Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-1470

LDAP Connector: Null Check in ADUserAccounControl.addControl

    XMLWordPrintable

Details

    Description

      Please consider adding a null check In ADUserAccounControl.addControl where it declares the String value:

       

      String value = attr.getValue().get(0).toString();

       

      I have coded it so that if attr.getValue() == null, then value="false". This change prevents errors if the mapper doesn't pass back any of the following attributes for whatever reason.

       

      target.passwordNotRequired = false;

      target.passwordExpired = false;

      target.smartcardRequired = false;

      target.lockOut = false;

      target.dontExpirePassword = false;

       

      The workaround to not having this connector modification is to ensure that all of these attributes get set to false. (I traditionally have had more custom code for userAccountControl. I am trying to go more default in the configuration.)

       

      FWIW, we never expire passwords, accounts, lock them out, require smart cards, or any of that. So, none of these settings applies to us. This influences my view of these settings.

       

      Any other useful information?

      In the to AD mapper have an onUpdate script.

      Confirm that the variable target does not contain the property lockOut.

       

      Reconcile a user to AD. It will generate a null pointer exception trying to set the variable "value".

      Attachments

        Activity

          People

            gael Gael Allioux
            imre.german Imre German
            Son Nguyen Son Nguyen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: