Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9449

Cant Assign a User to a Group using the Rest API when the user store is Active Directory

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 13.5.0
    • Fix Version/s: None
    • Component/s: rest
    • Labels:
      None
    • Rank:
      1|hzrtlj:

      Description

      If I have Open Directory set up as a datastore and create a group "group1" and a user "ebtest1" and then try to use the Rest request described in the temper test method testAddGroupMemberAsAdmin in class TestRESTGroupUpdate
      com.forgerock.openam.functionaltest.restcommon.group

      REQUEST

       PUT http://ed-am2.test.forgerock.com:18081/openam/json/groups/group1 HTTP/1.1
      Accept-Encoding: gzip,deflate
      iPlanetDirectoryPro: AQIC5wM2LY4SfcytyOpqq9p1NLrrfqvmgF3RLol0MpWGzWA.*AAJTSQACMDEAAlNLABIyMTc4Mjk1MDEyMjE0NzAzMjQAAlMxAAA.*
      Content-Type: application/json
      Content-Length: 109
      Host: ed-am2.test.forgerock.com:18081
      Connection: Keep-Alive
      User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
      
      {"name":"group1","realm":"/","uniqueMember":["uid=ebtest1,ou=user,dc=example,dc=com"],"cn":"group1"}
      

      The response was

      HTTP/1.1 403 Forbidden
      Server: Apache-Coyote/1.1
      Cache-Control: no-cache
      Content-API-Version: resource=3.0
      Content-Type: application/json;charset=UTF-8
      Transfer-Encoding: chunked
      Date: Mon, 18 Jul 2016 16:06:54 GMT
      
      {"code":403,"reason":"Forbidden","message":"Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception.  ldap errorcode=67"}
      

      I was expecting a 200 response and for the user to be put into the group.

      From doing the automated tests, the tests work when we are using OpenDJ User store but not when using Active Directory.

      I am not sure if I need to be using a different term for uniqueMember or if this is a genuine issue.

      Note that I have checked adding users to groups using the GUI and this works fine.

      I have also checked Active Directory logs and there does not seem to be any record of request made by OpenAM to the AD Server

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              edward.barker edwardb
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: