[OPENDJ-2196] OpenDJ does not return the isMemberOf attribute via REST Created: 02/Jul/15  Updated: 08/Nov/19  Resolved: 01/Oct/15

Status: Done
Project: OpenDJ
Component/s: core server
Affects Version/s: 3.0.0, 2.8.0, 2.6.3, 2.6.2, 2.6.1
Fix Version/s: 3.0.0

Type: Bug Priority: Minor
Reporter: Lee Trujillo Assignee: Matthew Swift
Resolution: Fixed Votes: 0
Labels: release-notes

Issue Links:
Depends
is required by OPENDJ-2277 Align doc with changes due to updated... Done
Duplicate
is duplicated by OPENDJ-2303 REST update with HTTP PUT no longer w... Done
Relates
Dev Assignee: Matthew Swift
Support Ticket IDs:

 Description   

OpenDJ version 2.6.1-3.0 is not returning group memberships via isMemberOf when accessed using the REST interface; 2.6.0 works.

Using a basic http-config.json configuration and users and groups, REST calls are not returning isMemberOf memberships. Setting suppress-internal-operations:false also shows the REST call "is" requesting isMemberOf.

dn: uid=user.0,ou=People,dc=forgerock,dc=com
cn: Aaccf Amar
uid: user.0
isMemberOf: cn=My Group,ou=Groups,dc=forgerock,dc=com

1. Basic REST call all attributes

curl http://opendj.forgerock.com:8080/users/user.0?\&_prettyPrint=true
{
"_rev" : "000000000c63b150",
"schemas" : [ "urn:scim:schemas:core:1.0" ],
"contactInformation" :

{ "telephoneNumber" : "+1 685 622 6202", "emailAddress" : "user.0@maildomain.net" }

,
"_id" : "user.0",
"name" :

{ "familyName" : "Amar", "givenName" : "Aaccf" }

,
"userName" : "user.0@maildomain.net",
"displayName" : "Aaccf Amar"
}

[01/Jul/2015:11:00:08 -0600] CONNECT conn=0 from=192.168.0.11:49803 to=192.168.0.11:8080 protocol=HTTP/1.1
[01/Jul/2015:11:00:08 -0600] SEARCH REQ conn=0 op=0 msgID=0 base="uid=user.0,ou=people,dc=forgerock,dc=com" scope=baseObject filter="(objectClass=*)" attrs="etag,manager,telephoneNumber,mail,uid,sn,givenName,cn,modifyTimestamp,createTimestamp,isMemberOf"
[01/Jul/2015:11:00:08 -0600] SEARCH RES conn=0 op=0 msgID=0 result=0 nentries=1 etime=10
[01/Jul/2015:11:00:08 -0600] DISCONNECT conn=0 reason="Client Unbind"

2. Groups REST call

curl 'http://opendj.forgerock.com:8080/users/user.0?_fields=displayName,groups&_prettyPrint=true'

{ "displayName" : "Aaccf Amar" }

[01/Jul/2015:11:00:08 -0600] CONNECT conn=1 from=192.168.0.11:49804 to=192.168.0.11:8080 protocol=HTTP/1.1
[01/Jul/2015:11:00:08 -0600] SEARCH REQ conn=1 op=0 msgID=0 base="uid=user.0,ou=people,dc=forgerock,dc=com" scope=baseObject filter="(objectClass=*)" attrs="cn,isMemberOf,uid,etag"
[01/Jul/2015:11:00:08 -0600] SEARCH RES conn=1 op=0 msgID=0 result=0 nentries=1 etime=2
[01/Jul/2015:11:00:08 -0600] DISCONNECT conn=1 reason="Client Unbind"

The behavior is correct in OpenDJ 2.6.0

1. Basic REST call all attributes

curl http://opendj.forgerock.com:8080/users/user.0?\&_prettyPrint=true
{
"_rev" : "0000000007c3b0f8",
"schemas" : [ "urn:scim:schemas:core:1.0" ],
"contactInformation" :

{ "telephoneNumber" : "+1 685 622 6202", "emailAddress" : "user.0@maildomain.net" }

,
"_id" : "user.0",
"name" :

{ "familyName" : "Amar", "givenName" : "Aaccf" }

,
"userName" : "user.0@maildomain.net",
"displayName" : "Aaccf Amar",
"groups" : [

{ "_id" : "My Group" }

]
}

2. Groups REST call

curl 'http://opendj.forgerock.com:8080/users/user.0?_fields=displayName,groups&_prettyPrint=true'
{
"displayName" : "Aaccf Amar",
"groups" : [

{ "_id" : "My Group" }

]

In the 2.6.2 case, the customer added an ACI to allow the isMemberOf return to be seen via REST.



 Comments   
Comment by Matthew Swift [ 29/Sep/15 ]

This regression was caused by the fix for OPENDJ-1097. We should probably allow read access to isMemberOf by default.

Comment by Matthew Swift [ 01/Oct/15 ]

Fixed: added isMemberOf attribute to the list of operational attributes which are accessible by default in the global ACI.

Comment by Ondrej Fuchsik [ 20/Jan/16 ]
Verified with
OpenDJ version Backend used Revision
3.0.0 JE 185acee3ba68d8da1782007eebacb3701dc996d6
Comment by Matthew Swift [ 07/Nov/19 ]

Moved to closed state because the fixVersion has already been released.

Generated at Tue Oct 27 05:38:52 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.