Franceso, neither P or C: G (gov) Last questions regarding this configuration: what is the need of username beeing mandatory if there is an accountid check (which itself is mandatory)? Isnt accountId a kind of username replacement? Maybe a more accurate explanation should arise from documents.
Thank you again for your patience! Regards 2014-11-04 14:36 GMT-03:00 Francesco Chicchiriccò <[email protected]>: > Eh eh eh, thank you :-) > > Please keep us updated with the outcomes of your Syncope experiments > (PoC?). > > Regards. > > > On 04/11/2014 17:23, Manfredo Hopp wrote: > > OK Francesco THANKS TO YOU! > > youre IL GROSSO > > :) > > 2014-11-04 13:20 GMT-03:00 Francesco Chicchiriccò <[email protected]>: > >> On 04/11/2014 17:16, Manfredo Hopp wrote: >> >> I made it work creating a mapping for username which seems to be >> mandatory in order to create users, >> >> >> Oh, nice idea! Where did you get it from? ;-) >> >> so why not include it as mandatory in the mapping screen, or with >> default mapping value when I know that task is creating users! >> >> >> To me it looks like a configuration error, instead. >> Anyway, if you think this is an improvement, feel free to open an issue >> on JIRA and provide a patch. >> >> Regards. >> >> >> 2014-11-04 12:53 GMT-03:00 Francesco Chicchiriccò <[email protected]>: >> >>> On 04/11/2014 16:23, Manfredo Hopp wrote: >>> >>> Thanks Francesco for prompt reply! >>> >>> Ok for your testing, in my case the mentioned account policy is >>> directly attached to resource used in a syncronization task where mapping >>> of accountId is with __NAME__ (primary key of resource is Long) >>> through a resource, so maybe there is a difference in how accounts are >>> created. >>> >>> >>> Manfredo, >>> when looking at the log below that says "username=<null>" I'd say that >>> the problem is the resource user mapping (or the user template); the >>> account policy says that username is not valid because it is null. >>> >>> HTH >>> Regards. >>> >>> >>> 12:19:31.067 DEBUG >>> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Process >>> CREATE_OR_UPDATE for 33 as ObjectClass: __ACCOUNT__ >>> 12:19:31.133 DEBUG >>> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - >>> Transformed: org.apache.syncope.common.to.UserTO@364b2379[ >>> memberships=[] >>> status=<null> >>> token=<null> >>> tokenExpireTime=<null> >>> username=<null> >>> lastLoginDate=<null> >>> changePwdDate=<null> >>> failedLogins=<null> >>> securityQuestion=<null> >>> securityAnswer=<null> >>> resources=[sarauth2] >>> propagationStatusTOs=[] >>> id=0 >>> derAttrs=[] >>> virAttrs=[] >>> attrs=[org.apache.syncope.common.to.AttributeTO@7f05f8c7[ >>> schema=nombre >>> values=[Daniel] >>> readonly=false >>> ], org.apache.syncope.common.to.AttributeTO@611011f7[ >>> schema=usrnum >>> values=[33] >>> readonly=false >>> ], org.apache.syncope.common.to.AttributeTO@660ba0e9[ >>> schema=apellido >>> values=[] >>> readonly=false >>> ], org.apache.syncope.common.to.AttributeTO@5715556[ >>> schema=usrnum >>> values=[33] >>> readonly=false >>> ]] >>> creator=<null> >>> creationDate=<null> >>> lastModifier=<null> >>> lastChangeDate=<null> >>> ] >>> 12:19:31.303 ERROR >>> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Could not >>> create USER 33 >>> org.apache.syncope.core.persistence.validation.entity.InvalidEntityException: >>> SyncopeUser [Standard, InvalidUsername] >>> >>> >>> Regards >>> >>> 2014-11-04 11:23 GMT-03:00 Francesco Chicchiriccò <[email protected]>: >>> >>>> On 04/11/2014 14:16, Manfredo Hopp wrote: >>>> >>>> HI Francesco, our user database has account ids expressed in digits and >>>> the idea is having the same id in syncope, but it seems that digits are not >>>> accepted since an expression like [0-9]+ throws >>>> >>>> 19:45:50.464 ERROR >>>> org.apache.syncope.core.sync.impl.AbstractSyncopeResultHandler - Could not >>>> create USER 69 >>>> org.apache.syncope.core.persistence.validation.entity.InvalidEntityException: >>>> SyncopeUser [Standard, InvalidUsername] >>>> at >>>> org.apache.syncope.core.persistence.validation.entity.EntityValidationListener.validate(EntityValidationListener.java:49)~[EntityValidationListener.class:?] >>>> at sun.reflect.GeneratedMethodAccessor156.invoke(Unknown >>>> Source) ~[?:?] >>>> >>>> >>>> Hi Manfredo, >>>> I cannot replicate this problem. >>>> >>>> In embedded mode from a fresh generated 1.2.1-SNAPSHOT project I have: >>>> >>>> 1. created an account policy "onlyDigits" with only option for pattern >>>> ([0-9]+) >>>> 2. created a role "roleForOnlyDigits" and set it with the account >>>> policy above >>>> 3. created a new user, assigned the roleForOnlyDigits role, set >>>> username to "test" - got validation error, as expected >>>> 4. changed username to "12345678" - create completed successfully >>>> >>>> This specific issue is also checked by >>>> org.apache.syncope.core.policy.AccountPolicyEnforcerTest#testExplicitPattern >>>> - see [2]. >>>> >>>> Regards. >>>> >>>> 2014-11-04 3:29 GMT-03:00 Francesco Chicchiriccò <[email protected]> >>>> : >>>> >>>>> On 03/11/2014 23:03, Manfredo Hopp wrote: >>>>> >>>>>> Hello, I want to create accounts ids composed only by digits, and get >>>>>> InvaledUserName as result of >>>>>> EntityValidationListener.validate. >>>>>> >>>>>> My guess is that validation is controlled by AccountPolicies where I >>>>>> can see an entry for regular expressions, which is not documented, >>>>>> >>>>>> Entering a regular expression doesnt change anithing, so waht is that >>>>>> item for? >>>>>> And where can I control name ids? >>>>>> >>>>> >>>>> Hi, >>>>> you are right, the pattern option for account policies - introduced >>>>> with 1.2.0 - is not yet reported at [1]. >>>>> >>>>> When you define a policy (account, password, sync) you also need to >>>>> configure for which users such policy is going to be applied: if created >>>>> as >>>>> GLOBAL policy it will be applied to all users, otherwise you will need to >>>>> associate it to a role or a resource in order to make it effective (for >>>>> users owning that role or assigned to that resource, clearly). >>>>> >>>>> Additional information: when not specified, the pattern for user names >>>>> is "[a-zA-Z0-9-_@. ]+" <[a-zA-Z0-9-_@.]+>. >>>>> >>>>> Could you please provide more details of what you are doing? >>>>> >>>>> Regards. >>>>> >>>>> [1] >>>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Policies#Policies-AccountPolicies >>>>> >>>> [2] >>>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/src/test/java/org/apache/syncope/core/policy/AccountPolicyEnforcerTest.java;h=97b9d99a0ce1754d19ce49704ba8c6613326d1c0;hb=1_2_X#l87 >>>> >>> -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo > PMChttp://people.apache.org/~ilgrosso/ > >
