[keycloak-dev] A probable bug in read-only mode for LDAP Federation Provider
Marek Posolda
mposolda at redhat.com
Wed Nov 16 17:35:51 EST 2016
On 16/11/16 14:16, Bruno Oliveira wrote:
> Hi Marek,
>
> After rebase against master and go to "Users > Edit" I get:
>
> "Resource not found...
> We could not find the resource you are looking for. Please make sure the URL you entered is correct."
>
> I can be wrong, but I believe that if a role is associated to some user,
> admin should not be able to delete it.
>
> Or, if we would like to remove roles, even if they have users associated
> to this, user should be displayed without these roles.
+1
Currently when role is deleted, we update all the users and remove the
role mapping from them. If there is an exception for this scenario with
LDAP, it is likely a bug.
Btv. the "Resource not found..." is often shown in admin console when
you have stale browser cache. Couldn't that be the case?
Marek
>
> Does it make sense? I can file a jira if we agree on that.
>
>
> On 2016-11-15, Marek Posolda wrote:
>> Hey Bruno,
>>
>> it seems Bill pushed already some LDAP changes last night and migrated LDAP
>> FederationProvider to UserStorage SPI. Do you have an opportunity to retry
>> with latest master? If it can be still reproduced, then you can create JIRA
>> for 2.4.1 fix version. We already have bunch of LDAP related issues planned
>> for that version, so this can be possibly another one to address.
>>
>> Marek
>>
>> On 14/11/16 20:21, Bruno Oliveira wrote:
>>> Good morning, I believe I found a bug while playing with LDAP Federation
>>> provider. But before file any Jira, I would like to confirm.
>>>
>>> Steps to reproduce:
>>>
>>> 1. Just follow all the steps described here https://github.com/keycloak/keycloak/tree/master/examples/ldap
>>> 2. Change the federation provider to read-only mode
>>> 3. Synchronize all users
>>> 4. Delete all the roles associated with LDAP (For example: ldap-user,
>>> ldap-admin)
>>> 5. Now go to "Users" > "Edit"
>>> 6. Click on "Role Mappings"
>>>
>>> You might get an exception like this: https://gist.github.com/abstractj/19eb8e5f25fee3b469110246066ecd08
>>>
>>> Is this a bug?
>>>
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> --
>
> abstractj
> PGP: 0x84DC9914
More information about the keycloak-dev
mailing list