Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group search return null with groupofname filter #94

Open
JaiseT opened this issue Oct 1, 2020 · 2 comments
Open

Group search return null with groupofname filter #94

JaiseT opened this issue Oct 1, 2020 · 2 comments

Comments

@JaiseT
Copy link

JaiseT commented Oct 1, 2020
edited

myvd_log.txt
I am using MyVD 1.0.6 to integrate our user role database with Oracle Fusion Middleware. Search with uid is working fine.

Filter with assigned counts is (&(&(objectclass=person)(uid=*))(uid=myuser))

However there is no success yet with group query ( query to check if a user belongs to a group).
Query filter : (&(&(cn=*)(objectclass=groupofnames))(cn=MY_GROUP))

User myuser is part of MY_GROUP in our role database. Generated SQL queries for users and group returns records as expected. Anything going terribly wrong with my myvd.conf attached?

myvd.txt
@mlbiam
Copy link
Contributor

mlbiam commented Oct 5, 2020

Looking in the logs i see:

2020-10-01 02:09:06,578][pool-6-thread-7] DEBUG JdbcInsert - Search SQL : "SELECT * FROM (select 'myad' as dc,userid,groupid,use
rid as displayName,guid FROM OVD_AUTHORIZATIONS_IDS_VIEW) X WHERE userid IN (SELECT userid  FROM OVD_AUTHORIZATIONS_IDS_VIEW WHERE
 (  (  (  (  (  ( groupid IS NOT NULL  )  AND  (  1=1  )  )  )  AND  ( groupid=? )  )  )  AND  ( dc=? )  ) ) ORDER BY userid"
[2020-10-01 02:09:06,578][pool-6-thread-7] DEBUG JdbcInsert - Adding new parameter '1'='My_GROUP
[2020-10-01 02:09:06,579][pool-6-thread-7] DEBUG JdbcInsert - Adding new parameter '2'='myad
[2020-10-01 02:09:06,579][pool-6-thread-7] DEBUG JdbcInsert - Execute query '

Does

SELECT * FROM (select 'myad' as dc,userid,groupid,use
rid as displayName,guid FROM OVD_AUTHORIZATIONS_IDS_VIEW) X WHERE userid IN (SELECT userid  FROM OVD_AUTHORIZATIONS_IDS_VIEW WHERE
 (  (  (  (  (  ( groupid IS NOT NULL  )  AND  (  1=1  )  )  )  AND  ( groupid='My_GROUP' )  )  )  AND  ( dc='myad' )  ) ) ORDER BY userid

return the expected data?

@JaiseT
Copy link
Author

JaiseT commented Oct 5, 2020
edited

@mlbiam thanks very much for your support. The above query was returning records. But the query was returning too many records ( > 65k) because of issues with the database view it was querying against. I have corrected it. The manager mapping was also causing issues. Previously I had manager mapped to groupid. We don't have a manager attribute in our role database. Hence I have mapped it to userid itself for now.

server.GroupProfile.GroupInstance.config.mapping=cn=groupid,uid=userid,member=userid,uniquemember=userid,displayName=displayName,entryuuid=guid,dc=dc,manager=userid

With the above changes, I am seeing groups being fetched from MyVD with my test java class. Oracle is still throwing errors because some internal users are not configured in MyVD. Hopefully adding those users in the role database should resolve this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlbiam @JaiseT