[keycloak-user] Errors while running LDAP integration test

Marek Posolda mposolda at redhat.com
Thu Jul 9 02:25:02 EDT 2015


Hi,

this is actually expected. I've added new test for fix syncing bugs with 
duplicated username or email. Test asserts that user is not synced from 
LDAP if there is already other user with same username or email in 
Keycloak database. And the test also asserts that just the syncing of 
"duplicated" user fails but other users are successfully synced (not 
whole sync transaction is broken as it was in 1.3.1 ).

As I can see in your log, it works as expected and the test is passing, 
is it correct?

Yesterday I've added some more fixes (now there is not 
ConstraintException thrown from DB but there is check for duplications 
triggered earlier from Keycloak). So I suggest to update to latest 
master and try it now. Please let me know if still seeing issues.

I will do a bit more testing and will add the LDAP example today, so 
there might be still some changes, but I hope that not much.

Thanks,
Marek


On 8.7.2015 18:26, Nair, Rajat wrote:
>
> Hi,
>
> During LDAP integration with Keycloak (v1.3.1), we get to see a 
> “/Unique index or primary key violation” /exception while trying to 
> login with an LDAP using on Keycloak’s account service site. I setup 
> latest Keycloak source (from Github) to debug this issue. During 
> build, I saw the same error when LDAP integration tests were running. 
> Here are the logs –
>
> /21:40:24,624 INFO  [org.keycloak.testsuite.KeycloakServer] Imported 
> realm test/
>
> /21:40:24,709 INFO 
> [org.keycloak.federation.ldap.LDAPIdentityStoreRegistry] Creating new 
> LDAP based partition manager for the Federation provider: test-ldap, 
> LDAP Configuration: {bindDn=uid=admin,ou=system, 
> userObjectClasses=null, baseDn=dc=keycloak,dc=org, 
> usersDn=ou=People,dc=keycloak,dc=org, vendor=other, 
> kerberosRealm=KEYCLOAK.ORG, syncRegistrations=false, 
> userAccountControlsAfterPasswordUpdate=false, debug=true, 
> connectionPooling=true, serverPrincipal=HTTP/localhost at KEYCLOAK.ORG, 
> usernameLDAPAttribute=null, allowKerberosAuthentication=false, 
> useKerberosForPasswordAuthentication=false, rdnLDAPAttribute=null, 
> keyTab=/home/USER/apps/keycloak/testsuite/integration/target/test-classes/kerberos/http.keytab, 
> batchSizeForSync=3, connectionUrl=ldap://localhost:10389, 
> allowPasswordAuthentication=true, editMode=WRITABLE, 
> updateProfileFirstLogin=true, pagination=true}/
>
> /21:40:25,790 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users from LDAP to local store: realm: test, federation provider: 
> test-ldap/
>
> /21:40:25,845 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users finished: 5 imported users, 0 updated users, 0 removed users/
>
> /21:40:26,862 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync 
> changed users from LDAP to local store: realm: test, federation 
> provider: test-ldap, last sync time: Wed Jul 08 21:40:25 IST 2015/
>
> /21:40:26,900 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync 
> changed users finished: 1 imported users, 1 updated users, 0 removed 
> users/
>
> /21:40:26,920 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users from LDAP to local store: realm: test, federation provider: 
> test-ldap/
>
> /21:40:26,962 WARN 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] User 
> 'user7' is not updated during sync as he already exists in Keycloak 
> database but is not linked to federation provider 'test-ldap'/
>
> /21:40:26,969 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users finished: 0 imported users, 6 updated users, 0 removed users, 1 
> users failed sync! See server log for more details/
>
> /21:40:26,981 INFO 
>  [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users from LDAP to local store: realm: test, federation provider: 
> test-ldap/
>
> /21:40:27,054 ERROR 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Failed 
> during import user from LDAP/
>
> /org.keycloak.models.ModelDuplicateException: 
> javax.persistence.PersistenceException: 
> org.hibernate.exception.ConstraintViolationException: Unique index or 
> primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON 
> PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 
> 'user7 at email.org', 21)"; SQL statement:/
>
> /update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, 
> EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, 
> FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? 
> [23505-187]/
>
> /         at 
> org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:40)/
>
> /         at 
> org.keycloak.connections.jpa.JpaKeycloakTransaction.commit(JpaKeycloakTransaction.java:30)/
>
> /         at 
> org.keycloak.services.DefaultKeycloakTransactionManager.commit(DefaultKeycloakTransactionManager.java:58)/
>
> /         at 
> org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:247)/
>
> /         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:286)/
>
> /         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:241)/
>
> /         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:200)/
>
> /         at 
> org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)/
>
> /         at 
> org.keycloak.testsuite.federation.SyncProvidersTest.test02duplicateUsernameSync(SyncProvidersTest.java:200)/
>
> /         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)/
>
> /         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)/
>
> /         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)/
>
> /         at java.lang.reflect.Method.invoke(Method.java:606)/
>
> /         at 
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)/
>
> /         at 
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)/
>
> /         at 
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)/
>
> /         at 
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)/
>
> /         at 
> org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)/
>
> /         at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)/
>
> /         at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)/
>
> /         at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)/
>
> /         at 
> org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)/
>
> /         at 
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)/
>
> /         at 
> org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)/
>
> /         at 
> org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)/
>
> /         at 
> org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)/
>
> /         at 
> org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)/
>
> /         at org.junit.rules.RunRules.evaluate(RunRules.java:20)/
>
> /         at org.junit.runners.ParentRunner.run(ParentRunner.java:363)/
>
> /         at 
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)/
>
> /         at 
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)/
>
> /         at 
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)/
>
> /         at 
> org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)/
>
> /         at 
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)/
>
> /         at 
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)/
>
> /Caused by: javax.persistence.PersistenceException: 
> org.hibernate.exception.ConstraintViolationException: Unique index or 
> primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON 
> PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 
> 'user7 at email.org', 21)"; SQL statement:/
>
> /update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, 
> EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, 
> FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? 
> [23505-187]/
>
> /         at 
> org.hibernate.ejb.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1361)/
>
> /         at 
> org.hibernate.ejb.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1289)/
>
> /         at 
> org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:78)/
>
> /         at 
> org.keycloak.connections.jpa.JpaKeycloakTransaction.commit(JpaKeycloakTransaction.java:28)/
>
> /         ... 33 more/
>
> /Caused by: org.hibernate.exception.ConstraintViolationException: 
> Unique index or primary key violation: 
> "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON PUBLIC.USER_ENTITY(REALM_ID, 
> EMAIL_CONSTRAINT) VALUES ('test', 'user7 at email.org', 21)"; SQL statement:/
>
> /update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, 
> EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, 
> FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? 
> [23505-187]/
>
> /         at 
> org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:128)/
>
> /         at 
> org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:47)/
>
> /         at 
> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)/
>
> /         at 
> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)/
>
> /         at 
> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:129)/
>
> /         at 
> org.hibernate.engine.jdbc.internal.proxy.AbstractProxyHandler.invoke(AbstractProxyHandler.java:81)/
>
> /         at com.sun.proxy.$Proxy54.executeUpdate(Unknown Source)/
>
> /         at 
> org.hibernate.engine.jdbc.batch.internal.NonBatchingBatch.addToBatch(NonBatchingBatch.java:56)/
>
> /         at 
> org.hibernate.persister.entity.AbstractEntityPersister.update(AbstractEntityPersister.java:3006)/
>
> /         at 
> org.hibernate.persister.entity.AbstractEntityPersister.updateOrInsert(AbstractEntityPersister.java:2908)/
>
> /         at 
> org.hibernate.persister.entity.AbstractEntityPersister.update(AbstractEntityPersister.java:3237)/
>
> /         at 
> org.hibernate.action.internal.EntityUpdateAction.execute(EntityUpdateAction.java:113)/
>
> /         at 
> org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:272)/
>
> /         at 
> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:264)/
>
> /         at 
> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:187)/
>
> /         at 
> org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:326)/
>
> /         at 
> org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:52)/
>
> /         at 
> org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1081)/
>
> /         at 
> org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:315)/
>
> /         at 
> org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101)/
>
> /         at 
> org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:175)/
>
> /         at 
> org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:73)/
>
> /         ... 34 more/
>
> /Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key 
> violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON 
> PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 
> 'user7 at email.org', 21)"; SQL statement:/
>
> /update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, 
> EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, 
> FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? 
> [23505-187]/
>
> /         at 
> org.h2.message.DbException.getJdbcSQLException(DbException.java:345)/
>
> /         at org.h2.message.DbException.get(DbException.java:179)/
>
> /         at org.h2.message.DbException.get(DbException.java:155)/
>
> /         at 
> org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:102)/
>
> /         at 
> org.h2.mvstore.db.MVSecondaryIndex.checkUnique(MVSecondaryIndex.java:233)/
>
> /         at 
> org.h2.mvstore.db.MVSecondaryIndex.add(MVSecondaryIndex.java:191)/
>
> /         at org.h2.mvstore.db.MVTable.addRow(MVTable.java:638)/
>
> /         at org.h2.table.Table.updateRows(Table.java:478)/
>
> /         at org.h2.command.dml.Update.update(Update.java:145)/
>
> /         at 
> org.h2.command.CommandContainer.update(CommandContainer.java:78)/
>
> /         at org.h2.command.Command.executeUpdate(Command.java:254)/
>
> /         at 
> org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:157)/
>
> /         at 
> org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:143)/
>
> /         at sun.reflect.GeneratedMethodAccessor261.invoke(Unknown 
> Source)/
>
> /         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)/
>
> /         at java.lang.reflect.Method.invoke(Method.java:606)/
>
> /         at 
> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:122)/
>
> /         ... 51 more/
>
> /21:40:27,103 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users finished: 1 imported users, 6 updated users, 0 removed users, 1 
> users failed sync! See server log for more details/
>
> /21:40:27,110 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users from LDAP to local store: realm: test, federation provider: 
> test-ldap/
>
> /21:40:27,167 INFO 
> [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all 
> users finished: 1 imported users, 6 updated users, 0 removed users/
>
> /21:40:28,175 INFO 
> [org.keycloak.testsuite.DummyUserFederationProviderFactory] 
> syncChangedUsers invoked/
>
> Is this a known issue?
>
> -- Rajat
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150709/2a8c694d/attachment-0001.html 


More information about the keycloak-user mailing list