Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13169

group names having the same CN but different full Distinguished Name Path

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: 13.5.1, 5.5.1
    • Fix Version/s: None
    • Component/s: configurator
    • Labels:
      None
    • Environment:
      am/OpenAm versions: 5.5.1
      OS type and bit: RedHat Linux 7.4
      Ldap type and version: OpenDJ 5.5
    • Support Ticket IDs:

      Description

      When opening the subject / group / AppAdmin view (where AppAdmin is the group name), the flowing error pops out:

      Error
      Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=95"

      business impact:

      Unable to have groups that have the same name but different OUs. The application we are developing on OpenAM require this.

       

      findings:

      AM does not operate on LDAP entries but on identity subjects, although the UUID might look like a distinguished name. The 'IdRepo' API is extensible so other sources, like a noSQL database could be plugged in by writing a custom implementation of IdRepo.

      The big question is how two different Directory Server entries, uniquely distinguished by their Distinguished Name, could be mapped to two different AM group identity subjects. What should be used to displayed in the console or be used for the UUID?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jobby.thomas Jobby Thomas
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: