Affects Version/s: OpenIDM 4.5.0, OpenIDM 5.0.0, OpenIDM 5.5.0
When the compensate.js script re-generates users where a delete is attempted and fails to propagate to a target, any relationship is lost.
1. Start up OpenDJ with data from sample2b (sync-with-ldap-bidirectional)
2. Modify sample2b's managed.json to include compensate.js against the onSync hook and to return 'roles' by default (returnByDefault : true)
3. Start up OpenIDM with sample2b
4. Synchronise users from OpenDJ to OpenIDM
5. Create a role (testRole)
6. Assign the testRole to jdoe
7. Shutdown OpenDJ
8. Delete jdoe within OpenIDM
The delete fails when attempting to read the target system (OpenDJ) and the compensate script is triggered. The user object is then fully re-created with all attributes and relationships
The user object is re-created with only the attributes and relationships are lost.
If you capture the oldObject value used by the compensate script, the roles attribute will look similar to the following:
However when performing a PUT via REST using the whole oldObject to re-create the user manually, an error is returned which seems to be swallowed when using openidm.create:
However, the object is still created without this relationship in place.
The underlying problem here is that roles._refProperties._id references a relationship edge which is deleted the moment that the object is deleted within the UI. When re-creating the object, we have to re-create this edge rather than referring to the previous _id value. A simple method to achieve this manually is to remove both roles._refProperties._id and roles._refProperties._id from the create payload and the edge is re-created with a new _id value.