[keycloak-dev] A probable bug in read-only mode for LDAP Federation Provider

Bruno Oliveira bruno at abstractj.org
Thu Nov 17 08:43:25 EST 2016


Hi Marek, I believe that's not the case. I tried it again removing any
cache in my browser.

Anyways, I created this Jira, to not miss this:
https://issues.jboss.org/browse/KEYCLOAK-3923

On Wed, Nov 16, 2016 at 8:35 PM Marek Posolda <mposolda at redhat.com> wrote:

> On 16/11/16 14:16, Bruno Oliveira wrote:
> > Hi Marek,
> >
> > After rebase against master and go to "Users > Edit" I get:
> >
> > "Resource not found...
> > We could not find the resource you are looking for. Please make sure the
> URL you entered is correct."
> >
> > I can be wrong, but I believe that if a role is associated to some user,
> > admin should not be able to delete it.
> >
> > Or, if we would like to remove roles, even if they have users associated
> > to this, user should be displayed without these roles.
> +1
>
> Currently when role is deleted, we update all the users and remove the
> role mapping from them. If there is an exception for this scenario with
> LDAP, it is likely a bug.
>
> Btv. the "Resource not found..." is often shown in admin console when
> you have stale browser cache. Couldn't that be the case?
>
> Marek
>
> >
> > Does it make sense? I can file a jira if we agree on that.
> >
> >
> > On 2016-11-15, Marek Posolda wrote:
> >> Hey Bruno,
> >>
> >> it seems Bill pushed already some LDAP changes last night and migrated
> LDAP
> >> FederationProvider to UserStorage SPI. Do you have an opportunity to
> retry
> >> with latest master? If it can be still reproduced, then you can create
> JIRA
> >> for 2.4.1 fix version. We already have bunch of LDAP related issues
> planned
> >> for that version, so this can be possibly another one to address.
> >>
> >> Marek
> >>
> >> On 14/11/16 20:21, Bruno Oliveira wrote:
> >>> Good morning, I believe I found a bug while playing with LDAP
> Federation
> >>> provider. But before file any Jira, I would like to confirm.
> >>>
> >>> Steps to reproduce:
> >>>
> >>> 1. Just follow all the steps described here
> https://github.com/keycloak/keycloak/tree/master/examples/ldap
> >>> 2. Change the federation provider to read-only mode
> >>> 3. Synchronize all users
> >>> 4. Delete all the roles associated with LDAP (For example: ldap-user,
> >>> ldap-admin)
> >>> 5. Now go to "Users" > "Edit"
> >>> 6. Click on "Role Mappings"
> >>>
> >>> You might get an exception like this:
> https://gist.github.com/abstractj/19eb8e5f25fee3b469110246066ecd08
> >>>
> >>> Is this a bug?
> >>>
> >>>
> >>> --
> >>>
> >>> abstractj
> >>> PGP: 0x84DC9914
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
>
>
>


More information about the keycloak-dev mailing list