[midPoint] Multi-valued password attributes

Radovan Semancik radovan.semancik at evolveum.com
Fri Jan 22 19:43:10 CET 2016


Hi,

Honestly, we haven't thought about this use case at all. I'm well aware 
of the fact that userPassword (as most LDAP attributes) is multi-valued. 
But I haven't though that somebody will really store multiple values 
there ...

Anyway, currently there are two things to consider:

1. The __PASSWORD__ special attribute in ConnId is single-valued by 
default. So when I was creating the LDAP connector I have naturally used 
that default. Although I have never used the __PASSWORD__ attribute as 
multi-value in any connector, the quick check in ConnId source code 
revealed no obvious obstacle to that kind of usage. Therefore it look 
like it should not be difficult to modify the LDAP connector to support it.

2. The password in midPoint schema is single-valued. Therefore mapping 
multi-valued LDAP password to single-valued midPoint password is likely 
to cause problems.

But what is the use case for multi-valued passwords if I may ask? I 
really wonder.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 01/20/2016 05:33 PM, Todd Bickers wrote:
> Is it possible to setup a resource with a userPassword attribute that 
> allows for multiple password values in LDAP?  Below is the error I'm 
> receiving
>
> Thanks,
>
> Todd
>
>
> 2016-01-20 10:20:15,351 [UCF] [Thread-20] TRACE 
> (com.evolveum.polygon.connector.ldap.search.SearchStrategy): method: 
> null msg:Search RES Entry
>     dn: uid=someuser,ou=Production, ou=People, dc=uillinois, dc=edu
>     objectClass: top
>     objectClass: person
>     objectClass: organizationalPerson
>     objectClass: inetOrgPerson
>     objectClass: eduPerson
>     uid: someuser
>     mail:
>     userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D 0x39 0x38 0x56 0x33 
> 0x4F 0x54 0x6A 0x6F 0x4C 0x69 ...
>     userPassword: 0x7B 0x53 0x53 0x48 0x41 0x7D 0x65 0x6F 0x50 0x68 
> 0x4C 0x71 0x65 0x31 0x58 0x74 ...
>     sn: User
>     employeeNumber: 657499404
>     cn: Some Test User
>     givenName: Some
>
> 2016-01-20 10:20:16,149 [UCF] [http-8080-4] ERROR 
> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception 
> java.lang.IllegalArgumentException in 
> connector:3dadb6e0-671c-469b-8181-0d21bec3c479(ICF 
> com.evolveum.polygon.connector.ldap.LdapConnector v1.4.2.0): 
> resource:01111111-1111-1111-1111-100000000111(EAS LDAP 3.3 
> (urbldaptest1.admin.uillinois.edu)): Must be a single value., 
> attribute __PASSWORD__ (ldap: userpassword)
> java.lang.IllegalArgumentException: Must be a single value., attribute 
> __PASSWORD__ (ldap: userpassword)
>     at 
> com.evolveum.polygon.connector.ldap.schema.SchemaTranslator.toIcfAttribute(SchemaTranslator.java:1012) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.schema.SchemaTranslator.toIcfObject(SchemaTranslator.java:825) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.schema.SchemaTranslator.toIcfObject(SchemaTranslator.java:767) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.schema.SchemaTranslator.toIcfObject(SchemaTranslator.java:763) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.search.SearchStrategy.handleResult(SearchStrategy.java:270) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.search.DefaultSearchStrategy.search(DefaultSearchStrategy.java:87) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.searchUsual(AbstractLdapConnector.java:486) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:324) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.executeQuery(AbstractLdapConnector.java:139) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     at 
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:193) 
> ~[connector-framework-internal-1.4.2.0.jar:na]
>     at 
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:130) 
> ~[connector-framework-internal-1.4.2.0.jar:na]
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_13]
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_13]
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_13]
>     at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_13]
>     at 
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98) 
> ~[connector-framework-internal-1.4.2.0.jar:na]
>     at sun.proxy.$Proxy161.search(Unknown Source) ~[na:na]
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_13]
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_13]
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_13]
>     at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_13]
>     at 
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) 
> ~[connector-framework-internal-1.4.2.0.jar:na]
>     at sun.proxy.$Proxy161.search(Unknown Source) ~[na:na]
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_13]
>     at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_13]
>     at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_13]
>     at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_13]
>     at 
> org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:165) 
> ~[connector-framework-internal-1.4.2.0.jar:na]
> Caused by: java.lang.IllegalArgumentException: Must be a single value.
>     at 
> org.identityconnectors.framework.common.objects.Attribute.<init>(Attribute.java:111) 
> ~[connector-framework-1.4.2.0.jar:na]
>     at 
> org.identityconnectors.framework.common.objects.AttributeBuilder.build(AttributeBuilder.java:188) 
> ~[connector-framework-1.4.2.0.jar:na]
>     at 
> com.evolveum.polygon.connector.ldap.schema.SchemaTranslator.toIcfAttribute(SchemaTranslator.java:1009) 
> ~[connector-ldap-1.4.2.0.jar:na]
>     ... 27 common frames omitted
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint





More information about the midPoint mailing list