[midPoint] unique account creation
Ivan Noris
ivan.noris at evolveum.com
Wed Jun 11 19:17:03 CEST 2014
Hi Tim,
this is perfectly doable, but using iterator in object template. The
main scenario is like this:
- account is detected on resource during synchronization/inbound phase
- user attributes are prepared (user/familyName, user/givenName, etc.
but not user/name)
- midPoint processes object templates (in my case, default user template
configured in System Config)
- object template will compute user/name attribute
- midPoint user is created
I have just tried to do this:
Resource:
1. my CSV resource has only inbound expressions
2. unique key in CSV resource configuration properties is the
"employeeNumber"
3. mapping for CSV attribute "icfs:name" (beware, not employeeNumber)
has target to user's employeeNumber attribute
4. mapping for CSV attribute "employeeType" to user's attribute employeeType
The resource does not create user's name directly when doing
synchronization (or import).
Synchronization configuration is based on comparing user's
employeeNumber with account's icfs:name (which is also employeeNumber in
this case).
Accounts in CSV (demo)
"employeeNumber","firstname","lastname","employeeType"
"12345","John","Smith","employee"
"22222","John","Smith","employee"
(you can have other columns too, like password or disabled etc.)
Object template (which is set to default in System configuration, but of
course you may use resource-specific (or addUser action specific):
<objectTemplate
xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'>
<name>Default User Template with iterator</name>
<mapping>
<name>Object Template: Generate name for employees
(employeeType=employee)</name>
<source>
<path>givenName</path>
</source>
<source>
<path>familyName</path>
</source>
<source>
<path>employeeType</path>
</source>
<expression>
<script>
<code>
tmpGivenName = basic.norm(basic.stringify(givenName))
tmpFamilyName = basic.norm(basic.stringify(familyName))
tmpGivenName + '.' + tmpFamilyName + iterationToken
</code>
</script>
</expression>
<target>
<path>name</path>
</target>
<condition>
<script>
<code>employeeType == 'employee'</code>
</script>
</condition>
</mapping>
<iteration>
<maxIterations>999</maxIterations>
<tokenExpression>
<script>
<code>
if (iteration == 0) {
return "";
} else {
return "" + (iteration+1)
}
</code>
</script>
</tokenExpression>
</iteration>
</objectTemplate>
This configuration will create first user named "john.smith" and second
one named "john.smith2" (this is configured in the object template
iteration / tokenExpression. The condition for iterator is based on
user's employeeType and is used only when employeeType==employee.
This is roughly stripped from on one of my custom configurations. Hope
it helps and there are no syntax/xml problems caused by me. If there is
any problem, I'll try to prepare the configuration more thoroughly.
Best regards,
Ivan
On 06/11/2014 04:22 PM, Tim Tompkins wrote:
> Hi,
>
> I am trying to get the unique account name creation setup, however
> this is in reverse of the FAQ at
> https://wiki.evolveum.com/display/midPoint/Unique+Account+Username+HOWTO
>
> The scenario is I have an HR csv feed that gives me identities
> containing firstname, lastname, and employee #, from that i would like
> to generate unique names for midpoint accounts. The names would be
> firstnameLastnameToken
>
> I've tried it in the Mappings definition but that is not picking up
> when creating 2 distinct users with the same name different employee
> number.
>
> Any Ideas?
>
> Thanks,
>
> Tim
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________
"Idem per idem - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140611/bac718f3/attachment.htm>
More information about the midPoint
mailing list