Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid logging invalidLdapEntityReturned error when entity has insufficient authorizations #4293

Open
1 task
yanavasileva opened this issue Apr 18, 2024 · 0 comments
Open
1 task

Avoid logging invalidLdapEntityReturned error when entity has insufficient authorizations #4293

yanavasileva opened this issue Apr 18, 2024 · 0 comments
Labels
potential:7.21.4 scope:ldap DRI: Tobias type:bug Issues that describe a user-facing bug in the project. version:7.22.0

Comments

@yanavasileva
Copy link
Member

yanavasileva commented Apr 18, 2024
edited

Environment (Required on creation)

Camunda 7.20+ & LDAP plugin

Description (Required on creation; please attach any relevant screenshots, stacktraces, log files, etc. to the ticket)

LDAP error are logged on loading WebApps welcome page with misleading text LDAP group query returned a group with id null as the group is returned correctly but doesn't have Camunda authorizations instead.

Steps to reproduce (Required on creation)

  • Connect Camunda to LDAP via camunda-identity-ldap
  • Login and open welcome page with a user with the following properties:
    • User is member of a LDAP group contained in the Camunda LDAP group search base
    • User does not have an authorization entry for the resource Group in Camunda

Observed Behavior (Required on creation)

The following error is logged for each of the user’s groups:

org.camunda.bpm.identity.impl.ldap LDAP-00004 LDAP group query returned a group with id null. This group will be ignored. This indicates a misconfiguration of the LDAP plugin or a problem with the LDAP service. Enable DEBUG/FINE logging for details.

Expected behavior (Required on creation)

No error is logged

Root Cause (Required on prioritization)

invalidLdapEntityReturned error (link) is thrown when a group is not authorized (link and link) even though the LDAP group query returns correct the groups.
The same misleading error can be thrown for a user entity too.

Solution Ideas

  1. Thrown a different error when entity (user/group) is not authorized.
  2. Avoid throwing any error when entity is not authorized (behaviour prior 7.20).

Hints

Links

Breakdown

Pull Requests
Beta Give feedback
No tasks being tracked yet.

Dev2QA handover

  • Does this ticket need a QA test and the testing goals are not clear from the description? Add a Dev2QA handover comment
@yanavasileva yanavasileva added type:bug Issues that describe a user-facing bug in the project. scope:ldap DRI: Tobias labels Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
potential:7.21.4 scope:ldap DRI: Tobias type:bug Issues that describe a user-facing bug in the project. version:7.22.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tasso94 @yanavasileva