Skip to content

[SYNCOPE-1921] Separate membership attribute on __ACCOUNT__ and ldapGroups attribute for connector #1159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[SYNCOPE-1921] Separate membership attribute on __ACCOUNT__ and ldapGroups attribute for connector #1159

wants to merge 4 commits into from

Conversation

@markusokon
Copy link

@markusokon markusokon commented Aug 21, 2025

Currently LDAPMembershipPropagationActions uses the same attribute for writing the result into the propagation data and fetching the preexisting group memberships of the user object in LDAP. This leads to the beforeObj.getAttributeByName() call never returning any groups in the default case and therefore Syncope trying to edit groups it doesn't own/control.

This is fixed in this pull request by separating the attribute name used into one which the connector receives, containing all the group memberships after the execution, and the attribute name which is used to get all current memberships from the LDAP object.

Furthermore I added a performance optimization by searching for the groups managed by Syncope only once and not potentially hundreds of times.

@ilgrosso
Copy link
Member

ilgrosso commented Aug 21, 2025
edited
Loading

Hi @markusokon please open an issue on JIRA to illustrate what issue this PR is going to solve.

Also, unless you have already contributed to other ASF projects, please submit your ICLA https://www.apache.org/licenses/contributor-agreements.html#clas

@ilgrosso
Copy link
Member

ilgrosso commented Sep 3, 2025

@markusokon any update?

@markusokon
Copy link
Author

markusokon commented Sep 4, 2025

Hi @ilgrosso

it's currently under discussion if this code also requires a CCLA to be signed and I will give you an update ASAP.

@ilgrosso
Copy link
Member

ilgrosso commented Oct 2, 2025

Hi @markusokon it's been about a month since last update: please let us know if there is any news, thanks.

@markusokon
Copy link
Author

markusokon commented Oct 20, 2025

Sorry for keeping you waiting, it took a bit longer than expected. I just sent the ICLA and CCLA to [email protected] and requested a JIRA account to open the issue.

@ilgrosso ilgrosso changed the title Separate membership attribute on __ACCOUNT__ and ldapGroups attribute for connector [SYNCOPE-1921] Separate membership attribute on __ACCOUNT__ and ldapGroups attribute for connector Oct 21, 2025
ilgrosso
ilgrosso requested changes Oct 21, 2025
View reviewed changes
Copy link
Member

@ilgrosso ilgrosso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest to perform at least a full build by simple

mvn -T 1C clean install

from the root folder.

@markusokon markusokon requested a review from ilgrosso October 21, 2025 13:57
@ilgrosso
Copy link
Member

ilgrosso commented Oct 21, 2025

@markusokon you have a checkstyle error:

Error: src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java:[97,1] (whitespace) FileTabCharacter: File contains tab characters (this is the first instance).

@ilgrosso
Copy link
Member

ilgrosso commented Oct 21, 2025
edited
Loading

@markusokon as you can see, the following integration test is failing:

PropagationTaskITCase.issueSYNCOPE1473:835 expected: <2> but was: <1>

e.g. here: https://github.com/apache/syncope/blob/master/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PropagationTaskITCase.java#L835

@ilgrosso
Copy link
Member

ilgrosso commented Oct 30, 2025

@markusokon do you have any news to fix the failing integration test?

@ilgrosso
Copy link
Member

ilgrosso commented Nov 7, 2025

@markusokon no feedback for 2 weeks: shall we close this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ilgrosso ilgrosso Awaiting requested review from ilgrosso

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@markusokon @ilgrosso