DB and LDAP in read-only: user attributes are saved only to DB but they are still read
from LDAP
------------------------------------------------------------------------------------------------
Key: GTNPORTAL-1926
URL:
https://issues.jboss.org/browse/GTNPORTAL-1926
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Identity integration
Affects Versions: 3.1.0-GA
Environment: - EPP 5.1.1.DEV01 with latest exo.portal.component.identity from
GateIn trunk
- Picketlink 1.3.0.Alpha03
- LDAP configured with read-only setup (picketlink-idm-ldap-acme-config.xml from
"example" folder used as configuration file)
Reporter: Marek Posolda
Assignee: Boleslaw Dawidowicz
Fix For: 3.2.0-GA
I have LDAP configured as read-only (Parameter "readOnly" with value
"true" is configured as option in configuration of "PortalRepository"
in picketlink configuration file picketlink-idm-ldap-acme-config.xml )
And then I am doing this in EPP UI:
1) Login as "mposolda" with password
2) Click to my name in right top corner
3) Change my first name and last name to "Marekkk Poosoldaaaa".
4) Click "Save" and I have message that attributes are changed successfully
5) Logout
6) Login again as mposolda
7) I am seeing that I am still "Marek Posolda"
Problem is that attributes are written to DB in method
FallbackIdentityStoreImpl.updateAttributes (which is correct) but then they are read from
LDAP in FallbackIdentityStoreImpl.getAttributes and DB attributes are simply ignored .
This is confusing for users, because they may have feeling that their attributes are
updated but they aren't)
I think that one of these two conditions should be met:
a) Show warning in step 4 that user can't change LDAP attributes (like FirstName,
Lastname or Email)
b) Don't show warning but in this case, attributes from DB should have preference over
attributes from LDAP.
It will be nice if this can be configurable and administrator can choose between option
(a) or (b)
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira