Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API rest to remove a group to a user #105

Closed
martins1930 opened this issue Dec 6, 2018 · 0 comments · Fixed by #691
Closed

API rest to remove a group to a user #105

martins1930 opened this issue Dec 6, 2018 · 0 comments · Fixed by #691
Assignees
@vharseko @maximthomas
Labels
enhancement

Comments

@martins1930
Copy link

Hello,
I read the OpenAM documentation and I'm not seeing a way to remove a group to a user using the OpenAM Rest API.
Right now to remove a group we use this API: PUT /openam/json/{RealmName}/groups/{GroupName} removing the user in the uniqueMember list.
For example we have a group with the name mygroup that contains three users: myuser1@foobar.com, seconduser@foobar.com and toremove@foobar.com.
And we want to remove the user toremove@foobar.com of the group mygroup,
to do it we execute this API:

curl -X "PUT" "https://mydomain.com/openam/json/myrealm/groups/mygroup" \
     -H 'Content-Type: application/json' \
     -H 'iplanetDirectoryPro: ...' \
     -d $'{
  "_id": "mygroup",
  "_rev": "-243248344",
  "uniqueMember": [
    "mail=myuser1@foobar.com,ou=people,dc=openam,dc=forgerock,dc=org",
    "mail=seconduser@foobar.com,ou=people,dc=openam,dc=forgerock,dc=org"
  ]
}'

As you can see we remove the user toremove@foobar.com from the list uniqueMember .

But this is not ideal, because we have to load all the users (that belong to a group) into memory (and if we have a lot of users this could generate a bad performance in the API and also the service that is calling this API could consume a lot of memory RAM) and then remove the user in the list uniqueMember.
This approach also could generate a race condition for example: if two processes are trying to delete different users at the same time then one process can override the uniqueMember when invokes the API PUT /openam/json/{RealmName}/groups/{GroupName} .

Do you know if there is a better way to remove a group to a user? (I mean, for a specific user X I want to delete the group G, maybe an API that takes two parameters the username and the group and remove the user of the group ?)

Regards,
Martín.
@vharseko vharseko self-assigned this Dec 11, 2020
@maximthomas maximthomas self-assigned this Dec 18, 2023
@maximthomas maximthomas mentioned this issue Dec 19, 2023
Merged
vharseko pushed a commit that referenced this issue Dec 19, 2023
@maximthomas
[#105] Added setGroups action to the user REST endpoint (#691)
303c2e3 
Added `setGroups` action to the user REST endpoint. 
Pass group names array in the `groups` request body property 
see the example below:
```bash
curl --location --request POST 'http://openam.example.org:8080/openam/json/realms/root/users/demo?_action=setGroups' \
--header 'Content-Type: application/json' \
--header 'iPlanetDirectoryPro: AQIC5wM2LY4....1MTk4AAJTMQAA*' \
--data-raw '{
    "groups": ["managers", "group1"]
}'
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vharseko vharseko

@maximthomas maximthomas

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[#105] Added setGroups action to the user REST endpoint maximthomas/OpenAM
3 participants
@martins1930 @vharseko @maximthomas