[midPoint] Username generation Question
Ivan Noris
ivan.noris at evolveum.com
Thu Nov 20 22:58:06 CET 2014
Hi Jason,
the iterator (as a concept) is used anyway. (To react if the username is
used, and try again, until maxIterations is reached).
In your case, if you'd have two users with exactly the same
first/lastnames, you'd need it too (unless you are using middle name
initial of something like that, which still can have exact match with
another user).
In other project, we are using <tokenExpression> as documented here
https://wiki.evolveum.com/display/midPoint/Unique+Account+Username+HOWTO
and in this blog post:
https://www.evolveum.com/provisioning-random-samaccountname-value/
The latter blog is dealing with unique sAMAccountName attribute while
the DN is expected to be unique (because it's based on midPoint
user/name which is guaranteed to be unique).
The concept is very flexible.
You can check our blogs for other interesting concepts too :-)
Regards,
Ivan
On 11/20/2014 09:34 PM, Jason Everling wrote:
> This is great, Thanks! I shouldn't need the iterator then, Our current
> way is flastname, filastname, firlastname and so on so this would be
> better.
>
> JASON
>
> On Thu, Nov 20, 2014 at 2:11 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
> I believe I've set something similar in our CSV sample:
>
> https://github.com/Evolveum/midpoint/raw/master/samples/resources/csvfile/localhost-csvfile-resource-advanced-nosync-2.xml
>
> See the comments for expression description. This was from our
> real customer setup. I see now that I'd probably use
> basic.norm(basic.stringify(...)) to get rid of diacritics.
>
> <outbound>
> <source>
> <name>tmpGivenName</name>
> <path>$user/givenName</path>
> </source>
> <source>
> <name>tmpFamilyName</name>
> <path>$user/familyName</path>
> </source>
> <expression>
> <script>
> <code>
> <!-- Generate user name:
> - FamilyName + GivenName initial (1 character)
> - no diacritics, all lower case (normalized)
> - max. length 12 including iterator, so the family name part may
> be shortened:
> John Smith: smithj
> Jay Smith: smithj1
> Max Verylonglastname: verylonglasm (notice the family name being
> shortened)
> Marty Verylonglastname: verylonglam1 (notice the family name being
> shortened)
> -->
>
> <!--
> tmpFamilyName = tmpFamilyName ? tmpFamilyName.getNorm() : ''
> tmpGivenName = tmpGivenName ? tmpGivenName.getNorm() : ''-->
>
> tmpGivenNameInitial = basic.stringify(tmpGivenName)?.size() > 0
> ? (basic.stringify(tmpGivenName)).substring(0,1) : ''
>
> if (iteration == 0) {
> if (basic.stringify(tmpFamilyName).size() < 11) {
> basic.norm(basic.stringify(tmpFamilyName + tmpGivenNameInitial))
> }
> else {
> basic.norm(basic.stringify(tmpFamilyName)?.substring(0, 11) +
> basic.stringify(tmpGivenNameInitial))
> }
> }
> else {
> if (basic.stringify(tmpFamilyName).size() < 10) {
> basic.norm(basic.stringify(tmpFamilyName + tmpGivenNameInitial))
> + iterationToken
> }
> else {
> basic.norm(basic.stringify(tmpFamilyName?.substring(0, 10) +
> tmpGivenNameInitial)) + iterationToken
> }
> }
> </code>
> </script>
> </expression>
> </outbound>
>
> Regards,
> Ivan
>
>
> On 11/20/2014 06:20 PM, Jason Everling wrote:
>> I decided to make this seperate,
>>
>> So the username gets generated with the following
>>
>> <expression>
>> <script>
>> <code>
>> tmpGivenNameInitial =
>> basic.stringify(tmpGivenName)?.size() > 0 ?
>>
>> (basic.stringify(tmpGivenName)).substring(0,2) : ''
>> if (iteration == 0) {
>>
>> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
>> }
>> else {
>>
>> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
>> + iterationToken
>> }
>> </code>
>> </script>
>> </expression>
>>
>> Would there be a way, instead of using the iterationToken to use
>> another script if the username is already taken.
>>
>> Try filastname and if not try firlastname ?
>>
>> I was thinking maybe this which is probably not correct but
>> easier to visualize.
>>
>> <expression>
>> <script>
>> <code>
>> tmpGivenNameInitial =
>> basic.stringify(tmpGivenName)?.size() > 0 ?
>>
>> (basic.stringify(tmpGivenName)).substring(0,2) : ''
>> if (iteration == 0) {
>>
>> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
>> }
>> else {
>> tmpGivenNameInitial =
>> basic.stringify(tmpGivenName)?.size() > 0 ?
>>
>> (basic.stringify(tmpGivenName)).substring(0,3) : ''
>>
>> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
>>
>> }
>> </code>
>> </script>
>> </expression>
>>
>> JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________
"Idem per idem - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141120/e433fa02/attachment.htm>
More information about the midPoint
mailing list