Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15203

sustaining/5.0.x - PATCH on assignment doesn't trigger implicit sync

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: OpenIDM 5.0.1.2
    • Fix Version/s: None
    • Environment:
      OpenIDM 5.0.1.2-SNAPSHOT (6dc4429)

      Description

      When updating assignment through PATCH, implicit sync is not properly triggered

      *5.0.1.1 is not affected*

      1. startup IDM with sample2b (updated sync.json attached)
        # Create assignment
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --data '{ "name": "ldap", "description": "assignment description", "mapping": "managedUser_systemLdapAccounts", "attributes": [ { "name": "ou", "value": ["forgerock"], "assignmentOperation": "replaceTarget", "unassignmentOperation": "removeFromTarget" } ] }' --request PUT "http://localhost:8080/openidm/managed/assignment/new_ou"
      
      Response Content:
      {"_id":"new_ou","_rev":"0","name":"ldap","description":"assignment description","mapping":"managedUser_systemLdapAccounts","attributes":[{"name":"ou","value":["forgerock"],"assignmentOperation":"replaceTarget","unassignmentOperation":"removeFromTarget"}]}
      
      1. Create role with assignment
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --data '{ "name": "role_employee", "description": "Employee Role", "assignments": [{"_ref":"managed/assignment/new_ou"}] }' --request PUT "http://localhost:8080/openidm/managed/role/employee"
      
      Response Content:
      {"_id":"employee","_rev":"0","name":"role_employee","description":"Employee Role"}
      
      1. Create user
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "If-None-Match: *" --header "Content-Type: application/json" --data '{"id": "ricksutter", "userName": "dblue", "givenName": "rick", "sn": "sutter", "mail": "rick@example.com", "telephoneNumber": "6669876987", "password": "Th3Password", "description": "this is a description", "roles": [{"_ref": "managed/role/employee"}]}' --request PUT "http://localhost:8080/openidm/managed/user/dblue"
      
      Response Content:
      {"_id":"dblue","_rev":"1","id":"ricksutter","userName":"dblue","givenName":"rick","sn":"sutter","mail":"rick@example.com","telephoneNumber":"6669876987","description":"this is a description","accountStatus":"active","effectiveRoles":[{"_ref":"managed/role/employee"}],"effectiveAssignments":[{"name":"ldap","description":"assignment description","mapping":"managedUser_systemLdapAccounts","attributes":[{"name":"ou","value":["forgerock"],"assignmentOperation":"replaceTarget","unassignmentOperation":"removeFromTarget"}],"_id":"new_ou","_rev":"0"}]}
      
      1. Check if user is sync'd (by implicitSync)
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin"  --request GET "http://localhost:8080/openidm/system/ldap/account/?_queryFilter=dn+eq+%22uid%3Ddblue%2Cou%3DPeople%2Cdc%3Dexample%2Cdc%3Dcom%22"
      
      Response Content:
      {"result":[{"_id":"uid=dblue,ou=People,dc=example,dc=com","objectClass":["top","inetOrgPerson","organizationalPerson","person"],"uid":"dblue","ou":["forgerock"],"ldapGroups":[],"givenName":"rick","kbaInfo":[],"telephoneNumber":"6669876987","dn":"uid=dblue,ou=People,dc=example,dc=com","employeeType":null,"mail":"rick@example.com","sn":"sutter","disabled":null,"cn":"rick sutter","aliasList":[],"description":"this is a description"}],"resultCount":1,"pagedResultsCookie":null,"totalPagedResultsPolicy":"NONE","totalPagedResults":-1,"remainingPagedResults":-1}
      
      1. Patch assignment description
      	curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --data '[ { "operation": "replace", "field": "attributes/0/name", "value": "description" }, { "operation": "replace", "field": "attributes/0/value", "value": "this is newer description" } ]' --request PATCH "http://localhost:8080/openidm/managed/assignment/new_ou"
      
      Response Content:
      {"_id":"new_ou","_rev":"1","name":"ldap","description":"assignment description","mapping":"managedUser_systemLdapAccounts","attributes":[{"name":"description","value":"this is newer description","assignmentOperation":"replaceTarget","unassignmentOperation":"removeFromTarget"}]}
      
      1. User account should have updated description -> don't have until we run recon manually
      curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --data '[ { "operation": "replace", "field": "attributes/0/name", "value": "description" }, { "operation": "replace", "field": "attributes/0/value", "value": "this is newer description" } ]' --request PATCH "http://localhost:8080/openidm/managed/assignment/new_ou"
      
      Response Content:
      {"_id":"new_ou","_rev":"1","name":"ldap","description":"assignment description","mapping":"managedUser_systemLdapAccounts","attributes":[{"name":"description","value":"this is newer description","assignmentOperation":"replaceTarget","unassignmentOperation":"removeFromTarget"}]}
      

        Attachments

          Activity

            People

            • Assignee:
              brmiller Brendan Miller
              Reporter:
              michal.orlik@profiq.cz Michal Orlik
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: