Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18057

Identities page displays Internal Server Error when a user does not have search attribute defined

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.0.0, 7.1.2
    • 7.1.1, 7.2.0, 2021.11
    • rest, XUI
    • Rank:
      1|i01bmc:i
    • AM Sustaining Sprint 87, AM Sustaining Sprint 88, AM Sustaining Sprint 89
    • 3

      Description

      Bug description

      When there are LDAP entries that match the search filter, but they don't have the LDAP Users Search Attribute attribute specified, the REST query blows up with an NPE:

      java.lang.NullPointerException: null
      	at deployment.ROOT.war//com.sun.identity.common.CaseInsensitiveHashMap$Entry.getKey(CaseInsensitiveHashMap.java:156)
      	at deployment.ROOT.war//com.sun.identity.idm.server.IdServicesImpl.combineSearchResults(IdServicesImpl.java:2396)
      	at deployment.ROOT.war//com.sun.identity.idm.server.IdServicesImpl.search(IdServicesImpl.java:1423)
      	at deployment.ROOT.war//com.sun.identity.idm.server.IdCachedServicesImpl.search(IdCachedServicesImpl.java:585)
      	at deployment.ROOT.war//com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:314)
      	at deployment.ROOT.war//com.sun.identity.idsvcs.opensso.IdentityServicesImpl.fetchAMIdentities(IdentityServicesImpl.java:1071)
      	at deployment.ROOT.war//com.sun.identity.idsvcs.opensso.IdentityServicesImpl.searchIdentityDetails(IdentityServicesImpl.java:529)
      	at deployment.ROOT.war//org.forgerock.openam.core.rest.IdentityResourceV3.queryCollection(IdentityResourceV3.java:211)
      	at deployment.ROOT.war//org.forgerock.openam.core.rest.IdentityResourceV4.queryCollection(IdentityResourceV4.java:494)
      

      How to reproduce the issue

      • update the embedded user store settings to use the description attribute as LDAP Users Search Attribute and make sure that the description attribute is included in the LDAP User Attributes list.
      • Access the Identities page.
        Since the demo user exists in the embedded data store and does not have the description attribute defined, the query will fail with the aforementioned NPE.
      Expected behaviour

      The query survives the case when there are entries that don't have the search attribute specified. Either those entries can be skipped in the result list, or the search could use the presence filter for the search attribute to ensure that such entries won't cause problems.

      Current behaviour

      Unhelpful error message on UI, and NPE in the CoreSystem log.

      Work around

      Cleanse user data store, or update the user search filter so that only relevant entries are returned.
      Potentially the user search attribute should be a required attribute by the structural objectclass used.

        Attachments

          Activity

            People

            flynn.bastin Flynn Bastin
            peter.major.fr Peter Major
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: