[gatein-issues] [JBoss JIRA] Created: (GTNPORTAL-1928) DB+LDAP: Only users from DB are shown in organization management if LDAP don't support sorting

DB+LDAP: Only users from DB are shown in organization management if LDAP don't support sorting ---------------------------------------------------------------------------------------------- Key: GTNPORTAL-1928 URL: https://issues.jboss.org/browse/GTNPORTAL-1928 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: Identity integration Affects Versions: 3.1.0-GA Environment: - EPP 5.1.1.DEV01 with latest exo.portal.component.identity and picketlink 1.3.0.Alpha03 - EPP configured with read-only LDAP server (corporate LDAP is used) Reporter: Marek Posolda Assignee: Boleslaw Dawidowicz Fix For: 3.2.0-GA I have EPP configured with RH corporate LDAP server in read-only mode (Configuration files are attached to JIRA GTNPORTAL-1925 ) And then doing this: - Login as john - Going to organization management page (I should see users from DB and LDAP but I am seeing only users from DB, which is not good) The cause is that RedHat corporate LDAP server is not supporting sortinng. And option "sortExtensionSupported" of LDAPIdentityStore is true by default. This is causing that searching in LDAP is failing with exception: javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Sort Response Control]; remaining name 'ou=users,dc=redhat,dc=com' And in FallbackIdentityStoreImpl.findIdentityObject(invocationCtx, identityType, criteria) we can see this piece of code: {code} try { IdentityStoreInvocationContext targetCtx = resolveInvocationContext(targetStore, invocationCtx); results.addAll(targetStore.findIdentityObject(targetCtx, identityType, c)); } catch (IdentityException e) { if (log.isLoggable(Level.FINER)) { log.log(Level.FINER, "Exception occurred: ", e); } } {code} which means that exception from LDAP is quitly ignored (because LogLevel FINER is not enabled by default) and so that users from LDAP are ignored and whole output of method FallbackIdentityStoreImpl.findIdentityObject are only users from DB. I think that exception should be logged with bigger level then FINER and maybe some more information in documentation should be provided about option "sortExtensionSupported" . AFAIK this option is not mentioned nowhere in documentation and it's not in standard example configuration files (picketlink-idm-ldap-acme.xml and others). I think it makes sense to mention this option more loud because sorting may not be supported by some LDAP server. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira