Help Desk Ticket Reference: https://c.na7.visual.force.com/apex/Case_View?id=500A0000008zK0l&sfdc.override=1 project_key: JBEPP Deleting a group causes IdentityException with openldap. - Setup openldap for idm (http://community.jboss.org/wiki/GateInWithLDAPAsADefaultUserAndGroupStore) - Login as root - Go to 'Group Management' - Add a new group "AAAA" under "Platform" - Add a new group "BBBB" under "AAAA" - Delete "BBBB" {noformat} 18:04:16,922 INFO [GroupDAOImpl] Identity operation error: org.picketlink.idm.common.exception.IdentityException: Identity object search failed. at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:886) at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1240) at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:1125) at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.findIdentityObject(FallbackIdentityStoreRepository.java:967) at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:946) at org.picketlink.idm.impl.api.session.managers.RelationshipManagerImpl.findAssociatedGroups(RelationshipManagerImpl.java:1006) at org.exoplatform.services.organization.idm.GroupDAOImpl.findGroups(GroupDAOImpl.java:489) at org.exoplatform.organization.webui.component.UIGroupExplorer.changeGroup(UIGroupExplorer.java:123) at org.exoplatform.organization.webui.component.UIGroupManagement$DeleteGroupActionListener.execute(UIGroupManagement.java:160) at org.exoplatform.webui.event.Event.broadcast(Event.java:89) at org.exoplatform.webui.core.lifecycle.Lifecycle.processAction(Lifecycle.java:56) at org.exoplatform.webui.core.UIComponent.processAction(UIComponent.java:133) ... Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=BBBB,ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1309) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:133) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:128) at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:854) ... 142 more 18:04:17,007 ERROR [portal:UIPortalApplication] Error during the processAction phase org.picketlink.idm.common.exception.IdentityException: Identity object search failed. at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.findIdentityObject(LDAPIdentityStoreImpl.java:886) at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.resolveRelationships(LDAPIdentityStoreImpl.java:1649) at org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl.getRelationshipsCount(LDAPIdentityStoreImpl.java:1570) at org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository.getRelationshipsCount(FallbackIdentityStoreRepository.java:1254) at org.picketlink.idm.impl.api.session.managers.RoleManagerImpl.getRolesCount(RoleManagerImpl.java:883) at org.exoplatform.services.organization.idm.IDMMembershipListAccess.getSize(IDMMembershipListAccess.java:173) at org.exoplatform.organization.webui.component.UIUserInGroup.setValues(UIUserInGroup.java:138) at org.exoplatform.organization.webui.component.UIGroupInfo.setGroup(UIGroupInfo.java:46) at org.exoplatform.organization.webui.component.UIGroupExplorer.changeGroup(UIGroupExplorer.java:141) at org.exoplatform.organization.webui.component.UIGroupManagement$DeleteGroupActionListener.execute(UIGroupManagement.java:160) at org.exoplatform.webui.event.Event.broadcast(Event.java:89) at org.exoplatform.webui.core.lifecycle.Lifecycle.processAction(Lifecycle.java:56) at org.exoplatform.webui.core.UIComponent.processAction(UIComponent.java:133) ... {noformat} The group explorer keeps throwing this exception until you remove the parent group('AAAA'). IDM seems to remove only a group but not a relationship?? I observe that the relationship remains in AAAA even though BBBB itself was removed. {noformat} dn: cn=AAAA,ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com objectClass: top objectClass: groupOfNames cn: AAAA member: ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com member: cn=BBBB,ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com {noformat}
Attachment: Added: add_group_01.png Attachment: Added: add_group_02.png
Link: Added: This issue incorporates GTNPORTAL-2320
Labels: Added: EPP_5_2_1_Candidate
Labels: Removed: EPP_5_2_1_Candidate
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: CAUSE: In some cases group was delated without removing association to the parent group before. This was causing IdentityException and persisting error in the UI. FIX: Code was adjusted to do better check if any group associations were removed before performing delate operation
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,3 +1 @@ -CAUSE: In some cases group was delated without removing association to the parent group before. This was causing IdentityException and persisting error in the UI. +If a nested IDM OpenLDAP child group was deleted from it's parent, an IdentityException occurred because OpenLDAP IDM removed the child group but not the parent-child relationship. The fix improves the logic behind child group deletion to ensure group associations are removed prior to deleting a group.- -FIX: Code was adjusted to do better check if any group associations were removed before performing delate operation
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -If a nested IDM OpenLDAP child group was deleted from it's parent, an IdentityException occurred because OpenLDAP IDM removed the child group but not the parent-child relationship. The fix improves the logic behind child group deletion to ensure group associations are removed prior to deleting a group.+If a nested IDM OpenLDAP child group was deleted from its parent, an IdentityException occurred because OpenLDAP IDM removed the child group but not the parent-child relationship. The fix improves the logic behind child group deletion to ensure group associations are removed prior to deleting a group.
Can anyone tell me where could I find the fix of this issue ?
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.