On 04/11/2014 16:23, Manfredo Hopp wrote:
Thanks Francesco for prompt reply!
Ok for your testing, in my case the mentioned account policy is
directly attached to resource used in a syncronization task where
mapping of accountId is with __NAME__ (primary key of resource is Long)
through a resource, so maybe there is a difference in how accounts
are created.
Manfredo,
when looking at the log below that says "username=<null>" I'd say that
the problem is the resource user mapping (or the user template); the
account policy says that username is not valid because it is null.
HTH
Regards.
12:19:31.067 DEBUG
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler -
Process CREATE_OR_UPDATE for 33 as ObjectClass: __ACCOUNT__
12:19:31.133 DEBUG
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler -
Transformed: org.apache.syncope.common.to.UserTO@364b2379[
memberships=[]
status=<null>
token=<null>
tokenExpireTime=<null>
username=<null>
lastLoginDate=<null>
changePwdDate=<null>
failedLogins=<null>
securityQuestion=<null>
securityAnswer=<null>
resources=[sarauth2]
propagationStatusTOs=[]
id=0
derAttrs=[]
virAttrs=[]
attrs=[org.apache.syncope.common.to.AttributeTO@7f05f8c7[
schema=nombre
values=[Daniel]
readonly=false
], org.apache.syncope.common.to.AttributeTO@611011f7[
schema=usrnum
values=[33]
readonly=false
], org.apache.syncope.common.to.AttributeTO@660ba0e9[
schema=apellido
values=[]
readonly=false
], org.apache.syncope.common.to.AttributeTO@5715556[
schema=usrnum
values=[33]
readonly=false
]]
creator=<null>
creationDate=<null>
lastModifier=<null>
lastChangeDate=<null>
]
12:19:31.303 ERROR
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Could
not create USER 33
org.apache.syncope.core.persistence.validation.entity.InvalidEntityException:
SyncopeUser [Standard, InvalidUsername]
Regards
2014-11-04 11:23 GMT-03:00 Francesco Chicchiriccò <[email protected]
<mailto:[email protected]>>:
On 04/11/2014 14:16, Manfredo Hopp wrote:
HI Francesco, our user database has account ids expressed in
digits and the idea is having the same id in syncope, but it
seems that digits are not accepted since an expression like
[0-9]+ throws
19:45:50.464 ERROR
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler -
Could not create USER 69
org.apache.syncope.core.persistence.validation.entity.InvalidEntityException:
SyncopeUser [Standard, InvalidUsername]
at
org.apache.syncope.core.persistence.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:49)
~[EntityValidationListener.class:?]
at sun.reflect.GeneratedMethodAccessor156.invoke(Unknown
Source) ~[?:?]
Hi Manfredo,
I cannot replicate this problem.
In embedded mode from a fresh generated 1.2.1-SNAPSHOT project I have:
1. created an account policy "onlyDigits" with only option for
pattern ([0-9]+)
2. created a role "roleForOnlyDigits" and set it with the account
policy above
3. created a new user, assigned the roleForOnlyDigits role, set
username to "test" - got validation error, as expected
4. changed username to "12345678" - create completed successfully
This specific issue is also checked by
org.apache.syncope.core.policy.AccountPolicyEnforcerTest#testExplicitPattern
- see [2].
Regards.
2014-11-04 3:29 GMT-03:00 Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>>:
On 03/11/2014 23:03, Manfredo Hopp wrote:
Hello, I want to create accounts ids composed only by
digits, and get InvaledUserName as result of
EntityValidationListener.validate.
My guess is that validation is controlled by
AccountPolicies where I can see an entry for regular
expressions, which is not documented,
Entering a regular expression doesnt change anithing, so
waht is that item for?
And where can I control name ids?
Hi,
you are right, the pattern option for account policies -
introduced with 1.2.0 - is not yet reported at [1].
When you define a policy (account, password, sync) you also
need to configure for which users such policy is going to be
applied: if created as GLOBAL policy it will be applied to
all users, otherwise you will need to associate it to a role
or a resource in order to make it effective (for users owning
that role or assigned to that resource, clearly).
Additional information: when not specified, the pattern for
user names is "[a-zA-Z0-9-_@. ]+" <mailto:[a-zA-Z0-9-_@.]+>.
Could you please provide more details of what you are doing?
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Policies#Policies-AccountPolicies
[2]
https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/src/test/java/org/apache/syncope/core/policy/AccountPolicyEnforcerTest.java;h=97b9d99a0ce1754d19ce49704ba8c6613326d1c0;hb=1_2_X#l87
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
