8000 JpaRealmProvider getGroupByName return group duplicate due to change of comparison (like vs equal) · Issue #38982 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
JpaRealmProvider getGroupByName return group duplicate due to change of comparison (like vs equal) #38982
New issue
New issue
Closed
#38989
Closed
JpaRealmProvider getGroupByName return group duplicate due to change of comparison (like vs equal)#38982
#38989
Assignees
pedroigor
Labels
area/ldapkind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.2.1release/26.3.0
@jonesbusy

Description

@jonesbusy
jonesbusy
opened on Apr 15, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

Since upgrade from 26.1.x to 26.2

Version

26.2.0

Reg 783B ression

  • The issue is a regression

Expected behavior

Groups are imported from LDAP federation.

Since upgrade to 26.2.0 some user cannot list group. After some investigation in both DB and code it looks like this PR change the behavior: 1c57035#diff-30940e65a4a38797c21073cfeed4d0e4beb58042ed778364f30468571d55a50dR522

This was previously using an exact comparison

select u.id from GroupEntity u where u.realm = :realm and u.type = 0 and u.parentId = :parent and u.name = :search order by u.name ASC

Now it's using a query builder with "like" predicate

predicates.add(builder.like(root.get("name"), name));

Actual behavior

keycloak    | 2025-04-15 11:26:25,883 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-8) Uncaught server error: java.lang.IllegalStateException: Should not be more than one Group with same name
keycloak    |   at org.keycloak.models.jpa.JpaRealmProvider.getGroupByName(JpaRealmProvider.java:543)
keycloak    |   at org.keycloak.storage.GroupStorageManager.getGroupByName(GroupStorageManager.java:61)
keycloak    |   at org.keycloak.models.cache.infinispan.RealmCacheSession.getGroupByName(RealmCacheSession.java:1000)
keycloak    |   at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.findKcGroupByLDAPGroup(GroupLDAPStorageMapper.java:377)
keycloak    |   at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.findKcGroupOrSyncFromLDAP(GroupLDAPStorageMapper.java:382)
keycloak    |   at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper$LDAPGroupMappingsUserDelegate.lambda$getLDAPGroupMappingsConverted$0(GroupLDAPStorageMapper.java:783)
keycloak    |   at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)

How to Reproduce?

  • Create a group 'foo-bar'
  • Create a group 'foo_bar'
  • Try to assign them to a user. This fail

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/ldapkind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.2.1release/26.3.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0