Description of problem: If ldap(AD)'s structure is like this: === - com - sample - Business Unit 1 - Subunit 1.1 - user 1 - user 2 - Business Unit 2 - Subunit 2.1 - user 3 === we can not find all of users in this structure by Using appropriate base DN, "com.sample", because default search scope used by LDAPUserGroupCallbackImpl is "one"[1]. Therefore, setting base DN to the root DN does not work. Although we can use a custom LDAPUserGroupCallbackImpl, this is a common use case for ldap search, so I report it as bug. [1] Default is search one level http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchControls.html#SearchControls() Steps to Reproduce: 1. prepare ldap tree like this: === - com - sample - Business Unit 1 - Subunit 1.1 - user 1 - user 2 - Business Unit 2 - Subunit 2.1 - user 3 === 2. find users Actual results: LDAPUserInfoImpl can find either "user 1 and 2" or "user 3" Expected results: LDAPUserInfoImpl can find all of users.
change merged into master with slight changes to be only used when actually is set in properties. jbpm master: https://github.com/droolsjbpm/jbpm/commit/dd2b435682fbc1c702a24d6085bf0091a7d82f17
backported to both 6.1.x and 6.0.x jbpm 6.1.x: https://github.com/droolsjbpm/jbpm/commit/14aa22a967844f1aef3a6bd61dc6e153421fbad4 6.0.x: https://github.com/droolsjbpm/jbpm/commit/ba38dcb42421c8f20ee59cb875276d9cbf60cbab
https://gitlab.mw.lab.eng.bos.redhat.com/bxms/brms/blob/2df19b26eea173e81e774dad3f60a9c97bb61c0c/test-jbpm-regression/src/test/java/com/bpms/customer/BZ1110206LdapUserGroupCallbackSearchScopeTest.java https://gitlab.mw.lab.eng.bos.redhat.com/bxms/brms/blob/2df19b26eea173e81e774dad3f60a9c97bb61c0c/test-jbpm-regression/src/test/java/com/bpms/customer/BZ1110206LdapUserInfoSearchScopeTest.java Maciej, great job! According to the results of the tests listed above both components are working as expected. However, I am not sure if the default search scope should be OBJECT_SCOPE when it is not possible to parse the value of 'ldap.search.scope' property. If this property is not set, ONELEVEL_SCOPE is used (as it was in the previous versions). I would recommend to unify this behavior and use ONELEVEL_SCOPE in both cases. What do you think?
Tomas, that's a valid point as when SearchControls object is created with default constructor it does use ONELEVEL_SCOPE so when parsing fails it should do the same. I'll make a change. Thanks a lot!
consistency fix applied jbpm master: https://github.com/droolsjbpm/jbpm/commit/2ab3688e7a97d2bb9ecb00a74e4f8da97d2469c9 6.1.x: https://github.com/droolsjbpm/jbpm/commit/6ee6ea828636a53cb84b5a1f3c6ab406d410fe94 6.0.x: https://github.com/droolsjbpm/jbpm/commit/f8fdb419d48f6700276573c32e2acd705773546e
Verified on BPMS 6.0.3 CR1
Maciej Swiderski <swiderski.maciej> updated the status of jira JBPM-4367 to Resolved
Kris Verlaenen <kris.verlaenen> updated the status of jira BPMSPL-83 to Resolved