[OPENAM-5082] DJLDAPv3Repo setAttributes may add unnecessary objectclasses to modifyRequest. Created: 21/Nov/14  Updated: 20/Nov/16  Resolved: 16/Apr/15

Status: Resolved
Project: OpenAM
Component/s: idrepo
Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 12.0.0
Fix Version/s: 10.0.3, 11.0.3, 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Jonathan Thomas Assignee: Jonathan Thomas
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 7h
Original Estimate: Not Specified

Sprint: Sprint 76 - Sustaining
Support Ticket IDs:


In DJLDAPv3Repo unnecessary objectclasses may be added to a modify request due to a being missed by a duplicate check.

A removeAll() call on a CaseInsensitiveHashSet will not correctly compare on a the contains call.

To Reproduce:

1) Create a user.
2) In users entry in DJ modify inetuser objectclass value - set to inetUser (capital u)
3 )Try to modify user password using rest e.g using admin user token

curl --request PUT --header "iplanetDirectoryPro: AQIC5wM....*" --header "Content-Type: application/json" --data '

{ "userpassword": "comeoncomeon" }

' http://openam-local.example.com:8080/openam/json/users/test

You should receive error and IdRepo log error

Comment by Jonathan Thomas [ 05/Feb/15 ]

The actual fix is to update the CaseInsenitiveHashSet.removeAll() method so it will always ensure the set it is going to remove is a CaseInsenitiveHashSet as well, then it will be able to match up elements correctly.

Comment by Jonathan Thomas [ 05/Feb/15 ]

Fixed in trunk r12365, 12.0.x r12366, 11.0.x r12367 and 10.0.x r12368

Comment by Sam Drew [ 16/Apr/15 ]

Reopening to set as fixed

Generated at Sat Oct 24 00:24:53 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.