On 04/11/2014 17:16, Manfredo Hopp wrote:
I made it work creating a mapping for username which seems to be
mandatory in order to create users,
Oh, nice idea! Where did you get it from? ;-)
so why not include it as mandatory in the mapping screen, or with
default mapping value when I know that task is creating users!
To me it looks like a configuration error, instead.
Anyway, if you think this is an improvement, feel free to open an issue
on JIRA and provide a patch.
Regards.
2014-11-04 12:53 GMT-03:00 Francesco Chicchiriccò <[email protected]
<mailto:[email protected]>>:
On 04/11/2014 16:23, Manfredo Hopp wrote:
Thanks Francesco for prompt reply!
Ok for your testing, in my case the mentioned account policy is
directly attached to resource used in a syncronization task where
mapping of accountId is with __NAME__ (primary key of resource
is Long)
through a resource, so maybe there is a difference in how
accounts are created.
Manfredo,
when looking at the log below that says "username=<null>" I'd say
that the problem is the resource user mapping (or the user
template); the account policy says that username is not valid
because it is null.
HTH
Regards.
12:19:31.067 DEBUG
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler -
Process CREATE_OR_UPDATE for 33 as ObjectClass: __ACCOUNT__
12:19:31.133 DEBUG
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler -
Transformed: org.apache.syncope.common.to.UserTO@364b2379[
memberships=[]
status=<null>
token=<null>
tokenExpireTime=<null>
username=<null>
lastLoginDate=<null>
changePwdDate=<null>
failedLogins=<null>
securityQuestion=<null>
securityAnswer=<null>
resources=[sarauth2]
propagationStatusTOs=[]
id=0
derAttrs=[]
virAttrs=[]
attrs=[org.apache.syncope.common.to.AttributeTO@7f05f8c7[
schema=nombre
values=[Daniel]
readonly=false
], org.apache.syncope.common.to.AttributeTO@611011f7[
schema=usrnum
values=[33]
readonly=false
], org.apache.syncope.common.to.AttributeTO@660ba0e9[
schema=apellido
values=[]
readonly=false
], org.apache.syncope.common.to.AttributeTO@5715556[
schema=usrnum
values=[33]
readonly=false
]]
creator=<null>
creationDate=<null>
lastModifier=<null>
lastChangeDate=<null>
]
12:19:31.303 ERROR
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler -
Could not create USER 33
org.apache.syncope.core.persistence.validation.entity.InvalidEntityException:
SyncopeUser [Standard, InvalidUsername]
Regards
2014-11-04 11:23 GMT-03:00 Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>>:
On 04/11/2014 14:16, Manfredo Hopp wrote:
HI Francesco, our user database has account ids expressed in
digits and the idea is having the same id in syncope, but it
seems that digits are not accepted since an expression like
[0-9]+ throws
19:45:50.464 ERROR
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler
- Could not create USER 69
org.apache.syncope.core.persistence.validation.entity.InvalidEntityException:
SyncopeUser [Standard, InvalidUsername]
at
org.apache.syncope.core.persistence.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:49)
~[EntityValidationListener.class:?]
at
sun.reflect.GeneratedMethodAccessor156.invoke(Unknown
Source) ~[?:?]
Hi Manfredo,
I cannot replicate this problem.
In embedded mode from a fresh generated 1.2.1-SNAPSHOT
project I have:
1. created an account policy "onlyDigits" with only option
for pattern ([0-9]+)
2. created a role "roleForOnlyDigits" and set it with the
account policy above
3. created a new user, assigned the roleForOnlyDigits role,
set username to "test" - got validation error, as expected
4. changed username to "12345678" - create completed
successfully
This specific issue is also checked by
org.apache.syncope.core.policy.AccountPolicyEnforcerTest#testExplicitPattern
- see [2].
Regards.
2014-11-04 3:29 GMT-03:00 Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>>:
On 03/11/2014 23:03, Manfredo Hopp wrote:
Hello, I want to create accounts ids composed only
by digits, and get InvaledUserName as result of
EntityValidationListener.validate.
My guess is that validation is controlled by
AccountPolicies where I can see an entry for regular
expressions, which is not documented,
Entering a regular expression doesnt change
anithing, so waht is that item for?
And where can I control name ids?
Hi,
you are right, the pattern option for account policies -
introduced with 1.2.0 - is not yet reported at [1].
When you define a policy (account, password, sync) you
also need to configure for which users such policy is
going to be applied: if created as GLOBAL policy it will
be applied to all users, otherwise you will need to
associate it to a role or a resource in order to make it
effective (for users owning that role or assigned to
that resource, clearly).
Additional information: when not specified, the pattern
for user names is "[a-zA-Z0-9-_@. ]+"
<mailto:[a-zA-Z0-9-_@.]+>.
Could you please provide more details of what you are doing?
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Policies#Policies-AccountPolicies
[2]
https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/src/test/java/org/apache/syncope/core/policy/AccountPolicyEnforcerTest.java;h=97b9d99a0ce1754d19ce49704ba8c6613326d1c0;hb=1_2_X#l87
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
