TODO there so it can be refactored later and properly tested. I will do integration test instead.

Actions #4

Updated by Peter Štrunc almost 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Peter Štrunc to Vít Švanda
  • % Done changed from 0 to 90

Implemeted in psourek/981-read-acc-obj-class. Can you please review it? Thanks

Actions #5

Updated by Vít Švanda almost 7 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Vít Švanda to Peter Štrunc
I did review and test. Code looks nice. How can I see you are in love with java streams. I like it too (generaly for filtering). Beware of using streams everywhere, because you can with it prepare hard time for next developers (debuging is much more complicated).
  • For next please create pull request.
  • Test ConnIdIcConnectorServiceTest is totally empty and can be removed.
  • For system entity it works fine. But not for acc account. Tab accounts loading the connector object too. It is simil as for system-entity, but recieved attributes are filtered by schema attributes.
    You have to call your new method from account service too. Here will be problem with dependency, because system-entity service already used the account service. You can't create cross dependency from account service to system-entity service.
    Please move your new methods to SysSystemMappingService (getObjectClassForSystemEntity -> getObjectClass(systemId, entityType)).
Actions #6

Updated by Vít Švanda almost 7 years ago

  • Target version deleted (Hematite (8.0.0))
Actions #7

Updated by Vít Švanda almost 7 years ago

  • Target version set to Jade (8.1.0)
Actions #8

Updated by Vít Švanda over 6 years ago

  • Target version changed from Jade (8.1.0) to Lapis (8.2.0)
Actions #9

Updated by Vít Švanda over 6 years ago

  • Target version changed from Lapis (8.2.0) to Malachite (9.0.0)
Actions #10

Updated by Vít Švanda over 6 years ago

  • Target version deleted (Malachite (9.0.0))
Actions #11

Updated by Vít Švanda over 3 years ago

  • Assignee changed from Peter Štrunc to Vít Švanda
  • Target version set to 11.1.0
  • Affected versions Amethyst added
Actions #12

Updated by Vít Švanda over 3 years ago

Feature implemented within #2690.

For get correct schema object name, was implemented new method SysSchemaObjectClassService.findByAccount(systemId, entityType). This solution is base on assumption that the schema type is used only for one entity type (in provisioning and sync too).

Actions #13

Updated by Vít Švanda over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Ondrej Husník
Actions #14

Updated by Ondrej Husník over 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Ondrej Husník to Vít Švanda
  • % Done changed from 90 to 100

I tested this feature on AD - group synchronization. The state of the account of a synchronized group can be now displayed properly. I believe it will be useful for users. Great!
Thanks for the additional test case explanation helped a lot.

Actions #15

Updated by Radek Tomiška over 3 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF