New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ldap-group-mapper fails when empty member: attribute is present #25883
Comments
I can confirm this behaviour in 23.0.3 and it might be an issue to me as well, right now all my openLDAP Groups have an empty member to ensure every (real) member can be removed without errors. Edit: Only the Mapping modes READ_ONLY and LDAP_ONLY are faulty with empty members. IMPORT does not throw errors. I have configured the LDAP provider as read only. |
…found within a group Closes keycloak#25883 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
I confirm the bug - it was introduced by 7336ff0 I'm sending a PR with a fix - essentially changing the check order in MembershipType so that |
…found within a group Closes #25883 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
…found within a group Closes keycloak#25883 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> (cherry picked from commit d3ae075)
…found within a group Closes keycloak#25883 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Before reporting an issue
Area
ldap
Describe the bug
This error occurs:
when a empty member: attribute exists in the LDAP-group like this:
such a member may be automatically created by various tools for empty groups. It should not cause the whole import for ALL groups to fail (or the entire sync).
Version
23.0.3
Expected behavior
a) Nothing happens, an empty member is ignored (my opinion)
b) At least just skip the group and import the rest
Actual behavior
Whole sync/group import crashes with "unknown_error" in web-interface and the above error in the log.
How to Reproduce?
Create an empty group with via ldapmodify or something and see how this create an empty member: entry which is not removed once a member is added and cause the LDAP provide to crash during sync with the above error.
Anything else?
This Bug started to occur somewhere between 20.0.3 and 22.0.2. It definitely worked on 20.0.3.
The text was updated successfully, but these errors were encountered: