Separate membership attribute on __ACCOUNT__ and ldapGroups attribute for connector

core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java

@@ -76,11 +76,25 @@ public class LDAPMembershipPropagationActions implements PropagationActions {
     protected GroupDAO groupDAO;
 
     /**
-     * Allows easy subclassing for the ConnId AD connector bundle.
+     * Allows easy subclassing for different LDAP schemes.
      *
-     * @return the name of the attribute used to keep track of group memberships
+     * @return the name of the attribute used to keep track of group memberships on the __ACCOUNT__ object
      */
     protected String getGroupMembershipAttrName() {
+        return "memberOf";
+    }
+
+    @Override
+    public Set<String> moreAttrsToGet(Optional<PropagationTaskInfo> taskInfo, Provision provision) {
+        return Set.of(getGroupMembershipAttrName());
+    }
+
+    /**
+     * Attribute used inside the LDAP connector bundle to track group memberships
+     *
+     * @return the name of the attribute used to keep track of group memberships
+     */
+	protected String getConnectorLdapGroupsAttrName() {
         return "ldapGroups";
     }
 
@@ -119,7 +133,7 @@ public void before(final PropagationTaskInfo taskInfo) {
                     orElseThrow(() -> new NotFoundException("User " + taskInfo.getEntityKey()));
             Set<String> groups = new HashSet<>();
 
-            // for each user group assigned to the resource of this task, compute and add the group's 
+            // for each user group assigned to the resource of this task, compute and add the group's
             // connector object link
             userDAO.findAllGroupKeys(user).stream().
                     map(groupDAO::findById).flatMap(Optional::stream).
@@ -138,7 +152,7 @@ public void before(final PropagationTaskInfo taskInfo) {
             PropagationData data = taskInfo.getPropagationData();
 
             // if groups were defined by resource mapping, take their values and clear up
-            Optional.ofNullable(AttributeUtil.find(getGroupMembershipAttrName(), data.getAttributes())).
+            Optional.ofNullable(AttributeUtil.find(getConnectorLdapGroupsAttrName(), data.getAttributes())).
                     ifPresent(ldapGroups -> {
                         Optional.ofNullable(ldapGroups.getValue()).
                                 ifPresent(value -> value.forEach(obj -> groups.add(obj.toString())));
@@ -148,24 +162,24 @@ public void before(final PropagationTaskInfo taskInfo) {
             LOG.debug("Group connObjectLinks after including the ones from mapping: {}", groups);
 
             // take groups already assigned from beforeObj and include them too
+            Set<String> connObjectLinks = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+            buildManagedGroupConnObjectLinks(
+                    taskInfo.getResource(),
+                    mapping.getConnObjectLink(),
+                    connObjectLinks);
+
             taskInfo.getBeforeObj().
                     map(beforeObj -> beforeObj.getAttributeByName(getGroupMembershipAttrName())).
                     filter(Objects::nonNull).
                     ifPresent(beforeLdapGroups -> {
-                        Set<String> connObjectLinks = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
-                        buildManagedGroupConnObjectLinks(
-                                taskInfo.getResource(),
-                                mapping.getConnObjectLink(),
-                                connObjectLinks);
-
                         LOG.debug("Memberships not managed by Syncope: {}", beforeLdapGroups);
                         beforeLdapGroups.getValue().stream().
                                 filter(value -> !connObjectLinks.contains(String.valueOf(value))).
                                 forEach(value -> groups.add(String.valueOf(value)));
                     });
 
-            LOG.debug("Adding Group connObjectLinks to attributes: {}={}", getGroupMembershipAttrName(), groups);
-            data.getAttributes().add(AttributeBuilder.build(getGroupMembershipAttrName(), groups));
+            LOG.debug("Adding Group connObjectLinks to attributes: {}={}", getConnectorLdapGroupsAttrName(), groups);
+            data.getAttributes().add(AttributeBuilder.build(getConnectorLdapGroupsAttrName(), groups));
 
             if (data.getAttributeDeltas() != null && taskInfo.getUpdateRequest() != null) {
                 Set<String> groupsToAdd = new HashSet<>();
@@ -186,7 +200,7 @@ public void before(final PropagationTaskInfo taskInfo) {
 
                 // if groups were already considered, take their values and clear up
                 Optional.ofNullable(
-                        AttributeDeltaUtil.find(getGroupMembershipAttrName(), data.getAttributeDeltas())).
+                        AttributeDeltaUtil.find(getConnectorLdapGroupsAttrName(), data.getAttributeDeltas())).
                         ifPresent(ldapGroups -> {
                             Optional.ofNullable(ldapGroups.getValuesToAdd()).
                                     ifPresent(value -> value.forEach(obj -> groupsToAdd.add(obj.toString())));
@@ -198,9 +212,9 @@ public void before(final PropagationTaskInfo taskInfo) {
 
                 if (!groupsToAdd.isEmpty() || !groupsToRemove.isEmpty()) {
                     LOG.debug("Adding Group connObjectLinks to attribute deltas: {}={},{}",
-                            getGroupMembershipAttrName(), groupsToAdd, groupsToRemove);
+                            getConnectorLdapGroupsAttrName(), groupsToAdd, groupsToRemove);
                     data.getAttributeDeltas().add(
-                            AttributeDeltaBuilder.build(getGroupMembershipAttrName(), groupsToAdd,
+                            AttributeDeltaBuilder.build(getConnectorLdapGroupsAttrName(), groupsToAdd,
                                     groupsToRemove));
                 }
             }