Skip to content

feat: Auto-select containers created during export + LDAP paging fix for Samba AD #232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JayVDZ merged 3 commits into from
Dec 29, 2025
Merged

feat: Auto-select containers created during export + LDAP paging fix for Samba AD #232

JayVDZ merged 3 commits into from
Dec 29, 2025

Conversation

@JayVDZ
Copy link
Contributor

@JayVDZ JayVDZ commented Dec 29, 2025

Summary

Part 4: Auto-Select Containers Created During Export

  • Tracks containers (OUs) created by LDAP connector during export
  • Automatically selects newly-created containers in JIM's hierarchy if parent is selected
  • Enables delta import to find exported objects without manual container selection

Fix: LDAP Paging Control Compatibility

  • Made PageResultRequestControl non-critical to work with Samba AD
  • Servers without paging support can now ignore the control instead of failing
  • Enables integration testing and real-world Samba AD deployments

Implementation

Part 4: Auto-Select Containers

  1. New Interface: IConnectorContainerCreation - for connectors that create containers during export
  2. Container Tracking: LDAP connector tracks created OUs in LdapConnectorExport
  3. Post-Export Hook: SyncExportTaskProcessor triggers RefreshAndAutoSelectContainersAsync()
  4. Smart Selection: Only adds containers if parent is already selected in hierarchy
  5. Verification: Queries LDAP to verify container exists before adding

Key Files:

  • JIM.Models/Interfaces/IConnectorContainerCreation.cs (NEW)
  • JIM.Connectors/LDAP/LdapConnectorExport.cs - tracks created containers
  • JIM.Connectors/LDAP/LdapConnector.cs - implements IConnectorContainerCreation
  • JIM.Application/Servers/ConnectedSystemServer.cs - RefreshAndAutoSelectContainersAsync() method
  • JIM.Worker/Processors/SyncExportTaskProcessor.cs - post-export hook
  • JIM.Worker/Worker.cs - passes WorkerTask to export processor for initiator info

LDAP Paging Fix

File: JIM.Connectors/LDAP/LdapConnectorImport.cs

  • Line 318: Full import paging - set IsCritical = false
  • Line 374: Delta import (USN-based) paging - set IsCritical = false

Test Results

✅ All 792 unit tests pass
✅ All 6 integration tests pass:

  • Joiner: User provisioned to AD
  • Mover: Attribute updated
  • Mover-Rename: User renamed
  • Mover-Move: User moved to different OU
  • Leaver: User deprovisioned (grace period)
  • Reconnection: User preserved on rehire

Trade-offs & Compatibility

The non-critical paging control change:

  • Gain: Works with Samba AD and any LDAP server without paging support
  • Trade-off: Very large directories without paging support could return all results at once (memory impact)
  • Mitigation: Administrators can limit container scope to manage memory usage
  • No impact on: Active Directory, OpenLDAP, Oracle Directory Server, and other servers with paging support

Post-MVP Enhancement

Created GitHub issue #231 for dynamic capability detection to query RootDSE and only use paging when supported, providing explicit visibility into server capabilities.

Checklist

  • Build: dotnet build JIM.sln - Success
  • Tests: dotnet test JIM.sln - 792 tests pass
  • Integration tests: Scenario 1 - 6/6 tests pass
  • Code review ready
  • No breaking changes

JayVDZ and others added 3 commits December 29, 2025 16:54
@JayVDZ @claude
feat: Add partition validation and service settings refactor
0fd9428 
Implements two related features:

1. **Partition/Container Validation**
   - Add `HasPartitionsOrContainersSelected()` extension method to check
     if a Connected System has required partition/container selections
   - Add warning on Partitions & Containers tab when nothing is selected
   - Disable Object Matching and Run Profiles tabs until selections made
   - Validate partition selections when creating worker tasks
   - Return error or warning based on configurable PartitionValidationMode
   - API returns 400 Bad Request for Error mode, includes warnings in response

2. **Service Settings Refactor (Discourse-style)**
   - New ServiceSetting entity with metadata (Category, Description,
     DefaultValue, IsReadOnly, IsSecret, EnumTypeName)
   - ServiceSettingCategory enum (SSO, Synchronisation, Maintenance, History)
   - ServiceSettingValueType enum (String, Boolean, Integer, TimeSpan, Enum)
   - PartitionValidationMode enum (Error, Warning) with Error as default
   - Repository layer for ServiceSetting CRUD operations
   - ServiceSettingsServer with typed value retrieval and update methods
   - All setting modifications create Activity records for audit trail
   - Seed default settings from environment variables on startup
   - Admin UI at /admin/settings with search, category grouping,
     show/hide secrets, edit dialog, and revert to default

Files added:
- JIM.Models/Core/ServiceSetting.cs
- JIM.Models/Tasking/DTOs/WorkerTaskCreationResult.cs
- JIM.PostgresData/Migrations/20251229163327_AddServiceSettingEntity.cs
- JIM.Web/Pages/Admin/Settings.razor
- JIM.Web/Shared/EditSettingDialog.razor

Files modified:
- Multiple files across Application, Data, Models, PostgresData, and Web

Tests: 790 passing (including 14 new tests for the extension method)

Closes #229 (GitHub issue created for sequential tab workflow as follow-up)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@JayVDZ @claude
feat: Add Borton Corp OU structure and partition selection to integra…
32fd36c 
…tion tests

Updates integration tests to properly test partition/container selection:

1. **Populate-SambaAD.ps1**: Creates "Borton Corp" base OU in Samba AD
   - Users will be provisioned under /Borton Corp/{Department}/
   - Department OUs are created dynamically by the LDAP connector
   - Legacy root-level department OUs kept for backward compatibility

2. **Setup-Scenario1.ps1**: Adds Step 6a for hierarchy import and selection
   - Imports LDAP partition/container hierarchy
   - Selects the testdomain partition
   - Selects the Borton Corp container
   - This tests the partition validation feature implemented earlier

3. **DN Expression Update**: Changed from:
   `OU={Department},DC=testdomain,DC=local`
   to:
   `OU={Department},OU=Borton Corp,DC=testdomain,DC=local`

This enables testing:
- Partition hierarchy retrieval (Import-JIMConnectedSystemHierarchy)
- Container selection (Set-JIMConnectedSystemContainer)
- Partition validation enforcement
- Dynamic OU creation by the LDAP connector

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@JayVDZ @claude
fix: Make LDAP paging control non-critical for Samba AD compatibility
5ed3f99 
The PageResultRequestControl was marked as critical by default, causing
delta imports to fail on Samba AD which doesn't support paging. Making
it non-critical allows servers that don't support paging to ignore the
control and return all results at once, while servers with paging support
continue to work normally.

Changes:
- LdapConnectorImport.cs: Set IsCritical = false for both full and delta
  import paging controls (lines 318 and 374)

This enables the auto-select containers feature to work with Samba AD
during integration testing. All 6 integration tests now pass:
✓ Joiner, Mover, Mover-Rename, Mover-Move, Leaver, Reconnection

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@JayVDZ JayVDZ merged commit aa0df00 into main Dec 29, 2025
5 checks passed
@JayVDZ JayVDZ deleted the feature/partition-validation-service-settings branch December 29, 2025 22:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JayVDZ