OK Francesco THANKS TO YOU! youre IL GROSSO
:) 2014-11-04 13:20 GMT-03:00 Francesco Chicchiriccò <[email protected]>: > On 04/11/2014 17:16, Manfredo Hopp wrote: > > I made it work creating a mapping for username which seems to be mandatory > in order to create users, > > > Oh, nice idea! Where did you get it from? ;-) > > so why not include it as mandatory in the mapping screen, or with > default mapping value when I know that task is creating users! > > > To me it looks like a configuration error, instead. > Anyway, if you think this is an improvement, feel free to open an issue on > JIRA and provide a patch. > > Regards. > > > 2014-11-04 12:53 GMT-03:00 Francesco Chicchiriccò <[email protected]>: > >> On 04/11/2014 16:23, Manfredo Hopp wrote: >> >> Thanks Francesco for prompt reply! >> >> Ok for your testing, in my case the mentioned account policy is >> directly attached to resource used in a syncronization task where mapping >> of accountId is with __NAME__ (primary key of resource is Long) >> through a resource, so maybe there is a difference in how accounts are >> created. >> >> >> Manfredo, >> when looking at the log below that says "username=<null>" I'd say that >> the problem is the resource user mapping (or the user template); the >> account policy says that username is not valid because it is null. >> >> HTH >> Regards. >> >> >> 12:19:31.067 DEBUG >> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Process >> CREATE_OR_UPDATE for 33 as ObjectClass: __ACCOUNT__ >> 12:19:31.133 DEBUG >> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - >> Transformed: org.apache.syncope.common.to.UserTO@364b2379[ >> memberships=[] >> status=<null> >> token=<null> >> tokenExpireTime=<null> >> username=<null> >> lastLoginDate=<null> >> changePwdDate=<null> >> failedLogins=<null> >> securityQuestion=<null> >> securityAnswer=<null> >> resources=[sarauth2] >> propagationStatusTOs=[] >> id=0 >> derAttrs=[] >> virAttrs=[] >> attrs=[org.apache.syncope.common.to.AttributeTO@7f05f8c7[ >> schema=nombre >> values=[Daniel] >> readonly=false >> ], org.apache.syncope.common.to.AttributeTO@611011f7[ >> schema=usrnum >> values=[33] >> readonly=false >> ], org.apache.syncope.common.to.AttributeTO@660ba0e9[ >> schema=apellido >> values=[] >> readonly=false >> ], org.apache.syncope.common.to.AttributeTO@5715556[ >> schema=usrnum >> values=[33] >> readonly=false >> ]] >> creator=<null> >> creationDate=<null> >> lastModifier=<null> >> lastChangeDate=<null> >> ] >> 12:19:31.303 ERROR >> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Could not >> create USER 33 >> org.apache.syncope.core.persistence.validation.entity.InvalidEntityException: >> SyncopeUser [Standard, InvalidUsername] >> >> >> Regards >> >> 2014-11-04 11:23 GMT-03:00 Francesco Chicchiriccò <[email protected]>: >> >>> On 04/11/2014 14:16, Manfredo Hopp wrote: >>> >>> HI Francesco, our user database has account ids expressed in digits and >>> the idea is having the same id in syncope, but it seems that digits are not >>> accepted since an expression like [0-9]+ throws >>> >>> 19:45:50.464 ERROR >>> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Could not >>> create USER 69 >>> org.apache.syncope.core.persistence.validation.entity.InvalidEntityException: >>> SyncopeUser [Standard, InvalidUsername] >>> at >>> org.apache.syncope.core.persistence.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:49) >>> ~[EntityValidationListener.class:?] >>> at sun.reflect.GeneratedMethodAccessor156.invoke(Unknown Source) >>> ~[?:?] >>> >>> >>> Hi Manfredo, >>> I cannot replicate this problem. >>> >>> In embedded mode from a fresh generated 1.2.1-SNAPSHOT project I have: >>> >>> 1. created an account policy "onlyDigits" with only option for pattern >>> ([0-9]+) >>> 2. created a role "roleForOnlyDigits" and set it with the account >>> policy above >>> 3. created a new user, assigned the roleForOnlyDigits role, set >>> username to "test" - got validation error, as expected >>> 4. changed username to "12345678" - create completed successfully >>> >>> This specific issue is also checked by >>> org.apache.syncope.core.policy.AccountPolicyEnforcerTest#testExplicitPattern >>> - see [2]. >>> >>> Regards. >>> >>> 2014-11-04 3:29 GMT-03:00 Francesco Chicchiriccò <[email protected]>: >>> >>>> On 03/11/2014 23:03, Manfredo Hopp wrote: >>>> >>>>> Hello, I want to create accounts ids composed only by digits, and get >>>>> InvaledUserName as result of >>>>> EntityValidationListener.validate. >>>>> >>>>> My guess is that validation is controlled by AccountPolicies where I >>>>> can see an entry for regular expressions, which is not documented, >>>>> >>>>> Entering a regular expression doesnt change anithing, so waht is that >>>>> item for? >>>>> And where can I control name ids? >>>>> >>>> >>>> Hi, >>>> you are right, the pattern option for account policies - introduced >>>> with 1.2.0 - is not yet reported at [1]. >>>> >>>> When you define a policy (account, password, sync) you also need to >>>> configure for which users such policy is going to be applied: if created as >>>> GLOBAL policy it will be applied to all users, otherwise you will need to >>>> associate it to a role or a resource in order to make it effective (for >>>> users owning that role or assigned to that resource, clearly). >>>> >>>> Additional information: when not specified, the pattern for user names >>>> is "[a-zA-Z0-9-_@. ]+" <[a-zA-Z0-9-_@.]+>. >>>> >>>> Could you please provide more details of what you are doing? >>>> >>>> Regards. >>>> >>>> [1] >>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Policies#Policies-AccountPolicies >>>> >>> [2] >>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/src/test/java/org/apache/syncope/core/policy/AccountPolicyEnforcerTest.java;h=97b9d99a0ce1754d19ce49704ba8c6613326d1c0;hb=1_2_X#l87 >>> >> -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo > PMChttp://people.apache.org/~ilgrosso/ > >
