[MAGNOLIA-4881] Can't create user in admin realm when user already exist in external (ldap, ad) realm Created: 25/Feb/13  Updated: 09/May/13  Resolved: 05/Mar/13

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 4.5.8

Type: Improvement Priority: Critical
Reporter: Milan Divilek Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
caused by MAGNOLIA-3134 User with same User Name can be created Closed
relation
is related to MAGNOLIA-4767 Merge HierarchicalUsersTreeHandler wi... Closed
is related to DOCU-418 New property allowCrossRealmDuplicate... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)

 Description   

MAGNOLIA-3134 disallow create users with same name in different realm. This cause problem when ldap use info.magnolia.jaas.sp.ldap.resolver.MagnoliaGroupResolver and roleResolverClass=info.magnolia.jaas.sp.ldap.resolver.MagnoliaRoleResolver for resolving groups/roles.
MagnoliaGroupResolver and MagnoliaRoleResolver don't resolve groups/roles from LDAP context, but from Magnolia. So if you use MgnlGroupResolver, then users need to exist in Magnolia (admin realm), but you do not need to set password or any user details for them. Problem introduced by MAGNOLIA-3134 is when user exist in external realm than we can't create same user in admin realm.


Generated at Mon Feb 12 03:59:55 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.