[
https://issues.apache.org/jira/browse/OAK-2705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14389449#comment-14389449
]
Tobias Bocanegra commented on OAK-2705:
---------------------------------------
not quite. the rep:externalId is a combination of IDP and the domain specific
id. in the ldap case, the id part is the DN.
So I think all that is needed is to specify some default behaviour if the
authorizables have no external ID. maybe based on path patterns.
the proper way is probably to extend the logic, so that an IDP can be the
default IDP for missing external IDs. so for example, the LDAP IDP would then
be asked if the given authorizable's principal name is a valid DN.
> DefaultSyncHandler should use the principalName as a fallback when no
> externalId is available
> ---------------------------------------------------------------------------------------------
>
> Key: OAK-2705
> URL: https://issues.apache.org/jira/browse/OAK-2705
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: oak-auth-external, upgrade
> Reporter: Manfred Baedke
>
> After a crx2oak repository migration, user nodes lack the property
> rep:externalId, which is needed for the DefaultSyncHandler to work properly.
> In the majority of cases (when there is only one ExternalIdentityProvider)
> using the principalName instead would work fine, so we should implement this
> as a fallback when rep:externalId is missing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
