Bug #110
userPassword is always modified
| Status: | Closed | Start: | 16/07/2009 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | Jonathan Clarke | % Done: | 100% |
|
| Category: | Core | |||
| Target version: | 1.1.0 | |||
| Problem in version: |
Description
Hi,
just updated my connector and I see that my attribute userPassword is always updated, which is strange because it is in clear text (SASL) and the same in source and destination.
The config is:
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.default.action = F
# userPassword <- sAMAccountName
lsc.syncoptions.user.userPassword.default_value = "{SASL}" + srcBean.getAttributeValueById("sAMAccountName") + "@example.com"
userPassword is declared in lsc.tasks.user.dstService.attrs
Do you have an idea?
Related issues
| related to Bug #57: db2ldap : Binary attribute seems to be corrupted | Closed | 02/06/2009 |
Associated revisions
Fixes #110. Don't massacre byte[] into String when reading from source. Use Strings for display, however (bean.get*Value and logs)
Fixes #110. Attribute value comparisons are now possible String to byte[] and vice-versa. Includes refactorization of lots of code.
History
Updated by Jérôme Schell about 1 year ago
Yes I can confirm this problem since I've updated my lsc-core. userPassword attribute is always updated even if not modified (with nothing in lsc.properties concerning that attribute).
It seems to be the same for the objectClass attribute (always updated). Maybe the comparison is done before setting the source value to the forced "default_value" in lsc.properties...
Updated by Jonathan Clarke about 1 year ago
- Category set to Core
- Assigned to set to Jonathan Clarke
- Target version set to 1.1.0
OK, I've reproduced this issue. Source and destination beans are not constructed in the same way, even if they are both LDAP.
For the destination bean, all values are just read in and never modified. For the source bean, we attempt to match typing.
Jérôme corrected a bug similar to this, for binary types, but this doesn't seem to apply to multi-valued attributes.
Investigating a fix...
Updated by Jonathan Clarke about 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset r290.
Updated by Jonathan Clarke about 1 year ago
Fixed this. It will be in tomorrow's nightly build (1.1 branch), and soon in release 1.1.0.
Updated by Clément Oudot about 1 year ago
Jonathan Clarke wrote:
Fixed this. It will be in tomorrow's nightly build (1.1 branch), and soon in release 1.1.0.
Hi,
tested this morning, but the pb is still here. A new lsc-core-1.1-SNAPSHOT.jar was downloaded (172 098 bytes). Done 'mvn clean' and 'mvn package', I am prettry sure to have the latest code.
My LSC user can read userPassword. A sample value is '{SASL}coudot@example.com'. Is there something other to configure?
Updated by Jonathan Clarke about 1 year ago
Could you provide a DEBUG output of a sample run where this happens?
Updated by Clément Oudot about 1 year ago
Here is the DEBUG output for the first entry:
[java] 0 [main] DEBUG org.lsc.Configuration.getConfigurationDirectory(Configuration.java:321) - Configuration directory is C:\Documents and Settings\p0075\workspace\lsc-sample\target\classes\
[java] 0 [main] DEBUG org.lsc.Configuration.getConfigurationDirectory(Configuration.java:321) - Configuration directory is C:\Documents and Settings\p0075\workspace\lsc-sample\target\classes\
[java] 0 [main] DEBUG org.lsc.Configuration.setConfiguration(Configuration.java:397) - Loading configuration url : file:/C:/Documents%20and%20Settings/p0075/workspace/lsc-sample/target/classes/lsc.properties
[java] 78 [main] WARN org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:230) - Starting sync for user
[java] 93 [main] INFO org.lsc.jndi.JndiServices.logConnectingTo(JndiServices.java:223) - Connecting to LDAP server ldap://126.50.0.69/dc=example,dc=local as cn=test,cn=users,dc=example,dc=local
[java] 172 [main] DEBUG org.lsc.jndi.JndiServices.getAttrsList(JndiServices.java:748) - Using pagedResults control for 1000 entries at a time
[java] 234 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'K' sync type for attribute name objectClass.
[java] 234 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'F' sync type for attribute name pwdAccountLockedTime.
[java] 234 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'F' sync type for attribute name default.
[java] 234 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'K' sync type for attribute name objectClass.
[java] 250 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'F' sync type for attribute name pwdAccountLockedTime.
[java] 250 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'F' sync type for attribute name default.
[java] 250 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'K' sync type for attribute name default.
[java] 250 [main] DEBUG org.lsc.beans.syncoptions.PropertiesBasedSyncOptions.initialize(PropertiesBasedSyncOptions.java:140) - Adding 'F' sync type for attribute name pwdAccountLockedTime.
[java] 250 [main] DEBUG org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:331) - Synchronizing org.lsc.objects.user for CN=ta ta,OU=Users,OU=example,DC=example,DC=local
[java] 250 [main] INFO org.lsc.jndi.JndiServices.logConnectingTo(JndiServices.java:223) - Connecting to LDAP server ldaps://126.50.0.30/dc=example,dc=net as ou=lsc,ou=applications,dc=example,dc=net
[java] 843 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:340) - Do nothing (roomnumber)
[java] 843 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:340) - Do nothing (mail)
[java] 843 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute givenname is modified.
[java] 843 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute sn is modified.
[java] 843 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:366) - Forget any modifications because of the 'Keep' status (objectclass)
[java] 859 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute employeetype is modified.
[java] 859 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:340) - Do nothing (ou)
[java] 875 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute uid is modified.
[java] 875 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute userpassword is modified.
[java] 875 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:347) - Adding modification for attribute userpassword.
[java] 875 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:340) - Do nothing (pwdaccountlockedtime)
[java] 890 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:340) - Do nothing (o)
[java] 890 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:340) - Do nothing (telephonenumber)
[java] 890 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute cn is modified.
[java] 890 [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:373) - Modifying entry "uid=tata,ou=users"
[java] 906 [main] INFO org.lsc.utils.I18n.defaultInitialize(I18n.java:135) - No environemental LANG variable found. Defaulting to en_US.
[java] 2187 [main] DEBUG org.lsc.utils.I18n.setLocaleAndLoadMessages(I18n.java:171) - Setting locale to en_US
[java] 2187 [main] DEBUG org.lsc.Configuration.getConfigurationDirectory(Configuration.java:321) - Configuration directory is C:\Documents and Settings\p0075\workspace\lsc-sample\target\classes\
[java] 2187 [main] DEBUG org.lsc.Configuration.getConfigurationDirectory(Configuration.java:321) - Configuration directory is C:\Documents and Settings\p0075\workspace\lsc-sample\target\classes\
[java] 2187 [main] INFO org.lsc.AbstractSynchronize.logAction(AbstractSynchronize.java:504) - # Updating entry uid=tata,ou=users for user
[java] dn: uid=tata,ou=users,dc=example,dc=net
[java] changetype: modify
[java] replace: userPassword
[java] userPassword: {SASL}tata@example.net
Updated by Jonathan Clarke about 1 year ago
- Status changed from Feedback to Assigned
Thanks. I have reproduced this behaviour, but only by using:
lsc.syncoptions.user.userPassword.force_value = "{SASL}" + srcBean.getAttributeValueById("sAMAccountName") + "@example.com"
(note the force_value instead of default_value - I think you can't be reading userPassword from your source.)
It turns out that the compareAttribute() method in BeanComparator compares the string we build up to the byte[] read from the source, and of course they don't match. Working on a fix.
Updated by Clément Oudot about 1 year ago
(note the force_value instead of default_value - I think you can't be reading userPassword from your source.)
Ture, I build userPassword value in lsc.properties. So what should be used, force_value or default_value?
Updated by Jonathan Clarke about 1 year ago
Clément Oudot wrote:
(note the force_value instead of default_value - I think you can't be reading userPassword from your source.)
Ture, I build userPassword value in lsc.properties. So what should be used, force_value or default_value?
Using default_value will only write the attribute to the destination if there is not already a value for that attribute. So if userPassword contains, for example "secret", it will never be updated by a default_value. However, force_value makes sure to force the destination attribute to the value you want.
Jon
Updated by Clément Oudot about 1 year ago
Jonathan Clarke wrote:
Clément Oudot wrote:
(note the force_value instead of default_value - I think you can't be reading userPassword from your source.)
Ture, I build userPassword value in lsc.properties. So what should be used, force_value or default_value?
Using default_value will only write the attribute to the destination if there is not already a value for that attribute. So if userPassword contains, for example "secret", it will never be updated by a default_value. However, force_value makes sure to force the destination attribute to the value you want.
Great, so I want to use force_value on userPassword attribute ;)
Updated by Jonathan Clarke about 1 year ago
- Status changed from Assigned to Feedback
Applied in changeset r300.
Updated by Jonathan Clarke about 1 year ago
Just committed a fix for this. It involves a bit of refactorisation in BeanComparator, which is a Good Thing in general, however I think it needs a bit more real life testing to be sure! Can you have another try, Clément ?
Thanks,
Jon
Updated by Clément Oudot about 1 year ago
Jonathan Clarke wrote:
Just committed a fix for this. It involves a bit of refactorisation in BeanComparator, which is a Good Thing in general, however I think it needs a bit more real life testing to be sure! Can you have another try, Clément ?
