<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      Maybe just a couple of clarifications:<br>
      <br>
      Firstly, password is usually considered to be write-only by the
      ConnId connectors. This is the default setting that we have
      inherited from the Sun Microsystems. As we are quite keen about
      compatibility this setting was not changed in ConnId. Connectors
      can override this default setting. But only a very few connectors
      actually do that.<br>
      <br>
      Secondly, the DatabaseTable connector is also inherited from Sun
      Microsystems. The connector is old and it is well ripe for
      rewrite. I would be happy to rewrite it personally. But we were
      not able to secure any funding for this rewrite yet. As far as I
      know we have never really tried to read passwords with this
      connector, so I'm not sure it is capable of reading passwords at
      all. But you can check by setting TRACE log level for
      org.identityconnectors.framework. That will turn on tracing of all
      connector operations and they you can see if the connector is
      sending password to midPoint or not.<br>
      <br>
      <pre class="moz-signature" cols="72">-- 
Radovan Semancik
Software Architect
evolveum.com</pre>
      <br>
      <br>
      <br>
      On 10/07/2016 08:26 AM, Ivan Noris wrote:<br>
    </div>
    <blockquote
      cite="mid:e549c0bf-374f-da3b-a425-500777713e9b@evolveum.com"
      type="cite">
      <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
      <p>Hi Martin,</p>
      <p>I have not tried this with DB Table, but for OpenLDAP resource
        I'm using the following:</p>
      <p>1)</p>
      <p>...<br>
      </p>
      <p>         <credentials><!-- here in my example is no
        weak, I'm syncing passwords everytime! --><br>
                    <password><br>
        <b>              
          <fetchStrategy>explicit</fetchStrategy></b><b><br>
        </b>               <inbound/><br>
                    </password><br>
                 </credentials><br>
        ...</p>
      <p>2)</p>
      <p>...<br>
      </p>
      <p>   <capabilities><br>
              <configured
        xmlns:cap=<a moz-do-not-send="true"
          class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">"http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"</a>><br>
        <br>
                 <cap:credentials><br>
        <b>            <cap:password></b><b><br>
        </b><b>              
          <cap:returnedByDefault>false</cap:returnedByDefault></b><b><br>
        </b><b>            </cap:password></b><b><br>
        </b>         </cap:credentials><br>
              </configured><br>
        ...</p>
      <p>Could you please try if it helps?</p>
      <p>Regards,</p>
      <p>Ivan<br>
      </p>
      <div class="moz-cite-prefix">On 10/06/2016 10:55 PM, Martin
        Marchese wrote:<br>
      </div>
      <blockquote
cite="mid:CAG3rmdq=DVUoe+evpUmJ3M5f8ULG3PKX-8zan2oLRFzaqT_xWw@mail.gmail.com"
        type="cite">
        <div dir="ltr">Hi All,
          <div><br>
          </div>
          <div>We are using a Database table connector (using PostgreSQL
            9.5) to create users into midpoint, and we are facing a
            problem while we try to set their password.</div>
          <div><br>
          </div>
          <div>Connector version is 1.4.2.0 and MidPoint version is
            3.4.1</div>
          <div><br>
          </div>
          <div>We have configured a password policy that complies with
            all passwords within the database.</div>
          <div><br>
          </div>
          <div>Password column is configured correctly in the connector
            configuration. I was looking into the samples and I see that
            every samples uses the <generate> option as it
            follows:</div>
          <div><br>
          </div>
          <div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                            </span><credentials></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                    </span><password></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                            </span><outbound/></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                            </span><inbound></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                    </span><strength>weak</strength></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                    </span><expression></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                            </span><generate/></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                    </span></expression></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                            </span></inbound></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                    </span></password></div>
            <div><span class="gmail-Apple-tab-span" style="white-space:pre">                            </span></credentials></div>
            <div><br>
            </div>
            <div><br>
            </div>
            <div>My first thought was that replacing the expression as
              it follows it will work:</div>
            <div><br>
            </div>
            <div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                          </span><credentials></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                  </span><password></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                          </span><outbound/></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                          </span><inbound></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                  </span><strength>weak</strength></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                  </span><expression></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                          </span><asIs/></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                                  </span></expression></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                          </span></inbound></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                                  </span></password></div>
              <div><span class="gmail-Apple-tab-span" style="white-space:pre">                          </span></credentials></div>
            </div>
            <div><br>
            </div>
            <div>However, when I run an import or livesync task i
              receive the following error:</div>
            <div><br>
            </div>
            <div>Provided password does not satisfy password policies.
              Required minimal size (4) of password is not met (password
              length: 0)<br>
            </div>
            <div><br>
            </div>
            <div>As if the password was not coming from the database.
              Also, when I look into the resource object thru the UI,
              the password attribute is empty.</div>
            <div><br>
            </div>
            <div>I took a look at this bug just in case: <a
                moz-do-not-send="true"
                href="https://jira.evolveum.com/browse/MID-2405">https://jira.evolveum.com/browse/MID-2405</a>,
              but it was a different behavior since for me, it fails
              with every password I try.</div>
            <div><br>
            </div>
            <div>Any ideas on what I'm missing here?</div>
            <div><br>
            </div>
            <div>Thanks in advance.</div>
            <div><br>
            </div>
            <div>
              <div class="gmail_signature">
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div>
                        <div dir="ltr">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div dir="ltr"><b><span></span><span></span>Ing.
                                    Martín Marchese</b><br>
                                  <img moz-do-not-send="true"
                                    src="http://www.identicum.com/img/favicon.ico">Identicum
                                  S.A.<br>
                                  Jorge Newbery 3226<br>
                                  Tel: +54 (11) 4552-3050<br>
                                  <a moz-do-not-send="true"
                                    href="mailto:mmarchese@identicum.com"
                                    target="_blank">mmarchese@identicum.com</a><br>
                                  <a moz-do-not-send="true"
                                    href="http://www.identicum.com"
                                    target="_blank">www.identicum.com</a></div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
      </blockquote>
      <br>
      <pre class="moz-signature" cols="72">-- 
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">
</pre>
  </body>
</html>