Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14358

AM group membership queries return different member representations for a READ vs a QUERY

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.5.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Target Version/s:

      Description

      Bug description

      When reading an individual group, users within that group are returned by their username only.

      When reading all groups, users within a given group are returned by the DN.

      As the DN representation of a user is backend specific, this should be changed to match the individual group outcome, such that users are referred to by their unique usernames, not their DNs.

      How to reproduce the issue

      Query a group with a member in it, then query all groups. Note the difference in the returned "uniqueMember" element's format between the two responses.

      Querying all groups (returns dns)
      {
        "result": [
          {
            "_id": "newGroup",
            "_rev": "299189507",
            "username": "newGroup",
            "realm": "/",
            "universalid": [
              "id=newGroup,ou=group,ou=am-config"
            ],
            "dn": [
              "cn=newGroup,ou=groups,ou=identities"
            ],
            "cn": [
              "newGroup"
            ],
            "uniqueMember": [
              "uid=john,ou=people,ou=identities"
            ],
            "objectclass": [
              "top",
              "groupofuniquenames"
            ]
          }
        ],
        "resultCount": 1,
        "pagedResultsCookie": null,
        "totalPagedResultsPolicy": "NONE",
        "totalPagedResults": -1,
        "remainingPagedResults": 0
      }
      
      PERFORMING A GET ON A GROUP
      {
        "_id": "newGroup",
        "_rev": "-58695888",
        "username": "newGroup",
        "realm": "/",
        "universalid": [
          "id=newGroup,ou=group,ou=am-config"
        ],
        "members": {
          "uniqueMember": [
            "john"
          ]
        },
        "objectclass": [
          "top",
          "groupofuniquenames"
        ],
        "cn": [
          "newGroup"
        ],
        "dn": [
          "cn=newGroup,ou=groups,ou=identities"
        ],
        "privileges": {
          "RealmAdmin": false,
          "LogAdmin": false,
          "LogRead": false,
          "LogWrite": false,
          "AgentAdmin": false,
          "FederationAdmin": false,
          "RealmReadAccess": false,
          "PolicyAdmin": false,
          "EntitlementRestAccess": false,
          "PrivilegeRestReadAccess": false,
          "PrivilegeRestAccess": false,
          "ApplicationReadAccess": false,
          "ApplicationModifyAccess": false,
          "ResourceTypeReadAccess": false,
          "ResourceTypeModifyAccess": false,
          "ApplicationTypesReadAccess": false,
          "ConditionTypesReadAccess": false,
          "SubjectTypesReadAccess": false,
          "DecisionCombinersReadAccess": false,
          "SubjectAttributesReadAccess": false,
          "SessionPropertyModifyAccess": false
        }
      }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              david.luna@forgerock.com David Luna
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: