Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-4881

Can't create user in admin realm when user already exist in external (ldap, ad) realm

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Critical
    • 4.5.8
    • None
    • None
    • None

    Description

      MAGNOLIA-3134 disallow create users with same name in different realm. This cause problem when ldap use info.magnolia.jaas.sp.ldap.resolver.MagnoliaGroupResolver and roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver for resolving groups/roles.
      MagnoliaGroupResolver and MagnoliaRoleResolver don't resolve groups/roles from LDAP context, but from Magnolia. So if you use MgnlGroupResolver, then users need to exist in Magnolia (admin realm), but you do not need to set password or any user details for them. Problem introduced by MAGNOLIA-3134 is when user exist in external realm than we can't create same user in admin realm.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mdivilek Milan Divilek
                mdivilek Milan Divilek
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD