Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-2196

OpenDJ does not return the isMemberOf attribute via REST

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 2.8.0, 2.6.3, 2.6.2, 2.6.1
    • Fix Version/s: 3.0.0
    • Component/s: core server
    • Labels:
    • Support Ticket IDs:
    • Sprint:
      OpenDJ Sprint 68

      Description

      OpenDJ version 2.6.1-3.0 is not returning group memberships via isMemberOf when accessed using the REST interface; 2.6.0 works.

      Using a basic http-config.json configuration and users and groups, REST calls are not returning isMemberOf memberships. Setting suppress-internal-operations:false also shows the REST call "is" requesting isMemberOf.

      dn: uid=user.0,ou=People,dc=forgerock,dc=com
      cn: Aaccf Amar
      uid: user.0
      isMemberOf: cn=My Group,ou=Groups,dc=forgerock,dc=com

      1. Basic REST call all attributes

      curl http://opendj.forgerock.com:8080/users/user.0?\&_prettyPrint=true
      {
      "_rev" : "000000000c63b150",
      "schemas" : [ "urn:scim:schemas:core:1.0" ],
      "contactInformation" :

      { "telephoneNumber" : "+1 685 622 6202", "emailAddress" : "user.0@maildomain.net" }

      ,
      "_id" : "user.0",
      "name" :

      { "familyName" : "Amar", "givenName" : "Aaccf" }

      ,
      "userName" : "user.0@maildomain.net",
      "displayName" : "Aaccf Amar"
      }

      [01/Jul/2015:11:00:08 -0600] CONNECT conn=0 from=192.168.0.11:49803 to=192.168.0.11:8080 protocol=HTTP/1.1
      [01/Jul/2015:11:00:08 -0600] SEARCH REQ conn=0 op=0 msgID=0 base="uid=user.0,ou=people,dc=forgerock,dc=com" scope=baseObject filter="(objectClass=*)" attrs="etag,manager,telephoneNumber,mail,uid,sn,givenName,cn,modifyTimestamp,createTimestamp,isMemberOf"
      [01/Jul/2015:11:00:08 -0600] SEARCH RES conn=0 op=0 msgID=0 result=0 nentries=1 etime=10
      [01/Jul/2015:11:00:08 -0600] DISCONNECT conn=0 reason="Client Unbind"

      2. Groups REST call

      curl 'http://opendj.forgerock.com:8080/users/user.0?_fields=displayName,groups&_prettyPrint=true'

      { "displayName" : "Aaccf Amar" }

      [01/Jul/2015:11:00:08 -0600] CONNECT conn=1 from=192.168.0.11:49804 to=192.168.0.11:8080 protocol=HTTP/1.1
      [01/Jul/2015:11:00:08 -0600] SEARCH REQ conn=1 op=0 msgID=0 base="uid=user.0,ou=people,dc=forgerock,dc=com" scope=baseObject filter="(objectClass=*)" attrs="cn,isMemberOf,uid,etag"
      [01/Jul/2015:11:00:08 -0600] SEARCH RES conn=1 op=0 msgID=0 result=0 nentries=1 etime=2
      [01/Jul/2015:11:00:08 -0600] DISCONNECT conn=1 reason="Client Unbind"

      The behavior is correct in OpenDJ 2.6.0

      1. Basic REST call all attributes

      curl http://opendj.forgerock.com:8080/users/user.0?\&_prettyPrint=true
      {
      "_rev" : "0000000007c3b0f8",
      "schemas" : [ "urn:scim:schemas:core:1.0" ],
      "contactInformation" :

      { "telephoneNumber" : "+1 685 622 6202", "emailAddress" : "user.0@maildomain.net" }

      ,
      "_id" : "user.0",
      "name" :

      { "familyName" : "Amar", "givenName" : "Aaccf" }

      ,
      "userName" : "user.0@maildomain.net",
      "displayName" : "Aaccf Amar",
      "groups" : [

      { "_id" : "My Group" }

      ]
      }

      2. Groups REST call

      curl 'http://opendj.forgerock.com:8080/users/user.0?_fields=displayName,groups&_prettyPrint=true'
      {
      "displayName" : "Aaccf Amar",
      "groups" : [

      { "_id" : "My Group" }

      ]

      In the 2.6.2 case, the customer added an ACI to allow the isMemberOf return to be seen via REST.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                matthew Matthew Swift
                Reporter:
                lee.trujillo Lee Trujillo
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: