1:25 a.m.
Hi,
this is actually expected. I've added new test for fix syncing bugs with
duplicated username or email. Test asserts that user is not synced from
LDAP if there is already other user with same username or email in
Keycloak database. And the test also asserts that just the syncing of
"duplicated" user fails but other users are successfully synced (not
whole sync transaction is broken as it was in 1.3.1 ).
As I can see in your log, it works as expected and the test is passing,
is it correct?
Yesterday I've added some more fixes (now there is not
ConstraintException thrown from DB but there is check for duplications
triggered earlier from Keycloak). So I suggest to update to latest
master and try it now. Please let me know if still seeing issues.
I will do a bit more testing and will add the LDAP example today, so
there might be still some changes, but I hope that not much.
Thanks,
Marek
On 8.7.2015 18:26, Nair, Rajat wrote:
Hi,
During LDAP integration with Keycloak (v1.3.1), we get to see a
“/Unique index or primary key violation” /exception while trying to
login with an LDAP using on Keycloak’s account service site. I setup
latest Keycloak source (from Github) to debug this issue. During
build, I saw the same error when LDAP integration tests were running.
Here are the logs –
/21:40:24,624 INFO [org.keycloak.testsuite.KeycloakServer] Imported
realm test/
/21:40:24,709 INFO
[org.keycloak.federation.ldap.LDAPIdentityStoreRegistry] Creating new
LDAP based partition manager for the Federation provider: test-ldap,
LDAP Configuration: {bindDn=uid=admin,ou=system,
userObjectClasses=null, baseDn=dc=keycloak,dc=org,
usersDn=ou=People,dc=keycloak,dc=org, vendor=other,
kerberosRealm=KEYCLOAK.ORG, syncRegistrations=false,
userAccountControlsAfterPasswordUpdate=false, debug=true,
connectionPooling=true, serverPrincipal=HTTP/localhost(a)KEYCLOAK.ORG,
usernameLDAPAttribute=null, allowKerberosAuthentication=false,
useKerberosForPasswordAuthentication=false, rdnLDAPAttribute=null,
keyTab=/home/USER/apps/keycloak/testsuite/integration/target/test-classes/kerberos/http.keytab,
batchSizeForSync=3, connectionUrl=ldap://localhost:10389,
allowPasswordAuthentication=true, editMode=WRITABLE,
updateProfileFirstLogin=true, pagination=true}/
/21:40:25,790 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users from LDAP to local store: realm: test, federation provider:
test-ldap/
/21:40:25,845 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users finished: 5 imported users, 0 updated users, 0 removed users/
/21:40:26,862 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync
changed users from LDAP to local store: realm: test, federation
provider: test-ldap, last sync time: Wed Jul 08 21:40:25 IST 2015/
/21:40:26,900 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync
changed users finished: 1 imported users, 1 updated users, 0 removed
users/
/21:40:26,920 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users from LDAP to local store: realm: test, federation provider:
test-ldap/
/21:40:26,962 WARN
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] User
'user7' is not updated during sync as he already exists in Keycloak
database but is not linked to federation provider 'test-ldap'/
/21:40:26,969 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users finished: 0 imported users, 6 updated users, 0 removed users, 1
users failed sync! See server log for more details/
/21:40:26,981 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users from LDAP to local store: realm: test, federation provider:
test-ldap/
/21:40:27,054 ERROR
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Failed
during import user from LDAP/
/org.keycloak.models.ModelDuplicateException:
javax.persistence.PersistenceException:
org.hibernate.exception.ConstraintViolationException: Unique index or
primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON
PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test',
'user7(a)email.org', 21)"; SQL statement:/
/update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?,
EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?,
FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=?
[23505-187]/
/ at
org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:40)/
/ at
org.keycloak.connections.jpa.JpaKeycloakTransaction.commit(JpaKeycloakTransaction.java:30)/
/ at
org.keycloak.services.DefaultKeycloakTransactionManager.commit(DefaultKeycloakTransactionManager.java:58)/
/ at
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:247)/
/ at
org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:286)/
/ at
org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:241)/
/ at
org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:200)/
/ at
org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)/
/ at
org.keycloak.testsuite.federation.SyncProvidersTest.test02duplicateUsernameSync(SyncProvidersTest.java:200)/
/ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)/
/ at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)/
/ at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)/
/ at java.lang.reflect.Method.invoke(Method.java:606)/
/ at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)/
/ at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)/
/ at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)/
/ at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)/
/ at
org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)/
/ at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)/
/ at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)/
/ at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)/
/ at
org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)/
/ at
org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)/
/ at
org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)/
/ at
org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)/
/ at
org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)/
/ at
org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)/
/ at org.junit.rules.RunRules.evaluate(RunRules.java:20)/
/ at org.junit.runners.ParentRunner.run(ParentRunner.java:363)/
/ at
org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)/
/ at
org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)/
/ at
org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)/
/ at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)/
/ at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)/
/ at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)/
/Caused by: javax.persistence.PersistenceException:
org.hibernate.exception.ConstraintViolationException: Unique index or
primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON
PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test',
'user7(a)email.org', 21)"; SQL statement:/
/update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?,
EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?,
FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=?
[23505-187]/
/ at
org.hibernate.ejb.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1361)/
/ at
org.hibernate.ejb.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1289)/
/ at
org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:78)/
/ at
org.keycloak.connections.jpa.JpaKeycloakTransaction.commit(JpaKeycloakTransaction.java:28)/
/ ... 33 more/
/Caused by: org.hibernate.exception.ConstraintViolationException:
Unique index or primary key violation:
"UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON PUBLIC.USER_ENTITY(REALM_ID,
EMAIL_CONSTRAINT) VALUES ('test', 'user7(a)email.org', 21)"; SQL
statement:/
/update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?,
EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?,
FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=?
[23505-187]/
/ at
org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:128)/
/ at
org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:47)/
/ at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)/
/ at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)/
/ at
org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:129)/
/ at
org.hibernate.engine.jdbc.internal.proxy.AbstractProxyHandler.invoke(AbstractProxyHandler.java:81)/
/ at com.sun.proxy.$Proxy54.executeUpdate(Unknown Source)/
/ at
org.hibernate.engine.jdbc.batch.internal.NonBatchingBatch.addToBatch(NonBatchingBatch.java:56)/
/ at
org.hibernate.persister.entity.AbstractEntityPersister.update(AbstractEntityPersister.java:3006)/
/ at
org.hibernate.persister.entity.AbstractEntityPersister.updateOrInsert(AbstractEntityPersister.java:2908)/
/ at
org.hibernate.persister.entity.AbstractEntityPersister.update(AbstractEntityPersister.java:3237)/
/ at
org.hibernate.action.internal.EntityUpdateAction.execute(EntityUpdateAction.java:113)/
/ at
org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:272)/
/ at
org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:264)/
/ at
org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:187)/
/ at
org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:326)/
/ at
org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:52)/
/ at
org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1081)/
/ at
org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:315)/
/ at
org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101)/
/ at
org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:175)/
/ at
org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:73)/
/ ... 34 more/
/Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key
violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON
PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test',
'user7(a)email.org', 21)"; SQL statement:/
/update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?,
EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?,
FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=?
[23505-187]/
/ at
org.h2.message.DbException.getJdbcSQLException(DbException.java:345)/
/ at org.h2.message.DbException.get(DbException.java:179)/
/ at org.h2.message.DbException.get(DbException.java:155)/
/ at
org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:102)/
/ at
org.h2.mvstore.db.MVSecondaryIndex.checkUnique(MVSecondaryIndex.java:233)/
/ at
org.h2.mvstore.db.MVSecondaryIndex.add(MVSecondaryIndex.java:191)/
/ at org.h2.mvstore.db.MVTable.addRow(MVTable.java:638)/
/ at org.h2.table.Table.updateRows(Table.java:478)/
/ at org.h2.command.dml.Update.update(Update.java:145)/
/ at
org.h2.command.CommandContainer.update(CommandContainer.java:78)/
/ at org.h2.command.Command.executeUpdate(Command.java:254)/
/ at
org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:157)/
/ at
org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:143)/
/ at sun.reflect.GeneratedMethodAccessor261.invoke(Unknown
Source)/
/ at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)/
/ at java.lang.reflect.Method.invoke(Method.java:606)/
/ at
org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:122)/
/ ... 51 more/
/21:40:27,103 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users finished: 1 imported users, 6 updated users, 0 removed users, 1
users failed sync! See server log for more details/
/21:40:27,110 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users from LDAP to local store: realm: test, federation provider:
test-ldap/
/21:40:27,167 INFO
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all
users finished: 1 imported users, 6 updated users, 0 removed users/
/21:40:28,175 INFO
[org.keycloak.testsuite.DummyUserFederationProviderFactory]
syncChangedUsers invoked/
Is this a known issue?
-- Rajat
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user