Will this be in the nightly build? I will then try it tomorrow.
Updated by Jonathan Clarke about 1 year ago
Clément Oudot wrote:
Jonathan Clarke wrote:
Just committed a fix for this. It involves a bit of refactorisation in BeanComparator, which is a Good Thing in general, however I think it needs a bit more real life testing to be sure! Can you have another try, Clément ?
Will this be in the nightly build? I will then try it tomorrow.
Yes, it will be in tonight's nightly. Thanks!
Updated by Jonathan Clarke about 1 year ago
Jérôme Schell wrote:
Yes I can confirm this problem since I've updated my lsc-core. userPassword attribute is always updated even if not modified (with nothing in lsc.properties concerning that attribute).
It seems to be the same for the objectClass attribute (always updated). Maybe the comparison is done before setting the source value to the forced "default_value" in lsc.properties...
Hi Jérôme,
Do you still see this behaviour with the latest nightly build?
Updated by Jérôme Schell about 1 year ago
Jonathan Clarke wrote:
Hi Jérôme,
Do you still see this behaviour with the latest nightly build?
Hi,
Just tested 1.1.0-rc1. The problem with userPassword seems to be solved.
For the objectClass problem, it was related with the comparison that seems to be case sensitive on the values.
Tested ldap2ldap and db2ldap sync. Everything seems fine.
Thanks Jonathan ;)
Updated by Clément Oudot about 1 year ago
Jérôme Schell wrote:
Jonathan Clarke wrote:
Hi Jérôme,
Do you still see this behaviour with the latest nightly build?
Hi,
Just tested 1.1.0-rc1. The problem with userPassword seems to be solved.
Hi,
I'm sorry, I just tested this morning (with the 1.1-SNAPSHOT) and I still have the pb.
I have this in lsc.properties:
lsc.syncoptions.user.userPassword.force_value = "{SASL}" + srcBean.getAttributeValueById("sAMAccountName") + "@example.com"
And in DEBUG:
[main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute userpassword is modified. [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:347) - Adding modification for attribute userpassword.
Updated by Jonathan Clarke about 1 year ago
Clément Oudot wrote:
I'm sorry, I just tested this morning (with the 1.1-SNAPSHOT) and I still have the pb.
I have this in lsc.properties: [...]
And in DEBUG:
[main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:342) - Checking if attribute userpassword is modified. [main] DEBUG org.lsc.beans.BeanComparator.getModifyEntry(BeanComparator.java:347) - Adding modification for attribute userpassword.
You can't be using the latest snapshot. I've added a line of log between those two lines:
LOGGER.debug("Attribute " + dstAttr.getID() + ": source values are " + srcAttr + ", old values were " + dstAttr + ", new values are " + toReplaceAttr);
Which should display something (admittely ugly, but still) like:
[java] 397 - DEBUG - Attribute userPassword: source values are userPassword: [B@e4ac00c, old values were userPassword: [B@4d865b28, new values are userPassword: [B@e4ac00c
Can you please check that you are using the latest SNAPSHOT? Or, better still, try out the 1.1.0-rc1 version?
Thanks,
Jonathan
Updated by Jonathan Clarke about 1 year ago
Jérôme Schell wrote:
Just tested 1.1.0-rc1. The problem with userPassword seems to be solved. For the objectClass problem, it was related with the comparison that seems to be case sensitive on the values.
If you think that should not be the case, could you open a seperate bug for that?
Tested ldap2ldap and db2ldap sync. Everything seems fine.
Great! Thanks for testing :)
Updated by Clément Oudot about 1 year ago
Jonathan Clarke wrote:
Clément Oudot wrote:
I'm sorry, I just tested this morning (with the 1.1-SNAPSHOT) and I still have the pb.
I have this in lsc.properties: [...]
And in DEBUG:
[...]
You can't be using the latest snapshot. I've added a line of log between those two lines: [...]
Which should display something (admittely ugly, but still) like: [...]
Can you please check that you are using the latest SNAPSHOT? Or, better still, try out the 1.1.0-rc1 version?
Hi,
there was a pb with my http proxy doing cache... So I tested with the latest SNAPSHOT and also modified my pom.xml to use 1.1.0-rc1. This works in both cases :)
Thanks,
Clément.
Updated by Jonathan Clarke about 1 year ago
- Status changed from Feedback to Closed
Clément Oudot wrote:
there was a pb with my http proxy doing cache... So I tested with the latest SNAPSHOT and also modified my pom.xml to use 1.1.0-rc1. This works in both cases :)
Excellent news!
I'm now closing this bug.