Hi Francesco, Thanks for looking into this! The issues sound good to me - will you open the JIRAs or do you want me to do it? Should we also create a JIRA for the fact that the deletion error is not reported on the users console screen?
Basic question = Is there an easy way of configuring Syncope (embedded or otherwise) to launch with no pre-existing User/Schema/Connectors/Resources/etc. configured, but with all of the Connectors available? So for example if you just want to launch Syncope in an embedded mode and add your own schemas etc., but without having to manually delete all of the existing schemas/users/etc? Colm. On Mon, Aug 13, 2012 at 4:27 PM, Francesco Chicchiriccò <[email protected] > wrote: > On 13/08/2012 16.45, Francesco Chicchiriccň wrote: > >> On 13/08/2012 16.20, Colm O hEigeartaigh wrote: >> >>> >>> Done, thanks. Two other related questions re potential bugs: >>> >>> 1) I created a new user and assigned a (LDAP) Resource. It propagated >>> successfully + I can see the new user in the backend resource. However, >>> when I edit the user in Syncope I see: >>> >>> Syncope Newuser active icon >>> Apache DS resource cn=Newuser,ou=users,ou=system undefined icon >>> >>> Why does an "undefined icon" appear when the propagation was successful? >>> >> >> Could you take a look at the propagation task that was created for this >> operation (create user on LDAP resource)? There should be an execution, >> possibly reporting an error message. >> >> The "undefined icon" means that the LDAP resource did not return any >> status information about that user. >> >> Is your LDAP resource 'propagation primary'? Is enforcing mandatory >> constraints? >> >> 2) I created a new user and assigned a (LDAP) Resource. It propagated >>> successfully. However if I try to delete in the Syncope users console, >>> nothing happens + no error message appears. Looking at logs I see: >>> >>> 14:27:10.868 WARN org.springframework.web.**client.RestTemplate - GET >>> request for >>> "http://localhost:9080/**syncope/rest/user/delete/105<http://localhost:9080/syncope/rest/user/delete/105>" >>> resulted in 400 (Bad Request); invoking error handler >>> 14:27:10.869 WARN org.apache.wicket.protocol.**http.WebSession - >>> Component-targetted feedback message was left unrendered. This could be >>> because you are missing a FeedbackPanel on the page. Message: >>> [FeedbackMessage message = "{[Propagation [Apache DS resource]], }", >>> reporter = listResult, level = ERROR] >>> >>> When I look at the Core log I see: >>> >>> SEVERE: Servlet.service() for servlet [syncope-core-rest] in context >>> with path [/syncope] threw exception [Request processing failed; nested >>> exception is org.apache.syncope.core.**propagation.**PropagationException: >>> Exception during provision on resource Apache DS resource >>> [LDAP: error code 68 - Attempt to move entry onto itself.]] with root >>> cause >>> org.apache.syncope.core.**propagation.**PropagationException: Exception >>> during provision on resource Apache DS resource >>> [LDAP: error code 68 - Attempt to move entry onto itself.] >>> at org.apache.syncope.core.**propagation.** >>> PropagationManager.execute(**PropagationManager.java:577) >>> >>> So there are potentially two bugs here: >>> >>> a) The error is not reported on the Users Console screen. >>> >> >> This is an error for sure. >> >> b) User deletion does not appear to be working. >>> >>> I could only delete the user when I removed the Resource from the user >>> first. >>> >> >> I suspect that there is some issue when creating this user on LDAP >> (possibly an incomplete mapping?): are you running an embedded environment >> with provided test configuration or have you defined everything from >> scratch? >> > > Hi Colm, > I've just tried your procedure above in the embedded environment and > confirmed all you've found. > > Summarizing, I would open the following issues (affecting 1.0.1-incubating > and 1.1.0-incubating): > > 1. 'Enforce mandatory constraints' is not working > firstname is mapped to cn with mandatoryCondition == 'true' on LDAP > resource, but Syncope doesn't warn if firstname is not provided > > 2. LDAP test connector is not configured for providing status information > No conf value is provided for LDAP connector's statusManagementClass > Note: this is not a problem itself, and is also the reason why you see the > 'undefined icon'; anyway, it would be nice to provide a complete > configuration > > 3. Could not delete an user with LDAP resource > An update operation is issued instead of delete, returning the following > exception: > 17:00:11.708 DEBUG > org.identityconnectors.**framework.api.operations.**UpdateApiOp.update > Exception: > org.identityconnectors.**framework.common.exceptions.**ConnectorException: > javax.naming.**NameAlreadyBoundException: [LDAP: error code 68 - Attempt > to move entry onto itself.]; remaining name '[email protected],ou=** > people,o=isp' > [...] > > 4. Build reference flows for propagation and synchronization > The code behind propagation and synchronization layers is getting bigger > and plenty of flow exceptions: a reorganization - backed by some reference > flows to be summarized as wiki pages - is needed. > > WDYT? > > -- > Francesco Chicchiriccň > > > ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member > http://people.apache.org/~**ilgrosso/<http://people.apache.org/%7Eilgrosso/> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
