Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5670

During connector synchronisation, we will unnecessarily synchronise two times user base

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Directory - LDAP
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Issue Summary

      By design, the connector will run 3 synchronizations to the User Directory. AbstractCacheRefresher.synchroniseAll will first synchronize users, then synchronize groups, and then synchronize memberships.

      If we look into RFC4519Directory.getMemberships method, it will search for usernames before returning membership iterator.

      Steps to Reproduce

      1. Make a connection to the LDAP directory.
      2. Set ldap.user.username as "uid".
      3. Synchronise userbase.

      Expected Results

      On the LDAP side, we will see only 3 synchronizations. Only one for users, one for groups, and one for memberships.

      Actual Results

      We will see 2 synchronizations of the whole userbase in the LDAP logs. Notice the attrs part in both requests:

      [2020-12-10T15:20:20.384+01:00] [OUD] [TRACE] [OUD-24641551] [PROTOCOL] [host: xxxxx] [nwaddr: x.x.x.x] [tid: 150] [userId: xxxx] [ecid: 0000NPD1Z8W6yG_pLO^Aye1VjtqU01xxF1,0:1] [category: REQ] [conn: 2098559] [op: 1] [msgID: 2] [base: ou=xxx,ou=xxx,o=xxx] [scope: sub] [filter: (&(objectclass=person)(!(organizationalStatus=something)))] [attrs: mail,givenName,uid,sn,cn] [controls: (oid=2.16.840.1.113730.3.4.2)] SEARCH
      
      [2020-12-10T15:20:32.008+01:00] [OUD] [TRACE] [OUD-24641551] [PROTOCOL] [host: xxxxx] [nwaddr: x.x.x.x] [tid: 192] [userId: xxxx] [ecid: 0000NPD1_y86yG_pLO^Aye1VjtqU01xxM8,0:1] [category: REQ] [conn: 2098575] [op: 1] [msgID: 2] [base: ou=xxx,ou=xxx,o=xxx] [scope: sub] [filter: (&(objectclass=person)(!(organizationalStatus=something)))] [attrs: uid] [controls: (oid=2.16.840.1.113730.3.4.2)] SEARCH
      

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

      Ask

      Remove unnecessary synchronization of users from the membership method.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            gpaunovic g
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: