diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java index c2de716df7d..79b0da9d806 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java @@ -76,11 +76,25 @@ public class LDAPMembershipPropagationActions implements PropagationActions { protected GroupDAO groupDAO; /** - * Allows easy subclassing for the ConnId AD connector bundle. + * Allows easy subclassing for different LDAP schemes. * - * @return the name of the attribute used to keep track of group memberships + * @return the name of the attribute used to keep track of group memberships on the __ACCOUNT__ object */ protected String getGroupMembershipAttrName() { + return "memberOf"; + } + + @Override + public Set moreAttrsToGet(final Optional taskInfo, final Provision provision) { + return Set.of(getGroupMembershipAttrName()); + } + + /** + * Attribute used inside the LDAP connector bundle to track group memberships + * + * @return the name of the attribute used to keep track of group memberships + */ + protected String getConnectorLdapGroupsAttrName() { return "ldapGroups"; } @@ -119,7 +133,7 @@ public void before(final PropagationTaskInfo taskInfo) { orElseThrow(() -> new NotFoundException("User " + taskInfo.getEntityKey())); Set groups = new HashSet<>(); - // for each user group assigned to the resource of this task, compute and add the group's + // for each user group assigned to the resource of this task, compute and add the group's // connector object link userDAO.findAllGroupKeys(user).stream(). map(groupDAO::findById).flatMap(Optional::stream). @@ -138,7 +152,7 @@ public void before(final PropagationTaskInfo taskInfo) { PropagationData data = taskInfo.getPropagationData(); // if groups were defined by resource mapping, take their values and clear up - Optional.ofNullable(AttributeUtil.find(getGroupMembershipAttrName(), data.getAttributes())). + Optional.ofNullable(AttributeUtil.find(getConnectorLdapGroupsAttrName(), data.getAttributes())). ifPresent(ldapGroups -> { Optional.ofNullable(ldapGroups.getValue()). ifPresent(value -> value.forEach(obj -> groups.add(obj.toString()))); @@ -148,24 +162,24 @@ public void before(final PropagationTaskInfo taskInfo) { LOG.debug("Group connObjectLinks after including the ones from mapping: {}", groups); // take groups already assigned from beforeObj and include them too + Set connObjectLinks = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + buildManagedGroupConnObjectLinks( + taskInfo.getResource(), + mapping.getConnObjectLink(), + connObjectLinks); + taskInfo.getBeforeObj(). map(beforeObj -> beforeObj.getAttributeByName(getGroupMembershipAttrName())). filter(Objects::nonNull). ifPresent(beforeLdapGroups -> { - Set connObjectLinks = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); - buildManagedGroupConnObjectLinks( - taskInfo.getResource(), - mapping.getConnObjectLink(), - connObjectLinks); - LOG.debug("Memberships not managed by Syncope: {}", beforeLdapGroups); beforeLdapGroups.getValue().stream(). filter(value -> !connObjectLinks.contains(String.valueOf(value))). forEach(value -> groups.add(String.valueOf(value))); }); - LOG.debug("Adding Group connObjectLinks to attributes: {}={}", getGroupMembershipAttrName(), groups); - data.getAttributes().add(AttributeBuilder.build(getGroupMembershipAttrName(), groups)); + LOG.debug("Adding Group connObjectLinks to attributes: {}={}", getConnectorLdapGroupsAttrName(), groups); + data.getAttributes().add(AttributeBuilder.build(getConnectorLdapGroupsAttrName(), groups)); if (data.getAttributeDeltas() != null && taskInfo.getUpdateRequest() != null) { Set groupsToAdd = new HashSet<>(); @@ -186,7 +200,7 @@ public void before(final PropagationTaskInfo taskInfo) { // if groups were already considered, take their values and clear up Optional.ofNullable( - AttributeDeltaUtil.find(getGroupMembershipAttrName(), data.getAttributeDeltas())). + AttributeDeltaUtil.find(getConnectorLdapGroupsAttrName(), data.getAttributeDeltas())). ifPresent(ldapGroups -> { Optional.ofNullable(ldapGroups.getValuesToAdd()). ifPresent(value -> value.forEach(obj -> groupsToAdd.add(obj.toString()))); @@ -198,9 +212,9 @@ public void before(final PropagationTaskInfo taskInfo) { if (!groupsToAdd.isEmpty() || !groupsToRemove.isEmpty()) { LOG.debug("Adding Group connObjectLinks to attribute deltas: {}={},{}", - getGroupMembershipAttrName(), groupsToAdd, groupsToRemove); + getConnectorLdapGroupsAttrName(), groupsToAdd, groupsToRemove); data.getAttributeDeltas().add( - AttributeDeltaBuilder.build(getGroupMembershipAttrName(), groupsToAdd, + AttributeDeltaBuilder.build(getConnectorLdapGroupsAttrName(), groupsToAdd, groupsToRemove)); } }