[midPoint] Error with password generation

Deepak Natarajan dnataraj at trilobytesystems.com
Tue Jun 3 10:19:15 CEST 2014 

Hi -

We are still encountering an error when using a custom value policy
(This is for outward provisioning of users in Active Directory).

This was *working* and seems to be broken in more recent builds of
2.3-SNAPSHOT.

The exception is :

2014-06-03 10:12:06,692 [] [midPointScheduler_Worker-5] ERROR
(com.evolveum.midpoint.model.util.AbstractSearchIterativeResultHandler):
Import of object shadow:cfb80cc6-d4ad-42ef-
afc0-ba391d0d06c0(brira) from
resource:036f0100-2fe8-49e1-a8fd-5548374f8703(APOS CSV Feeder Resource
Definition) failed: java.lang.StringIndexOutOfBoundsException: String
index out of range: 1
com.evolveum.midpoint.util.exception.SystemException:
java.lang.StringIndexOutOfBoundsException: String index out of range: 1
        at
com.evolveum.midpoint.model.sync.SynchronizationService.notifyChange(SynchronizationService.java:258)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ChangeNotificationDispatcherImpl.notifyChange(ChangeNotificationDispatcherImpl.java:153)
~[provisioning-impl-2.3-SNAPSHOT.jar:n
a]
        at
com.evolveum.midpoint.model.sync.SynchronizeAccountResultHandler.handleObject(SynchronizeAccountResultHandler.java:165)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.util.AbstractSearchIterativeResultHandler.handle(AbstractSearchIterativeResultHandler.java:125)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$5.handle(ProvisioningServiceImpl.java:1215)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ShadowCache$2.handle(ShadowCache.java:895)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter$2.handle(ResourceObjectConverter.java:622)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl$2.handle(ConnectorInstanceIcfImpl.java:1821)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
org.identityconnectors.framework.impl.api.StreamHandlerUtil$ObjectStreamHandlerAdapter.handle(StreamHandlerUtil.java:89)
[connector-framework-internal-1.4.0.0-SNAPSHOT
.jar:na]
        at
org.identityconnectors.framework.impl.api.BufferedResultsProxy.invoke(BufferedResultsProxy.java:255)
[connector-framework-internal-1.4.0.0-SNAPSHOT.jar:na]
        at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:94)
[connector-framework-internal-1.4.0.0-SNAPSHOT.jar:na]
        at com.sun.proxy.$Proxy172.search(Unknown Source) [na:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
~[na:1.7.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source) ~[na:1.7.0_21]
        at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.7.0_21]
        at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:77)
[connector-framework-internal-1.4.0.0-SNAPSHOT.jar:na]
        at com.sun.proxy.$Proxy172.search(Unknown Source) [na:na]
        at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.search(AbstractConnectorFacade.java:173)
[connector-framework-internal-1.4.0.0-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.search(ConnectorInstanceIcfImpl.java:1857)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:627)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ShadowCache.searchObjectsIterativeInternal(ShadowCache.java:900)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ShadowCache.searchObjectsIterative(ShadowCache.java:763)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.searchObjectsIterative(ProvisioningServiceImpl.java:1261)
[provisioning-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.ModelObjectResolver.searchIterative(ModelObjectResolver.java:222)
[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:473)
[task-quartz-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:286)
[task-quartz-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:165)
[task-quartz-impl-2.3-SNAPSHOT.jar:na]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
[quartz-2.1.3.jar:na]
        at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
[quartz-2.1.3.jar:na]
Caused by: java.lang.StringIndexOutOfBoundsException: String index out
of range: 1
        at java.lang.String.substring(Unknown Source) ~[na:1.7.0_21]
        at
com.evolveum.midpoint.common.policy.PasswordPolicyUtils.validatePassword(PasswordPolicyUtils.java:306)
~[common-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.common.policy.PasswordPolicyUtils.validatePassword(PasswordPolicyUtils.java:147)
~[common-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.projector.PasswordPolicyProcessor.processPasswordPolicy(PasswordPolicyProcessor.java:83)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.projector.PasswordPolicyProcessor.processPasswordPolicy(PasswordPolicyProcessor.java:144)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.projector.FocusProcessor.processFocusFocus(FocusProcessor.java:248)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.projector.FocusProcessor.processFocus(FocusProcessor.java:176)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.projector.Projector.project(Projector.java:153)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.Clockwork.click(Clockwork.java:199)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.lens.Clockwork.run(Clockwork.java:156)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.sync.SynchronizationService.reactToChange(SynchronizationService.java:611)
~[model-impl-2.3-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.sync.SynchronizationService.notifyChange(SynchronizationService.java:253)
~[model-impl-2.3-SNAPSHOT.jar:na]
        ... 30 common frames omitted

<valuePolicy
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
             oid="0c33054f-1c69-448b-b99b-a867d575e33e"
             version="0">
   <name>Vejle IDM Password Policy</name>
   <description>Password Policy for the Vejle IDM
Infrastructure</description>
   <lifetime>
      <expiration>999</expiration>
      <warnBeforeExpiration>9</warnBeforeExpiration>
      <lockAfterExpiration>0</lockAfterExpiration>
      <minPasswordAge>0</minPasswordAge>
      <passwordHistoryLength>0</passwordHistoryLength>
   </lifetime>
   <stringPolicy>
      <limitations>
         <minLength>8</minLength>
         <minUniqueChars>3</minUniqueChars>
         <checkPattern/>
         <limit>
            <description>Lowercase characters</description>
            <minOccurs>1</minOccurs>
            <mustBeFirst>true</mustBeFirst>
            <characterClass>
               <value>abcdefghijklmnopqrstuvwxyz</value>
            </characterClass>
         </limit>
         <limit>
            <description>Uppercase characters</description>
            <minOccurs>1</minOccurs>
            <mustBeFirst>false</mustBeFirst>
            <characterClass>
               <value>ABCDEFGHIJKLMNOPQRSTUVWXYZ</value>
            </characterClass>
         </limit>
         <limit>
            <description>Numeric characters</description>
            <minOccurs>1</minOccurs>
            <mustBeFirst>false</mustBeFirst>
            <characterClass>
               <value>1234567890</value>
            </characterClass>
         </limit>
         <limit>
            <description>Special characters</description>
            <minOccurs>1</minOccurs>
            <mustBeFirst>false</mustBeFirst>
            <characterClass>
               <value>!"#$%&'()*+,-.:;<>?@[]^_`{|}~</value>
            </characterClass>
         </limit>
      </limitations>
   </stringPolicy>
</valuePolicy>

This is a bit critical for us as we are unable to provision any users
for our testing phase. Could anyone please help?

Also, if anyone could tell me how to test new policy's quickly (i.e the
maven test commands for that project - infra/common/policy) then I could
drop in my test policy and get to the root of the problem myself.

Thanks!

BR/
-- 
Deepak Natarajan



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140603/d1abe469/attachment.htm>

More information about the midPoint mailing list