Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14744

Multivalued DN stops persistent search

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.1, 6.5.3, 7.0.0, 5.5.2
    • Fix Version/s: 6.0.1, 6.5.2.1, 6.5.3, 5.5.2
    • Component/s: None
    • Labels:
    • Sprint:
      AM Sustaining Sprint 62, AM Sustaining Sprint 63, AM Sustaining Sprint 64
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When DS has a duplicate entry conflict the server renames the conflicting entry using its entryUUID operational attribute and the RDN, for example - 

      entryuuid=entryUUID-value+original-RDN,original-parent-DN
      

      Once this happens the AM persistent search mechanism appears to stop working until a restart. 

      How to reproduce the issue

      1. Setup AM with an external DS userstore.
      2. Make a change to a user, for example email address and confirm this is updated in AM. 
      3. Create a new user with multiple DN, for example - 
      dn: entryuuid=2f1b58c3-4bee-4215-88bc-88202a7bcb9e+uid=newuser,ou=People,dc=example,dc=com
      uid: newuser
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      objectClass: top
      cn: New User
      sn: User
      ou: People
      mail: newuser@example.com
      userPassword: changeme

      4. Observe search in IdRepo (attached) IdRepoSearch.txt

      5. Make a change to another user and note that this is not updated in AM

       

      Expected behaviour

      AM should either ignore the duplicate or produce an error but persistent search should continue to operate
      
      Current behaviour
      Persistent search appears to get stuck on the multivalued DN
      

      Work around

      None found yet, amended the persistent search filter to exclude entries including entryuuid but the problem still happens

      Code analysis

       

      org.forgerock.$className.java
      ...
      

        Attachments

        1. 00-core.ldif
          43 kB
        2. IdRepo
          1.64 MB
        3. IdRepoSearch.txt
          182 kB
        4. ldap-access.audit.json
          814 kB

          Activity

            People

            • Assignee:
              sachiko Sachiko Wallace
              Reporter:
              robert.matthews Robert Matthews
            • Votes:
              2 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: