[gatein-issues] [JBoss JIRA] Created: (GTNPORTAL-1926) DB and LDAP in read-only: user attributes are saved only to DB but they are still read from LDAP

Marek Posolda (JIRA) jira-events at lists.jboss.org
Wed Jun 8 10:27:59 EDT 2011 

DB and LDAP in read-only: user attributes are saved only to DB but they are still read from LDAP
------------------------------------------------------------------------------------------------

                 Key: GTNPORTAL-1926
                 URL: https://issues.jboss.org/browse/GTNPORTAL-1926
             Project: GateIn Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Identity integration
    Affects Versions: 3.1.0-GA
         Environment: - EPP 5.1.1.DEV01 with latest exo.portal.component.identity from GateIn trunk
- Picketlink 1.3.0.Alpha03
- LDAP configured with read-only setup (picketlink-idm-ldap-acme-config.xml from "example" folder used as configuration file)
            Reporter: Marek Posolda
            Assignee: Boleslaw Dawidowicz
             Fix For: 3.2.0-GA


I have LDAP configured as read-only (Parameter "readOnly" with value "true" is configured as option in configuration of "PortalRepository" in picketlink configuration file picketlink-idm-ldap-acme-config.xml )

And then I am doing this in EPP UI:
1) Login as "mposolda" with password
2) Click to my name in right top corner
3) Change my first name and last name to "Marekkk Poosoldaaaa".
4) Click "Save" and I have message that attributes are changed successfully
5) Logout
6) Login again as mposolda
7) I am seeing that I am still "Marek Posolda"

Problem is that attributes are written to DB in method FallbackIdentityStoreImpl.updateAttributes (which is correct) but then they are read from LDAP in FallbackIdentityStoreImpl.getAttributes and DB attributes are simply ignored . This is confusing for users, because they may have feeling that their attributes are updated but they aren't)

I think that one of these two conditions should be met:
a) Show warning in step 4 that user can't change LDAP attributes (like FirstName, Lastname or Email)
b) Don't show warning but in this case, attributes from DB should have preference over attributes from LDAP.

It will be nice if this can be configurable and administrator can choose between option (a) or (b)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the gatein-issues mailing list