[jira] [Commented] (OAK-2705) DefaultSyncHandler should use the principalName as a fallback when no externalId is available
[ https://issues.apache.org/jira/browse/OAK-2705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14483487#comment-14483487 ] Tobias Bocanegra commented on OAK-2705: --- you wrote in the description: user nodes lack the property rep:externalId ... using the principalName instead would work fine. which is not 100% correct. as the externalId also contains the name of the IDP. DefaultSyncHandler should use the principalName as a fallback when no externalId is available - Key: OAK-2705 URL: https://issues.apache.org/jira/browse/OAK-2705 Project: Jackrabbit Oak Issue Type: Improvement Components: oak-auth-external, upgrade Reporter: Manfred Baedke After a crx2oak repository migration, user nodes lack the property rep:externalId, which is needed for the DefaultSyncHandler to work properly. In the majority of cases (when there is only one ExternalIdentityProvider) using the principalName instead would work fine, so we should implement this as a fallback when rep:externalId is missing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-2705) DefaultSyncHandler should use the principalName as a fallback when no externalId is available
[ https://issues.apache.org/jira/browse/OAK-2705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14389286#comment-14389286 ] Manfred Baedke commented on OAK-2705: - Yes. In the LDAP case, that would just be the DN, wouldn't it? DefaultSyncHandler should use the principalName as a fallback when no externalId is available - Key: OAK-2705 URL: https://issues.apache.org/jira/browse/OAK-2705 Project: Jackrabbit Oak Issue Type: Improvement Components: oak-auth-external, upgrade Reporter: Manfred Baedke After a crx2oak repository migration, user nodes lack the property rep:externalId, which is needed for the DefaultSyncHandler to work properly. In the majority of cases (when there is only one ExternalIdentityProvider) using the principalName instead would work fine, so we should implement this as a fallback when rep:externalId is missing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-2705) DefaultSyncHandler should use the principalName as a fallback when no externalId is available
[ https://issues.apache.org/jira/browse/OAK-2705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14388592#comment-14388592 ] angela commented on OAK-2705: - [~baedke], are you sure you really mean principalName? DefaultSyncHandler should use the principalName as a fallback when no externalId is available - Key: OAK-2705 URL: https://issues.apache.org/jira/browse/OAK-2705 Project: Jackrabbit Oak Issue Type: Improvement Components: oak-auth-external, upgrade Reporter: Manfred Baedke After a crx2oak repository migration, user nodes lack the property rep:externalId, which is needed for the DefaultSyncHandler to work properly. In the majority of cases (when there is only one ExternalIdentityProvider) using the principalName instead would work fine, so we should implement this as a fallback when rep:externalId is missing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OAK-2705) DefaultSyncHandler should use the principalName as a fallback when no externalId is available
[ https://issues.apache.org/jira/browse/OAK-2705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14389449#comment-14389449 ] Tobias Bocanegra commented on OAK-2705: --- not quite. the rep:externalId is a combination of IDP and the domain specific id. in the ldap case, the id part is the DN. So I think all that is needed is to specify some default behaviour if the authorizables have no external ID. maybe based on path patterns. the proper way is probably to extend the logic, so that an IDP can be the default IDP for missing external IDs. so for example, the LDAP IDP would then be asked if the given authorizable's principal name is a valid DN. DefaultSyncHandler should use the principalName as a fallback when no externalId is available - Key: OAK-2705 URL: https://issues.apache.org/jira/browse/OAK-2705 Project: Jackrabbit Oak Issue Type: Improvement Components: oak-auth-external, upgrade Reporter: Manfred Baedke After a crx2oak repository migration, user nodes lack the property rep:externalId, which is needed for the DefaultSyncHandler to work properly. In the majority of cases (when there is only one ExternalIdentityProvider) using the principalName instead would work fine, so we should implement this as a fallback when rep:externalId is missing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
