Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Describe the issue:
Non-uniqueID LDAP secondary Userstores with a non-uniqueID LDAP primary userstore configured, does not return the exact match with SCIM2 Filters if the secondary domain name is not specified in the search filter. The issue occurs as the domain appended to the claim in order to retrieve the userstoremanager is not removed at [1] for non-uniqueID method similar to that of uniqueID method [2]. As a result, the filter value is appended with the domain-appended claim [3] for non-uniqueID method in listing users.
Describe the issue: Non-uniqueID LDAP secondary Userstores with a non-uniqueID LDAP primary userstore configured, does not return the exact match with SCIM2 Filters if the secondary domain name is not specified in the search filter. The issue occurs as the domain appended to the claim in order to retrieve the userstoremanager is not removed at [1] for non-uniqueID method similar to that of uniqueID method [2]. As a result, the filter value is appended with the domain-appended claim [3] for non-uniqueID method in listing users.
[1] https://github.com/wso2/carbon-kernel/blob/v4.6.0/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java#L5977
[2] https://github.com/wso2/carbon-kernel/blob/v4.6.0/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java#L2746
[3] https://github.com/wso2/carbon-kernel/blob/v4.6.0/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java#L932
How to reproduce:
Configure a non-uniqueID LDAP userstore as the primary userstore.
Configure a non-uniqueID LDAP userstore as a secondary userstore.
Register users in each userstore.
Search a user residing in the secondary userstore domain with the SCIM2 Get Request as follows without specifying the domain ,
The following response is returned although the user exists,
Expected behavior: The user residing in the secondary userstore must be returned even though the domain is not specified in the search filter.
Environment information:
Userstore: LDAP