-
Bug
-
Resolution: Done
-
Undefined
-
None
-
None
-
False
-
-
False
-
-
Before reporting an issue
[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
core
Describe the bug
Since upgrade from 26.1.x to 26.2
Version
26.2.0
Regression
[x] The issue is a regression
Expected behavior
Groups are imported from LDAP federation.
Since upgrade to 26.2.0 some user cannot list group. After some investigation in both DB and code it looks like this PR change the behavior: https://github.com/keycloak/keycloak/commit/1c57035d41241f235bf77fd295511669f01c2018#diff-30940e65a4a38797c21073cfeed4d0e4beb58042ed778364f30468571d55a50dR522
This was previously using an exact comparison
select u.id from GroupEntity u where u.realm = :realm and u.type = 0 and u.parentId = :parent and u.name = :search order by u.name ASC
Now it's using a query builder with "like" predicate
predicates.add(builder.like(root.get("name"), name));
Actual behavior
keycloak | 2025-04-15 11:26:25,883 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-8) Uncaught server error: java.lang.IllegalStateException: Should not be more than one Group with same name keycloak | at org.keycloak.models.jpa.JpaRealmProvider.getGroupByName(JpaRealmProvider.java:543) keycloak | at org.keycloak.storage.GroupStorageManager.getGroupByName(GroupStorageManager.java:61) keycloak | at org.keycloak.models.cache.infinispan.RealmCacheSession.getGroupByName(RealmCacheSession.java:1000) keycloak | at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.findKcGroupByLDAPGroup(GroupLDAPStorageMapper.java:377) keycloak | at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.findKcGroupOrSyncFromLDAP(GroupLDAPStorageMapper.java:382) keycloak | at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper$LDAPGroupMappingsUserDelegate.lambda$getLDAPGroupMappingsConverted$0(GroupLDAPStorageMapper.java:783) keycloak | at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
How to Reproduce?
- Create a group 'foo-bar'
- Create a group 'foo_bar'
- Try to assign them to a user. This fail
Anything else?
No response
- links to
