Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13265

reconById fails with sourceQueryFullEntry true on an external source

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      3
    • Sprint:
      2019.9 - IDM
    • Support Ticket IDs:
    • Zendesk ID:
      40085

      Description

      To reproduce this issue:

      1. Create a mapping from ldap DJ account to managed user, and set sourceQueryFullEntry.

                  "sourceQueryFullEntry" : true,
                  "sourceQuery" : {
                      "_queryFilter" : "true"
                      },
      

      2. Perform a full reconciliation, it works fine.

      3. Select one record and perform reconById, it fails due to most attributes from the source being missing.

      [300] May 21, 2019 11:35:51.614 AM org.forgerock.openidm.sync.SyncOperation lambda$updateTargetObject$2
      WARNING: Failed to update target object
      org.forgerock.json.resource.ForbiddenException: Policy validation failed
      ...
      org.forgerock.openidm.sync.SyncOperation.lambda$updateTargetObject$2(SyncOperation.java:841)
      Caused by: org.forgerock.openidm.script.ScriptThrownException: {code=403, detail={result=false, failedPolicyRequirements=[{policyRequirements=[{policyRequirement=REQUIRED}], property=userName}, {policyRequirements=[{policyRequirement=REQUIRED}], property=givenName}, {policyRequirements=[{policyRequirement=REQUIRED}], property=sn}, {policyRequirements=[{policyRequirement=REQUIRED}], property=mail}]}, message=Policy validation failed} {code=403, detail={result=false, failedPolicyRequirements=[{policyRequirements=[{policyRequirement=REQUIRED}], property=userName}, {policyRequirements=[{policyRequirement=REQUIRED}], property=givenName}, {policyRequirements=[{policyRequirement=REQUIRED}], property=sn}, {policyRequirements=[{policyRequirement=REQUIRED}], property=mail}]}, message=Policy validation failed}
      

      The workaround is to specify fields in the sourceQuery:

                   "sourceQueryFullEntry" : true,
                  "sourceQuery" : {
                      "_queryFilter" : "true",
                      "_fields" : "*"
                      },
      

        Attachments

          Activity

            People

            • Assignee:
              jbranch Jon Branch
              Reporter:
              yinyan.cao Yinyan Cao
            • Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: