-
Type:
Bug
-
Status: Closed
-
Resolution: No Longer Reproducible
-
Affects Version/s: 6.1.1 CE GA2
-
Fix Version/s: 6.2.0 CE M4
-
Component/s: Application Security > LDAP, Portal Services
-
Labels:
-
Environment:Tomcat 7.0.29, Embedded HSQL, ApacheDS 1.5.7, OpenDJ 2.5, 389 DS 6
Hi everybody!
I have noted some errors during exporting user's profiles to a directory. I have spent one week testing LR with different directory servers (ApacheDS, OpenDJ, Fedora 389server), but the issue repeated many times in all details with every directory server.
The LDAP connection has set properly and every option too. User's properties is mapped in a standard way:
Screen Name → displayName
Password → userPassword
Email Address → mail
Full Name → cn
First Name → givenName
Last Name → sn
there is nothing special at all.
When I for the first time, after switching on the LDAP export, change some user information, into a directory is successful created user's profile like this:
dn: displayName=nickname,dc=mydomain,dc=net
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: Myname Surname
sn: Surname
displayName: nickname
givenName: Myname
mail: mymail@mail.com
userPassword:: e06PTkV7bnVsbA==
After that, any attempts to change displayName cause unsynchronization: information in LR is changed, into a directory is not. (This behavior I observe in the last nightly build, 6.1 CE GA2 release throws exception [LDAP: error code 67 - Entry displayname=nickname,dc=mydomain,dc=net cannot be modified because the change to attribute displayName would have removed a value used in the RDN]). This issue is happen because we can't simply change a attribute contained into DN, we have to move a entry to a new RDN and set the deleteoldrdn=1 additionally.
But this is not over. Any attempts to change e-mail generate the exception [LDAP: error code 68 - The entry displayName=nickname,dc=mydomain,dc=net cannot be added because an entry with that name already exists]. LR tries to add already created user entry that is why we have this error.
A changing any other user's properties completes properly.