From 70eb30ab066b888ce74bc097557100871a1c2931 Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Thu, 3 Nov 2022 18:19:44 +0100 Subject: [PATCH 1/2] Attempt to reproduce problem with long telephoneNumber on AD. Cannot completely reproduce. --- .../testing/conntest/ad/AdTestMixin.java | 1 + .../AbstractAdLdapMultidomainTest.java | 76 +++++++++++++++++++ .../ad-ldap-multidomain/resource-ad2019.xml | 9 +++ 3 files changed, 86 insertions(+) diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AdTestMixin.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AdTestMixin.java index 68b8ea45476..6ac924f171e 100644 --- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AdTestMixin.java +++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/AdTestMixin.java @@ -38,6 +38,7 @@ public interface AdTestMixin extends InfraTestMixin { String ATTRIBUTE_UNICODE_PWD_NAME = "unicodePwd"; String ATTRIBUTE_MS_EXCH_HIDE_FROM_ADDRESS_LISTS_NAME = "msExchHideFromAddressLists"; String ATTRIBUTE_TITLE_NAME = "title"; + String ATTRIBUTE_TELEPHONE_NUMBER = "telephoneNumber"; String ATTRIBUTE_PROXY_ADDRESSES_NAME = "proxyAddresses"; String ATTRIBUTE_USER_PARAMETERS_NAME = "userParameters"; String ATTRIBUTE_MEMBER_NAME = "member"; diff --git a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java index f5352621a67..7dbc4432b3a 100644 --- a/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java +++ b/testing/conntest/src/test/java/com/evolveum/midpoint/testing/conntest/ad/multidomain/AbstractAdLdapMultidomainTest.java @@ -1016,6 +1016,82 @@ public void test216ModifyAccountBarbossaUserParameters() throws Exception { // assertLdapConnectorInstances(2); } + @Test + public void test218ModifyAccountBarbossaTelephoneNumberGood() throws Exception { + // GIVEN + Task task = getTestTask(); + OperationResult result = task.getResult(); + + ObjectDelta delta = prismContext.deltaFactory().object() + .createEmptyModifyDelta(ShadowType.class, accountBarbossaOid); + QName attrQName = new QName(MidPointConstants.NS_RI, ATTRIBUTE_TELEPHONE_NUMBER); + ResourceAttributeDefinition attrDef = accountDefinition.findAttributeDefinition(attrQName); + PropertyDelta attrDelta = prismContext.deltaFactory().property().createModificationReplaceProperty( + ItemPath.create(ShadowType.F_ATTRIBUTES, attrQName), attrDef, "+421901123456"); + delta.addModification(attrDelta); + + // WHEN + when(); + executeChanges(delta, null, task, result); + + // THEN + then(); + assertSuccess(result); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + assertAttribute(entry, ATTRIBUTE_TELEPHONE_NUMBER, "+421901123456"); + assertAttribute(entry, ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME, "512"); + assertAttribute(entry, ATTRIBUTE_OBJECT_CATEGORY_NAME, getObjectCategoryPerson()); + assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, USER_BARBOSSA_PASSWORD); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + +// assertLdapConnectorReasonableInstances(); + } + + /** + * We are trying to set a telephone number that is too long (more than 64 chars). + * AD will not accept that. + * Make sure the operation fails in a graceful way (e.g. no endless retry loops). + */ + @Test + public void test219ModifyAccountBarbossaTelephoneNumberLong() throws Exception { + // GIVEN + Task task = getTestTask(); + OperationResult result = task.getResult(); + + ObjectDelta delta = prismContext.deltaFactory().object() + .createEmptyModifyDelta(ShadowType.class, accountBarbossaOid); + QName attrQName = new QName(MidPointConstants.NS_RI, ATTRIBUTE_TELEPHONE_NUMBER); + ResourceAttributeDefinition attrDef = accountDefinition.findAttributeDefinition(attrQName); + PropertyDelta attrDelta = prismContext.deltaFactory().property().createModificationReplaceProperty( + ItemPath.create(ShadowType.F_ATTRIBUTES, attrQName), attrDef, "+4219011234567890123456789012345678901234567890123456789012345678901234567890"); + delta.addModification(attrDelta); + + // WHEN + when(); + executeChanges(delta, null, task, result); + + // THEN + then(); + assertPartialError(result); + + Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME); + // We expect unchanged telephone number here + assertAttribute(entry, ATTRIBUTE_TELEPHONE_NUMBER, "+421901123456"); + assertAttribute(entry, ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME, "512"); + assertAttribute(entry, ATTRIBUTE_OBJECT_CATEGORY_NAME, getObjectCategoryPerson()); + assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME, USER_BARBOSSA_PASSWORD); + + PrismObject user = getUser(USER_BARBOSSA_OID); + String shadowOid = getSingleLinkOid(user); + assertEquals("Shadows have moved", accountBarbossaOid, shadowOid); + +// assertLdapConnectorReasonableInstances(); + } + @Test public void test220ModifyUserBarbossaPasswordSelfServicePassword1() throws Exception { testModifyUserBarbossaPasswordSelfServiceSuccess( diff --git a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-ad2019.xml b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-ad2019.xml index e8187c87e02..3f70aa68f33 100644 --- a/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-ad2019.xml +++ b/testing/conntest/src/test/resources/ad-ldap-multidomain/resource-ad2019.xml @@ -197,6 +197,15 @@ + + ri:telephoneNumber + + + telephoneNumber + + + + ri:userPrincipalName From 60bafdc5e741a921cda8872f3347a3e4c5cdde69 Mon Sep 17 00:00:00 2001 From: Richard Richter Date: Thu, 3 Nov 2022 19:09:15 +0100 Subject: [PATCH 2/2] fixed invalidation of resources in cache after super resource change --- .../midpoint/provisioning/impl/resources/ResourceCache.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resources/ResourceCache.java b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resources/ResourceCache.java index 2cf366af5cb..05c52a46cb1 100644 --- a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resources/ResourceCache.java +++ b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resources/ResourceCache.java @@ -34,6 +34,7 @@ import java.util.Collections; import java.util.Map; import java.util.Set; +import java.util.HashSet; import java.util.concurrent.ConcurrentHashMap; import static com.evolveum.midpoint.util.MiscUtil.schemaCheck; @@ -224,7 +225,7 @@ public synchronized void invalidate(Class type, String oid, CacheInvalidation /** Invalidates single (concrete) resource and all its descendants. */ synchronized void invalidateSingle(@NotNull String oid) { - Set descendants = dependencyMap.get(oid); + Set descendants = new HashSet<>(dependencyMap.get(oid)); LOGGER.trace("Invalidating {} and all its descendants: {}", oid, descendants); invalidateSingleShallow(oid);