Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16133

IdRepoCache being bypassed with increased usage of search alias

    XMLWordPrintable

    Details

    • Sprint:
      AM Sustaining Sprint 74, AM Sustaining Sprint 75, AM Sustaining Sprint 76
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      Incorrect search of uid=XXX when using Active Directory for datastore authentication

      How to reproduce the issue

      Install Active Directory as the only datastore in AM

      Get an access token from password grant type

      curl -s -k --request POST --user "$myOAuth2Client:$myoauth2client" --data "grant_type=password&username=$user&password=$password&scope=profile+openid" $openam/openam/oauth2/access_token

      Observe the IDRepo file

      DJLDAPv3Repo:04/16/2020 12:51:58:424 PM SGT: Thread[http-nio-8080-exec-1,5,main]: TransactionId[a26446f6-df64-432e-9c49-83c1fb8ad622-2006]
      constructFilter returned filter: (|(uid=Administrator))

       

      Expected behaviour
      Should not be searching for uid=<user> in an Active Directory
      
      Current behaviour
      The above query was searched 6 to 8 times 
      

      Work around

      Set this in the realm to cn

      Authentication -> Settings -> User Profle -> Alias Search Attribute Name -> cn

        Attachments

          Activity

            People

            Assignee:
            philip.anderson Philip Anderson
            Reporter:
            sam.phua Sam Phua
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: