mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-08 14:51:49 +00:00
Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)
103946: Merged 5.0.N (5.0.2) to HEAD-BUG-FIX (5.1/Cloud)
103861: Merged V4.2-BUG-FIX (4.2.5) to 5.0.N (5.0.2)
103837: MNT-13867: Merged V4.1-BUG-FIX to V4.2-BUG-FIX (4.2.5).
101406: MNT-12454: Deletion behaviour of LDAP user does NOT work as documented.
- was added synchronization.syncDelete property.
101558: MNT-12454: Deletion behaviour of LDAP user does NOT work as documented.
- If allowDeletions=true then authority need move to AuthorityService.ZONE_AUTH_ALFRESCO. ChainingUserRegistrySynchronizerTest.testForcedUpdateWithoutDeletions test was corrected.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@104033 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tatyana Valkevych
@@ -80,6 +80,9 @@
|
||||
<property name="allowDeletions">
|
||||
<value>${synchronization.allowDeletions}</value>
|
||||
</property>
|
||||
<property name="syncDelete">
|
||||
<value>${synchronization.syncDelete}</value>
|
||||
</property>
|
||||
<property name="nameChecker" ref="nameChecker" />
|
||||
</bean>
|
||||
|
||||
|
||||
@@ -31,3 +31,6 @@ synchronization.workerThreads=1
|
||||
|
||||
# Synchronization with deletions
|
||||
synchronization.allowDeletions=true
|
||||
|
||||
# For large LDAP directories the delete query is expensive and time consuming, needing to read the entire LDAP directory.
|
||||
synchronization.syncDelete=true
|
||||
@@ -181,6 +181,9 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
|
||||
/** Allow a full sync to perform deletions? */
|
||||
private boolean allowDeletions = true;
|
||||
|
||||
/** Controls whether to query for users and groups that have been deleted in LDAP */
|
||||
private boolean syncDelete = true;
|
||||
|
||||
/** Validates person names over cm:filename constraint **/
|
||||
private NameChecker nameChecker;
|
||||
|
||||
@@ -350,15 +353,31 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
|
||||
}
|
||||
|
||||
/**
|
||||
* Fullsync is run with deletions. By default is set to true.
|
||||
* Controls how deleted users and groups are handled.
|
||||
* By default is set to true.
|
||||
*
|
||||
* @param allowDeletions
|
||||
* If <b>true</b> the entries are deleted from alfresco.
|
||||
* If <b>false</b> then they are unlinked from their LDAP authentication zone but remain within alfresco.
|
||||
*/
|
||||
public void setAllowDeletions(boolean allowDeletions)
|
||||
{
|
||||
this.allowDeletions = allowDeletions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Controls whether to query for users and groups that have been deleted in LDAP.
|
||||
* For large LDAP directories the delete query is expensive and time consuming, needing to read the entire LDAP directory.
|
||||
* By default is set to true.
|
||||
*
|
||||
* @param syncDelete
|
||||
* If <b>false</b> then LDAP sync does not even attempt to search for deleted users.
|
||||
*/
|
||||
public void setSyncDelete(boolean syncDelete)
|
||||
{
|
||||
this.syncDelete = syncDelete;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SynchronizeDiagnostic testSynchronize(String authenticatorName)
|
||||
{
|
||||
@@ -1425,9 +1444,8 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
|
||||
|
||||
private void processGroups(UserRegistry userRegistry, boolean isFullSync, boolean splitTxns)
|
||||
{
|
||||
// If we got back some groups, we have to cross reference them with the set of known authorities
|
||||
// MNT-9711 fix. If allowDeletions is false, there is no need to pull all users and all groups from LDAP during the full synchronization.
|
||||
if ((allowDeletions || !groupsToCreate.isEmpty()) && (isFullSync || !this.groupParentAssocsToDelete.isEmpty()))
|
||||
// MNT-12454 fix. If syncDelete is false, there is no need to pull all users and all groups from LDAP during the full synchronization.
|
||||
if ((syncDelete || !groupsToCreate.isEmpty()) && (isFullSync || !this.groupParentAssocsToDelete.isEmpty()))
|
||||
{
|
||||
final Set<String> allZonePersons = newPersonSet();
|
||||
final Set<String> allZoneGroups = new TreeSet<String>();
|
||||
@@ -1473,9 +1491,42 @@ public class ChainingUserRegistrySynchronizer extends AbstractLifecycleBean
|
||||
this.deletionCandidates.addAll(personDeletionCandidates);
|
||||
this.deletionCandidates.addAll(groupDeletionCandidates);
|
||||
|
||||
if (allowDeletions)
|
||||
{
|
||||
allZonePersons.removeAll(personDeletionCandidates);
|
||||
allZoneGroups.removeAll(groupDeletionCandidates);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Complete association deletion information by scanning deleted groups
|
||||
BatchProcessor<String> groupScanner = new BatchProcessor<String>(zone
|
||||
+ " Missing Authority Scanning",
|
||||
ChainingUserRegistrySynchronizer.this.transactionService.getRetryingTransactionHelper(),
|
||||
this.deletionCandidates,
|
||||
ChainingUserRegistrySynchronizer.this.workerThreads, 20,
|
||||
ChainingUserRegistrySynchronizer.this.applicationEventPublisher,
|
||||
ChainingUserRegistrySynchronizer.logger,
|
||||
ChainingUserRegistrySynchronizer.this.loggingInterval);
|
||||
groupScanner.process(new BaseBatchProcessWorker<String>()
|
||||
{
|
||||
|
||||
@Override
|
||||
public String getIdentifier(String entry)
|
||||
{
|
||||
return entry;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void process(String authority) throws Throwable
|
||||
{
|
||||
//MNT-12454 fix. Modifies an authority's zone. Move authority from AUTH.EXT.LDAP1 to AUTH.ALF.
|
||||
updateAuthorityZones(authority, Collections.singleton(zoneId),
|
||||
Collections.singleton(AuthorityService.ZONE_AUTH_ALFRESCO));
|
||||
}
|
||||
}, splitTxns);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Prune the group associations now that we have complete information
|
||||
this.groupParentAssocsToCreate.keySet().retainAll(allZoneGroups);
|
||||
|
||||
@@ -432,8 +432,8 @@ public class ChainingUserRegistrySynchronizerTest extends TestCase
|
||||
|
||||
public Object execute() throws Throwable
|
||||
{
|
||||
// MNT-9711 fix. User U6 already exists in zone "Z0". According ChainingUserRegistrySynchronizercurrent
|
||||
// implementation when allowDeletions==false person that exists in a different zone with higher
|
||||
// MNT-13867 fix. User U6 already exists in zone "Z0". According ChainingUserRegistrySynchronizercurrent
|
||||
// implementation when syncDelete==false person that exists in a different zone with higher
|
||||
// precedence will be ignored
|
||||
assertExists("Z0", "U6");
|
||||
assertExists("Z1", "U1");
|
||||
@@ -797,8 +797,10 @@ public class ChainingUserRegistrySynchronizerTest extends TestCase
|
||||
// Check in correct zone
|
||||
if (zone == null)
|
||||
{
|
||||
assertEquals(Collections.singleton(AuthorityService.ZONE_APP_DEFAULT), this.authorityService
|
||||
.getAuthorityZones(longName));
|
||||
Set<String> zones = new TreeSet<String>();
|
||||
zones.add(AuthorityService.ZONE_APP_DEFAULT);
|
||||
zones.add(AuthorityService.ZONE_AUTH_ALFRESCO);
|
||||
assertEquals(zones, this.authorityService.getAuthorityZones(longName));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -64,6 +64,9 @@
|
||||
<property name="allowDeletions">
|
||||
<value>false</value>
|
||||
</property>
|
||||
<property name="syncDelete">
|
||||
<value>false</value>
|
||||
</property>
|
||||
<property name="sysAdminParams">
|
||||
<ref bean="sysAdminParams" />
|
||||
</property>
|
||||
|
||||
Reference in New Issue
Block a user