brettaufheber
commented
1 year ago It has to be found out which entities are allowed to have this attribute.
Open brettaufheber opened 2 years ago
brettaufheber
commented
1 year ago It has to be found out which entities are allowed to have this attribute.
brettaufheber
commented
1 year ago brettaufheber
commented
1 year ago If the attribute is not supported by default, a change to the ldif schema must be made.
See files "src/main/resources/de/aservo/ldap/adapter/*.ldif"
peterhoepfl
commented
1 year ago It is not simple to add an UUID attribute to the users in the ldap adapter, because the attribute must be immutable. The ldap adapter works as cache, on every full sync it drops all groups and users and reads them again from crowd. But the UUID must be the same again after re-reading an group or user element from crowd.
There are two possible solutions:
Either we could implement a crowd plugin that adds an uuid attribute to every group and user in crowd upon creation. This solution would be best from an architectural view because crowd as leading system would hold the UUID. The implementation in the ldap crowd adapter itself would be simple, just one more attribute to read.
The other solution would be to implement an "UUID store" in the ldap crowd adapter. Everytime an object is read from crowd it would look up the UUID in a database table that holds objectidentifier (group or username) + UUID. If no entry exists an UUID would be generated and also saved in that table. That way the UUID would be stable also after deletion + rereading from crowd as long as that table is not deleted.
And just for correctness: The method java.util.UUID.fromString(string); mentioned above requires a special UUID string representation as parameter, a username would NOT work...
The entryUUID attribute is currently not supported. But this operational attribute can be added easily.