On 08/11/2013 13:44, jeverling wrote:
Hello Ilgrosso,
> I don't see any evident problem with your configuration.
> Could you restart everything, clean up your log files and just perform
> the following operations:
>
> 1. create user with LDAP resource
> 2. remove LDAP resource
>
> then paste core-connid.log content to http://apaste.info/ ?'
This is the paste of your specific 2 steps.
I noticed that these steps perform as expected. The LDAP entry is
succesfully removed.
http://apaste.info/dkC1
I noticed the actual problem occurs when reassigning the resource. You
can see the complete log here:
http://apaste.info/mBFO
The user is propagated to the LDAP, but in the details pane Syncope says
that the user is not found in the LDAP resource. Also it gives an
unclear (at least for me) error in the core-connid.log
By examining the second log, I've found that user is created in ApacheDS
(see line 43: Return: Attribute: {Name=__UID__, Value=[donald]} which is
expected) but that the subsequent read from ApacheDS, performed by
Syncope to retrieve the full actual status to be shown on the admin
console, raises (lines 49 and 50):
java.lang.IllegalArgumentException: Must be a single value.
at
org.identityconnectors.framework.common.objects.Attribute.<init>(Attribute.java:118)
~[connid-framework-1.3.3.jar:na]
If you take a look at Attribute.java:118 [1], you will see that an
exception is raised because that user has no password value.
At the end of the day: the actual problem is that, when re-assigning the
LDAP resource, you are not providing a password again: this is needed
because by default Syncope uses SHA internally hence cannot provide a
cleartext value to be encrypted by the underlying connector.
However, providing password value when subscribing a new resource
*should* be mandatory: I'll investigate and open an issue, in case. In
the meanwhile just remember to provide again a valid password.
Thanks for reporting.
Regards.
[1]
https://github.com/Tirasa/ConnId/blob/master/framework/src/main/java/org/identityconnectors/framework/common/objects/Attribute.java#L118
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
