0
Fixed

LDAP operations can be successfully run against disabled adapters

Beau Harrison (Senior Product Software Engineer) 10 years ago updated by anonymous 9 years ago 2

Disabling an adapter excludes its details from LDAP schema requests, but a client performing a request on that adapter is successfully completed.

Disabling an adapter should hide it from the LDAP endpoint (ie search requests return no entities, add requests can't find adapter etc).

A disabled adapter should not return no entities (unless it is actually empty), as it may have accidentally been left disabled, which would potentially result in accounts being deleted in downstream systems. Instead, the most appropriate LDAP error code and message should be returned, if possible.

I made it so that the LDAP search requests can fetch entities on disabled adapters, however write requests return a LDAP Unavailable message ("Indicates that the server is shutting down or a subsystem necessary to complete the operation is offline.") . This essentially means a disabled adapter is in read-only mode.