Azure AD -> OpenLDAP - group provisionig fails - "modifyGroup error: only supports modification of members"

[dmraj]

Hi Jarle,

We are trying to configure Azure AD to openldap provisioning of mail enabled groups.

But plugin-ldap seems to support only members attribute as per below logs.

Can we add attributes to be supported in group modification by tweaking any config?

FYI: It works good with default plugin-loki.

Thank you in advance.

2024-03-18T12:39:24.402 debug: scimgateway[plugin-ldap] [Modify Group] id=cn=abc,ou=groups2,dc=devsre,dc=dm,dc=com 2024-03-18T12:39:24.403 debug: scimgateway[plugin-ldap] convertedBody={"email":"ab@rajtst.onmicrosoft.com","emails":{"undefined":{"0":{"value":"ab"},"type":"undefined"}}} 2024-03-18T12:39:24.404 debug: scimgateway[plugin-ldap] calling "modifyGroup" and awaiting result 2024-03-18T12:39:24.404 debug: plugin-ldap[undefined] handling "modifyGroup" id=cn=abc,ou=groups2,dc=devsre,dc=dm,dc=com attrObj={"email":"ab@rajtst.onmicrosoft.com","emails":{"undefined":{"0":{"value":"ab"},"type":"undefined"}}} 2024-03-18T12:39:24.405 error: scimgateway[plugin-ldap] 16ms ::ffff:10.10.133.74 token PATCH http://ldaptest.dm.com/Groups/cn%253Dabc%252Cou%253Dgroups2%252Cdc%253Ddevsre%252Cdc%253Ddm%252Cdc%253Dcom Inbound = {"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"Add","path":"emails[type eq \"other\"].value","value":[{"value":"ab"}]},{"op":"Add","path":"email","value":"ab@rajtst.onmicrosoft.com"}]} Outbound = {"statusCode":500,"statusMessage":"Internal Server Error","body":{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"scimType":"invalidSyntax","detail":"scimgateway[plugin-ldap] modifyGroup error: only supports modification of members","status":500}}

[jelhub]

It's working as designed like error message tells. This is not about configuration. Might consider redesign in next release.

Jarle

[jelhub]

FYI, plugin-ldap modifyGroup now handling all attributes in v4.5.0

[dmraj]

Thanks Jarle , this works good