}
@Test
public void issueSYNCOPE354() {
// change resource-ldap role mapping for including uniqueMember (need for assertions below)
ResourceTO ldap = resourceService.read(RESOURCE_NAME_LDAP);
for (MappingItemTO item : ldap.getRmapping().getItems()) {
if ("description".equals(item.getExtAttrName())) {
item.setExtAttrName("uniqueMember");
}
}
resourceService.update(ldap.getName(), ldap);
// 1. create role with LDAP resource
RoleTO roleTO = new RoleTO();
roleTO.setName("SYNCOPE354-" + getUUIDString());
roleTO.setParent(8L);
roleTO.addResource(RESOURCE_NAME_LDAP);
roleTO = createRole(roleService, roleTO);
assertNotNull(roleTO);
// 2. create user with LDAP resource and membership of the above role
UserTO userTO = getUniqueSampleTO("syncope354@syncope.apache.org");
userTO.addResource(RESOURCE_NAME_LDAP);
MembershipTO membershipTO = new MembershipTO();
membershipTO.setRoleId(roleTO.getId());
userTO.addMembership(membershipTO);
userTO = createUser(userTO);
assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP));
// 3. read role on resource, check that user DN is included in uniqueMember
ConnObjectTO connObj =
resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.ROLE, roleTO.getId());
assertNotNull(connObj);
assertTrue(connObj.getAttributeMap().get("uniqueMember").getValues().
contains("uid=" + userTO.getUsername() + ",ou=people,o=isp"));
// 4. remove membership
UserMod userMod = new UserMod();
userMod.setId(userTO.getId());
userMod.addMembershipToBeRemoved(userTO.getMemberships().iterator().next().getId());
userTO = userService.update(userMod.getId(), userMod);
assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP));
// 5. read role on resource, check that user DN was removed from uniqueMember
connObj = resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.ROLE, roleTO.getId());
assertNotNull(connObj);
assertFalse(connObj.getAttributeMap().get("uniqueMember").getValues().
contains("uid=" + userTO.getUsername() + ",ou=people,o=isp"));
// 6. restore original resource-ldap role mapping
for (MappingItemTO item : ldap.getRmapping().getItems()) {
if ("uniqueMember".equals(item.getExtAttrName())) {
item.setExtAttrName("description");
}
}
resourceService.update(ldap.getName(), ldap);
}