<div dir="ltr">Thanks Radovan, I'll give it a try and let you know the results.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span></span><span></span>Ing. Martín Marchese</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>Jorge Newbery 3226<br>Tel: +54 (11) 4552-3050<br><a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Oct 7, 2016 at 2:21 PM, Radovan Semancik <span dir="ltr"><<a href="mailto:radovan.semancik@evolveum.com" target="_blank">radovan.semancik@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_-6839200628950110512moz-cite-prefix">Hi,<br>
<br>
Maybe just a couple of clarifications:<br>
<br>
Firstly, password is usually considered to be write-only by the
ConnId connectors. This is the default setting that we have
inherited from the Sun Microsystems. As we are quite keen about
compatibility this setting was not changed in ConnId. Connectors
can override this default setting. But only a very few connectors
actually do that.<br>
<br>
Secondly, the DatabaseTable connector is also inherited from Sun
Microsystems. The connector is old and it is well ripe for
rewrite. I would be happy to rewrite it personally. But we were
not able to secure any funding for this rewrite yet. As far as I
know we have never really tried to read passwords with this
connector, so I'm not sure it is capable of reading passwords at
all. But you can check by setting TRACE log level for
org.identityconnectors.<wbr>framework. That will turn on tracing of all
connector operations and they you can see if the connector is
sending password to midPoint or not.<span class="HOEnZb"><font color="#888888"><br>
<br>
<pre class="m_-6839200628950110512moz-signature" cols="72">--
Radovan Semancik
Software Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a></pre></font></span><div><div class="h5">
<br>
<br>
<br>
On 10/07/2016 08:26 AM, Ivan Noris wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<p>Hi Martin,</p>
<p>I have not tried this with DB Table, but for OpenLDAP resource
I'm using the following:</p>
<p>1)</p>
<p>...<br>
</p>
<p> <credentials><!-- here in my example is no
weak, I'm syncing passwords everytime! --><br>
<password><br>
<b>
<fetchStrategy>explicit</<wbr>fetchStrategy></b><b><br>
</b> <inbound/><br>
</password><br>
</credentials><br>
...</p>
<p>2)</p>
<p>...<br>
</p>
<p> <capabilities><br>
<configured
xmlns:cap=<a class="m_-6839200628950110512moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3" target="_blank">"http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/capabilities-3"</a>><br>
<br>
<cap:credentials><br>
<b> <cap:password></b><b><br>
</b><b>
<cap:returnedByDefault>false</<wbr>cap:returnedByDefault></b><b><br>
</b><b> </cap:password></b><b><br>
</b> </cap:credentials><br>
</configured><br>
...</p>
<p>Could you please try if it helps?</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<div class="m_-6839200628950110512moz-cite-prefix">On 10/06/2016 10:55 PM, Martin
Marchese wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi All,
<div><br>
</div>
<div>We are using a Database table connector (using PostgreSQL
9.5) to create users into midpoint, and we are facing a
problem while we try to set their password.</div>
<div><br>
</div>
<div>Connector version is 1.4.2.0 and MidPoint version is
3.4.1</div>
<div><br>
</div>
<div>We have configured a password policy that complies with
all passwords within the database.</div>
<div><br>
</div>
<div>Password column is configured correctly in the connector
configuration. I was looking into the samples and I see that
every samples uses the <generate> option as it
follows:</div>
<div><br>
</div>
<div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><credentials></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><password></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><outbound/></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><inbound></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><strength>weak</strength></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><expression></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><generate/></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></expression></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></inbound></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></password></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></credentials></div>
<div><br>
</div>
<div><br>
</div>
<div>My first thought was that replacing the expression as
it follows it will work:</div>
<div><br>
</div>
<div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><credentials></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><password></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><outbound/></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><inbound></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><strength>weak</strength></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><expression></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span><asIs/></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></expression></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></inbound></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></password></div>
<div><span class="m_-6839200628950110512gmail-Apple-tab-span" style="white-space:pre-wrap"> </span></credentials></div>
</div>
<div><br>
</div>
<div>However, when I run an import or livesync task i
receive the following error:</div>
<div><br>
</div>
<div>Provided password does not satisfy password policies.
Required minimal size (4) of password is not met (password
length: 0)<br>
</div>
<div><br>
</div>
<div>As if the password was not coming from the database.
Also, when I look into the resource object thru the UI,
the password attribute is empty.</div>
<div><br>
</div>
<div>I took a look at this bug just in case: <a href="https://jira.evolveum.com/browse/MID-2405" target="_blank">https://jira.evolveum.<wbr>com/browse/MID-2405</a>,
but it was a different behavior since for me, it fails
with every password I try.</div>
<div><br>
</div>
<div>Any ideas on what I'm missing here?</div>
<div><br>
</div>
<div>Thanks in advance.</div>
<div><br>
</div>
<div>
<div class="m_-6839200628950110512gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br>
<a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-6839200628950110512mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-6839200628950110512moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-6839200628950110512moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="m_-6839200628950110512moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
<br>
<fieldset class="m_-6839200628950110512mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-6839200628950110512moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-6839200628950110512moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<pre class="m_-6839200628950110512moz-signature" cols="72"></pre>
</div></div></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>