mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 29d05cf1 | patch | commit | show whitespace
copilot-swe-agent[bot]
3 days ago 2dc005ee50bb835a3c6130d3c1b757cf6ad63061 
Fix referential integrity plugin silently bypassing check-references for modify operations

Agent-Logs-Url: https://github.com/OpenIdentityPlatform/OpenDJ/sessions/294a922f-c00a-410a-bc78-529db303e337

Co-authored-by: vharseko <6818498+vharseko@users.noreply.github.com>
2 files modified
32 ■■■■ changed files
opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java 9 ●●●●● patch | view | raw | blame | history
opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java 23 ●●●●● patch | view | raw | blame | history 
 opendj-server-legacy/src/main/java/org/opends/server/plugins/ReferentialIntegrityPlugin.java


@@ -991,10 +991,9 @@


    }




    final List<Modification> mods = modifyOperation.getModifications();


    final Entry entry = modifyOperation.getModifiedEntry();




    /* Make sure the entry belongs to one of the configured naming contexts. */


    DN entryDN = entry.getName();


    DN entryDN = modifyOperation.getEntryDN();


    DN entryBaseDN = getEntryBaseDN(entryDN);


    if (entryBaseDN == null)


    {


@@ -1009,11 +1008,11 @@


      if (modType != ModificationType.ADD


          && modType != ModificationType.REPLACE)


      {


        break;


        continue;


      }




      Attribute modifiedAttribute = entry.getAttribute(mod.getAttribute().getAttributeDescription());


      if (modifiedAttribute != null)


      Attribute modifiedAttribute = mod.getAttribute();


      if (modifiedAttribute != null && !modifiedAttribute.isEmpty())


      {


        PluginResult.PreOperation result =


        isIntegrityMaintained(modifiedAttribute, entryDN, entryBaseDN);




 opendj-server-legacy/src/test/java/org/opends/server/plugins/ReferentialIntegrityPluginTestCase.java


@@ -1829,4 +1829,27 @@


      "member", "uid=user.1,ou=people,ou=dept,o=test");


    assertEquals(modOperation.getResultCode(), ResultCode.SUCCESS);


  }




  @Test


  public void testEnforceIntegrityModifyGroupAddMissingUniqueMember() throws Exception


  {


    replaceAttrEntry(configDN, "ds-cfg-enabled", "false");


    replaceAttrEntry(configDN, dsConfigPluginType,


                               "postoperationdelete",


                               "postoperationmodifydn",


                               "subordinatemodifydn",


                               "subordinatedelete",


                               "preoperationadd",


                               "preoperationmodify");


    addAttrEntry(configDN, dsConfigBaseDN, "dc=example,dc=com");


    replaceAttrEntry(configDN, dsConfigEnforceIntegrity, "true");


    replaceAttrEntry(configDN, dsConfigAttrType, "uniquemember");


    addAttrEntry(configDN, dsConfigAttrFiltMapping,


                           "uniquemember:(objectclass=person)");


    replaceAttrEntry(configDN, "ds-cfg-enabled", "true");




    ModifyOperation modOperation = addAttrEntry(DN.valueOf(ugroup),


      "uniquemember", "uid=user.100,ou=people,ou=dept,dc=example,dc=com");


    assertEquals(modOperation.getResultCode(), ResultCode.CONSTRAINT_VIOLATION);


  }


}