Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-1353

LDAP Connector: NPE if provisioner has attribute-mapping for objectGUID but system account does not have objectGUID

    Details

      Description

      Reproducible on IDM 6.5.0.3, with LDAP Connector 1.4.8.0 or 1.5.4.0.

      If an LDAP provisioner is configured with attribute-mapping for objectGUID,
      REST GET of a system account that does not have objectGUID results in an NPE.

      TEST CASE:
      ~~~~~~~~

      1. Setup IDM 6.5.0.3, DS 6.5.3 (or any non-Active Directory LDAP server).

      2. Use the provisioner config from samples/sync-with-ldap-bidirectional.

      3. Add attribute-mapping of an attribute "objectGUID" to provisioner config, e.g.

      "objectGUID" : {
       "type" : "string",
       "nativeName" : "objectGUID",
       "nativeType" : "JAVA_TYPE_BYTE_ARRAY"
      },

      4. As the LDAP server here is not Active Directory, some entries do not have an "objectGUID".

      5. REST GET or query to retrieve a user, fails with Internal Server Error:

      $ curl -u openidm-admin:openidm-admin "http://host1:8080/openidm/system/ldap/account/0d3ce3bf-4107-3b34-9e5a-fa71deb8b504"
      
      {"code":500,"reason":"Internal Server Error","message":"Internal Server Error"}

      openidm0.log.0:

      [129] Jul 20, 2020 2:28:26.431 PM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3 lambda$handleRequestWithLogging$8
      WARNING: Resource exception: 500 Internal Server Error: "Internal Server Error"
      org.forgerock.json.resource.InternalServerErrorException: Internal Server Error
       at org.forgerock.openidm.provisioner.openicf.impl.ObjectClassResourceProvider.handleRead(ObjectClassResourceProvider.java:584)
       at org.forgerock.openidm.provisioner.openicf.impl.ObjectClassRequestHandler.handleRead(ObjectClassRequestHandler.java:142)
      ...
      Caused by: java.lang.NullPointerException
       at org.identityconnectors.ldap.ad.ADLdapUtil.objectGUIDtoDashedString(ADLdapUtil.java:75)
       at org.identityconnectors.ldap.search.LdapSearch.createConnectorObject(LdapSearch.java:412)
      ...

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              gael Gael Allioux
              Reporter:
              wei-yee.lum Wei-Yee Lum
              QA Assignee:
              Son Nguyen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: