Hide Forgot
project_key: JBEPP 1. startup clean epp 5.0.1 (1st instance) ... shut it down 2. startup epp 5.0.1 configured with LDAP 3. startup clean epp 5.0.1 (2nd instance) ... shut it down 4. startup epp 5.0.1 configured with LDAP 5. items in the group menu are now doubled
Pls see the comment above and verify on that scenario and then assign to Bolek based on what you find.
when the IDM was pointing to single DB instance in each step, no menu was doubled
assigning to Bolek. the issue remains in EPP 5.1.0.
Release Notes Docs Status: Added: Not Required
Labels: Added: EPP_5_2_1_Candidate
Viliam, could you verify in 5.2.0 ?
Please reassign to Bolek if that's still an issue
just checked. still an issue with 5.2.0, reassigning to bolek.
Labels: Removed: EPP_5_2_1_Candidate
More precise procedure to reproduce this from Viliam: 1. start 5.0.1 in def config, stop it 2. configure 5.0.1 to use ldap (read/write) on perf15. the ldap was empty. start the server, check, if everything is ok (open in browser), login as root, check the group menu. everything looks fine, stop the server 3. start 5.2.0 in def config, stop it 4. configure 5.2 to use ldap (r/w) on perf15 - the same as before, ldap now has data, which were populated after 5.0.1 start. start the server, login as root 5. in group menu, i see everything two times
I spent significant time testing this and came to the conclusion that scenario is not good. Main problem with this bug is that it tries to migrate /platform/* groups created in LDAP without keeping IDM database. Also because EPP was started without LDAP connected first, entries like /platform/users are added to LDAP without any memberships. Therefore state between DB and LDAP is a bit broken from the start. Main goal of this test scenario was to verify if users and groups added to LDAP in EPP 5.0 can be successfully picked up in EPP 5.2 with clean DB. To test this I tried steps below: 1) Start clean EPP 5.0.1. Stop it. 2) Configure 5.0.1 with LDAP in R/W config. However in idm-configuration.xml ONLY mapped this group entry: <entry> <key><string>/ext_platform/*</string></key> <value><string>platform_type</string></value> </entry> 3) Start EPP 5.0.1 instance again. Add new "testUser". Add new group "/ext_platform". Add new group "/test_platfrom/test_group". Add "testUser" as "member" of "/test_platform/test_group" 4) Verify that "testUser" and "test_group" are both present in LDAP. Stop EPP instance. 5) Run clean EPP 5.2.1 instance. Stop it. 6) Configure 5.0.1 with LDAP in R/W config. Apply same mapping in idm-configuration.xml as before. 7) Start EPP 5.2.1 instance again. C 8) Add new "/ext_platform" group. Verify that it contains "test_group" with "testUser" member. All entries added to LDAP in 5.0.1 are visable in 5.2.1.