Eh eh eh, thank you :-)
Please keep us updated with the outcomes of your Syncope experiments (PoC?).
Regards.
On 04/11/2014 17:23, Manfredo Hopp wrote:
OK Francesco THANKS TO YOU!
youre IL GROSSO
:)
2014-11-04 13:20 GMT-03:00 Francesco Chicchiriccò <[email protected]
<mailto:[email protected]>>:
On 04/11/2014 17:16, Manfredo Hopp wrote:
I made it work creating a mapping for username which seems to be
mandatory in order to create users,
Oh, nice idea! Where did you get it from? ;-)
so why not include it as mandatory in the mapping screen, or with
default mapping value when I know that task is creating users!
To me it looks like a configuration error, instead.
Anyway, if you think this is an improvement, feel free to open an
issue on JIRA and provide a patch.
Regards.
2014-11-04 12:53 GMT-03:00 Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>>:
On 04/11/2014 16:23, Manfredo Hopp wrote:
Thanks Francesco for prompt reply!
Ok for your testing, in my case the mentioned account policy
is directly attached to resource used in a syncronization
task where mapping of accountId is with __NAME__ (primary
key of resource is Long)
through a resource, so maybe there is a difference in how
accounts are created.
Manfredo,
when looking at the log below that says "username=<null>" I'd
say that the problem is the resource user mapping (or the
user template); the account policy says that username is not
valid because it is null.
HTH
Regards.
12:19:31.067 DEBUG
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler
- Process CREATE_OR_UPDATE for 33 as ObjectClass: __ACCOUNT__
12:19:31.133 DEBUG
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler
- Transformed: org.apache.syncope.common.to.UserTO@364b2379[
memberships=[]
status=<null>
token=<null>
tokenExpireTime=<null>
username=<null>
lastLoginDate=<null>
changePwdDate=<null>
failedLogins=<null>
securityQuestion=<null>
securityAnswer=<null>
resources=[sarauth2]
propagationStatusTOs=[]
id=0
derAttrs=[]
virAttrs=[]
attrs=[org.apache.syncope.common.to.AttributeTO@7f05f8c7[
schema=nombre
values=[Daniel]
readonly=false
], org.apache.syncope.common.to.AttributeTO@611011f7[
schema=usrnum
values=[33]
readonly=false
], org.apache.syncope.common.to.AttributeTO@660ba0e9[
schema=apellido
values=[]
readonly=false
], org.apache.syncope.common.to.AttributeTO@5715556[
schema=usrnum
values=[33]
readonly=false
]]
creator=<null>
creationDate=<null>
lastModifier=<null>
lastChangeDate=<null>
]
12:19:31.303 ERROR
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler
- Could not create USER 33
org.apache.syncope.core.persistence.validation.entity.InvalidEntityException:
SyncopeUser [Standard, InvalidUsername]
Regards
2014-11-04 11:23 GMT-03:00 Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>>:
On 04/11/2014 14:16, Manfredo Hopp wrote:
HI Francesco, our user database has account ids
expressed in digits and the idea is having the same id
in syncope, but it seems that digits are not accepted
since an expression like [0-9]+ throws
19:45:50.464 ERROR
org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler
- Could not create USER 69
org.apache.syncope.core.persistence.validation.entity.InvalidEntityException:
SyncopeUser [Standard, InvalidUsername]
at
org.apache.syncope.core.persistence.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:49)~[EntityValidationListener.class:?]
at
sun.reflect.GeneratedMethodAccessor156.invoke(Unknown
Source) ~[?:?]
Hi Manfredo,
I cannot replicate this problem.
In embedded mode from a fresh generated 1.2.1-SNAPSHOT
project I have:
1. created an account policy "onlyDigits" with only
option for pattern ([0-9]+)
2. created a role "roleForOnlyDigits" and set it with
the account policy above
3. created a new user, assigned the roleForOnlyDigits
role, set username to "test" - got validation error, as
expected
4. changed username to "12345678" - create completed
successfully
This specific issue is also checked by
org.apache.syncope.core.policy.AccountPolicyEnforcerTest#testExplicitPattern
- see [2].
Regards.
2014-11-04 3:29 GMT-03:00 Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>>:
On 03/11/2014 23:03, Manfredo Hopp wrote:
Hello, I want to create accounts ids composed
only by digits, and get InvaledUserName as
result of
EntityValidationListener.validate.
My guess is that validation is controlled by
AccountPolicies where I can see an entry for
regular expressions, which is not documented,
Entering a regular expression doesnt change
anithing, so waht is that item for?
And where can I control name ids?
Hi,
you are right, the pattern option for account
policies - introduced with 1.2.0 - is not yet
reported at [1].
When you define a policy (account, password, sync)
you also need to configure for which users such
policy is going to be applied: if created as GLOBAL
policy it will be applied to all users, otherwise
you will need to associate it to a role or a
resource in order to make it effective (for users
owning that role or assigned to that resource,
clearly).
Additional information: when not specified, the
pattern for user names is "[a-zA-Z0-9-_@. ]+"
<mailto:[a-zA-Z0-9-_@.]+>.
Could you please provide more details of what you
are doing?
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Policies#Policies-AccountPolicies
[2]
https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/src/test/java/org/apache/syncope/core/policy/AccountPolicyEnforcerTest.java;h=97b9d99a0ce1754d19ce49704ba8c6613326d1c0;hb=1_2_X#l87
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
