Affects Version/s: 6.5.0, 22.214.171.124
Fix Version/s: 7.0.0
Under some circumstances, when the queued synchronization feature is enabled, it breaks the implicit synchronization to target systems. The steps below reproduce the issue.
- Start OpenIDM 126.96.36.199, using the "provisioning with roles" samples and DS as internal repo.
- replay the whole sample
- at the end, bjensen should have the "Employee" role.
- remove the "Employee" assignment from the "Employee" role: as expected, you should notice that bjensen's entry in DS is updated accordingly: her EmployeeType attribute has been removed and her isMemberOf attribute only contains "cn=openidm2,...".
- add again the "Employee" assignment to the "Employee" role: as expected, you should notice that bjensen's entry in DS is updated accordingly: her EmployeeType attribute has been populated and her isMemberOf attribute now contains 3 groups.
Now edit the sync.json to enable the queued sync feature for the "managedUser_systemLdapAccounts" mapping, by adding:
Now remove again the "Employee" assignment from the "Employee" role: you'll notice that:
- bjensen's entry in DS is not updated (which here basically means that enabling the queued sync breaks the synchronization between IDM and the LDAP target resource)
- the exception mentioned in https://bugster.forgerock.org/jira/browse/OPENIDM-13821 is triggered and displayed in the IDM debug log
- a new entry is added to the sync queue such as the one below