Bug 1110206
| Summary: | LDAPUserGroupCallbackImpl and LDAPUserInfoImpl do not support SUB_TREE search scope | ||
|---|---|---|---|
| Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | Hisao Furuichi <hfuruich> |
| Component: | jBPM Core | Assignee: | Alessandro Lazarotti <alazarot> |
| Status: | CLOSED EOL | QA Contact: | Radovan Synek <rsynek> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.0.1 | CC: | alazarot, kverlaen, mbaluch, rrajasek |
| Target Milestone: | CR1 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-27 20:13:10 UTC | Type: | Feature Request |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1115481 | ||
change merged into master with slight changes to be only used when actually is set in properties. jbpm master: https://github.com/droolsjbpm/jbpm/commit/dd2b435682fbc1c702a24d6085bf0091a7d82f17 backported to both 6.1.x and 6.0.x jbpm 6.1.x: https://github.com/droolsjbpm/jbpm/commit/14aa22a967844f1aef3a6bd61dc6e153421fbad4 6.0.x: https://github.com/droolsjbpm/jbpm/commit/ba38dcb42421c8f20ee59cb875276d9cbf60cbab https://gitlab.mw.lab.eng.bos.redhat.com/bxms/brms/blob/2df19b26eea173e81e774dad3f60a9c97bb61c0c/test-jbpm-regression/src/test/java/com/bpms/customer/BZ1110206LdapUserGroupCallbackSearchScopeTest.java https://gitlab.mw.lab.eng.bos.redhat.com/bxms/brms/blob/2df19b26eea173e81e774dad3f60a9c97bb61c0c/test-jbpm-regression/src/test/java/com/bpms/customer/BZ1110206LdapUserInfoSearchScopeTest.java Maciej, great job! According to the results of the tests listed above both components are working as expected. However, I am not sure if the default search scope should be OBJECT_SCOPE when it is not possible to parse the value of 'ldap.search.scope' property. If this property is not set, ONELEVEL_SCOPE is used (as it was in the previous versions). I would recommend to unify this behavior and use ONELEVEL_SCOPE in both cases. What do you think? Tomas, that's a valid point as when SearchControls object is created with default constructor it does use ONELEVEL_SCOPE so when parsing fails it should do the same. I'll make a change. Thanks a lot! consistency fix applied jbpm master: https://github.com/droolsjbpm/jbpm/commit/2ab3688e7a97d2bb9ecb00a74e4f8da97d2469c9 6.1.x: https://github.com/droolsjbpm/jbpm/commit/6ee6ea828636a53cb84b5a1f3c6ab406d410fe94 6.0.x: https://github.com/droolsjbpm/jbpm/commit/f8fdb419d48f6700276573c32e2acd705773546e Verified on BPMS 6.0.3 CR1 Maciej Swiderski <swiderski.maciej> updated the status of jira JBPM-4367 to Resolved Kris Verlaenen <kris.verlaenen> updated the status of jira BPMSPL-83 to Resolved |
Description of problem: If ldap(AD)'s structure is like this: === - com - sample - Business Unit 1 - Subunit 1.1 - user 1 - user 2 - Business Unit 2 - Subunit 2.1 - user 3 === we can not find all of users in this structure by Using appropriate base DN, "com.sample", because default search scope used by LDAPUserGroupCallbackImpl is "one"[1]. Therefore, setting base DN to the root DN does not work. Although we can use a custom LDAPUserGroupCallbackImpl, this is a common use case for ldap search, so I report it as bug. [1] Default is search one level http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchControls.html#SearchControls() Steps to Reproduce: 1. prepare ldap tree like this: === - com - sample - Business Unit 1 - Subunit 1.1 - user 1 - user 2 - Business Unit 2 - Subunit 2.1 - user 3 === 2. find users Actual results: LDAPUserInfoImpl can find either "user 1 and 2" or "user 3" Expected results: LDAPUserInfoImpl can find all of users.