-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Won't Fix
-
Affects Version/s: 13.5.1, 5.5.1
-
Fix Version/s: None
-
Component/s: configurator
-
Labels:None
-
Environment:am/OpenAm versions: 5.5.1
OS type and bit: RedHat Linux 7.4
Ldap type and version: OpenDJ 5.5
-
Support Ticket IDs:
When opening the subject / group / AppAdmin view (where AppAdmin is the group name), the flowing error pops out:
Error
Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=95"
business impact:
Unable to have groups that have the same name but different OUs. The application we are developing on OpenAM require this.
findings:
AM does not operate on LDAP entries but on identity subjects, although the UUID might look like a distinguished name. The 'IdRepo' API is extensible so other sources, like a noSQL database could be plugged in by writing a custom implementation of IdRepo.
The big question is how two different Directory Server entries, uniquely distinguished by their Distinguished Name, could be mapped to two different AM group identity subjects. What should be used to displayed in the console or be used for the UUID?