[midPoint] 3.1 SNAPSHOT, Username Generation
Pavol Mederly
mederly at evolveum.com
Thu Jan 15 16:57:53 CET 2015
Not exactly.
I mean keeping the mapping that *computes* name property, i.e.
<mapping>
<name>Generate Username for CSV</name>
<source>
<name>tmpGivenName</name>
<path>givenName</path>
</source>
<source>
<name>tmpFamilyName</name>
<path>familyName</path>
</source>
<!-- Will generate username in the filastname format with iterator,
filastname
filastname2
-->
<expression>
<script>
<code>
tmpGivenNameInitial =
basic.stringify(tmpGivenName)?.size() > 0 ?
(basic.stringify(tmpGivenName)).substring(0,2) : ''
if (iteration == 0) {
basic.norm(basic.stringify(tmpGivenNameInitial +
tmpFamilyName))
}
else {
basic.norm(basic.stringify(tmpGivenNameInitial +
tmpFamilyName)) + iterationToken
}
</code>
</script>
</expression>
<target>
<path>name</path>
</target>
</mapping>
And changing the mapping that *uses* the name property to compute
emailAddress so that it would compute it from existing sources
(givenName, familyName) by duplicating the code from the first mapping:
<mapping>
*<source>
<name>tmpGivenName</name>
<path>givenName</path>
</source>
<source>
<name>tmpFamilyName</name>
<path>familyName</path>
</source>
<expression>
<script>
<code>
tmpGivenNameInitial =
basic.stringify(tmpGivenName)?.size() > 0 ?
(basic.stringify(tmpGivenName)).substring(0,2) : ''
if (iteration == 0) {
name = basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
}
else {
name = basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
+ iterationToken
}
* *name + '@bshp.edu'*
</script>
</expression>
<target>
<path>emailAddress</path>
</target>
</mapping>
Green is the copied - and slightly changed - code, red is the code from
the email address mapping.
The same - but slightly more complicated - should be done for Assign
Organization mapping, which would then look like this:
(again, the duplicated code show in green)
<mapping>
<source>
<path>costCenter</path>
</source>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>name</q:path>
<expression>
<script>
<code>
tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
switch (costCenter) {
case 'ASHIT':
tmpOU = 'OU=AAS HIT,' + tmpOU
break
case 'ASIM':
tmpOU = 'OU=DMIT,' + tmpOU
break
case 'ASGA':
tmpOU = 'OU=AAD,' + tmpOU
break
case 'ASGT':
tmpOU = 'OU=DST,' + tmpOU
break
case 'BSHM':
tmpOU = 'OU=BSHM,' + tmpOU
break
case 'CT':
tmpOU = 'OU=DMIT,' + tmpOU
break
case 'GEN':
tmpOU = 'OU=GENED,' + tmpOU
break
case 'LVRN':
tmpOU = 'OU=LVRN,' + tmpOU
break
case 'MO':
tmpOU = 'OU=LVRN,' + tmpOU
break
case 'MRI':
tmpOU = 'OU=DMIT,' + tmpOU
break
case 'AAD':
tmpOU = 'OU=AAD,' + tmpOU
break
case 'ND':
tmpOU = 'OU=DPN,' + tmpOU
break
case 'RT':
tmpOU = 'OU=DMIT,' + tmpOU
break
case 'ST':
tmpOU = 'OU=DST,' + tmpOU
break
case 'PO':
tmpOU = 'OU=PNP,' + tmpOU
break
case 'PN':
tmpOU = 'OU=DPN,' + tmpOU
break
case 'BSN':
tmpOU = 'OU=BSN,' + tmpOU
break
case 'VT':
tmpOU = 'OU=DMIT,' + tmpOU
break
case 'SO':
tmpOU = 'OU=DMIT,' + tmpOU
break
case 'VN':
tmpOU = 'OU=DVN,' + tmpOU
break
default:
tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
}
return tmpOU
</code>
</script>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</mapping>
Haven't tested it; but it should work.
Best regards,
Pavol
On 15. 1. 2015 16:39, Jason Everling wrote:
> Ok thanks for the update,
>
> I am not sure though what you mean by duplicate code? Are you saying
> in the objectTemplate mapping add another email address mapping so
> that it would be something like this?
>
> <mapping>
> <source>
> <path>$user/name</path>
> </source>
> <expression>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> <code>name + '@domain.com <http://domain.com>'</code>
> </script>
> </expression>
> <target>
> <path>emailAddress</path>
> </target>
> </mapping>
>
> <mapping>
> <source>
> <path>$user/name</path>
> </source>
> <expression>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> <code>name + '@domain.com <http://domain.com>'</code>
> </script>
> </expression>
> <target>
> <path>emailAddress</path>
> </target>
> </mapping>
>
>
> JASON
>
> On Thu, Jan 15, 2015 at 9:18 AM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Hello Jason,
>
> just before Christmas vacation, I've been looking at this issue.
> The problem is in the chaining of mappings in the object template.
> In your case, *name* is generated by the first mapping and then
> used for computation of *emailAddress*. In a similar way,
> *organization* is generated and then used to compute *assignment*.
>
> MidPoint does not support such a chaining in the current version.
> If it works in some cases, it is more by chance than by design.
> I've created a jira issue for that:
> https://jira.evolveum.com/browse/MID-2149. Hopefully we'll fix
> that in 3.2.
>
> Fortunately, there is a simple (yet a bit ugly) workaround:
> duplicate your code so that no mapping would depend on another.
>
> Best regards,
> Pavol
>
>
> On 10. 12. 2014 17:27, Jason Everling wrote:
>> Almost toward the end of the log part, I see this
>>
>> ---[ EXECUTED delta of UserType ]---------------------
>> Channel:
>> http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync
>> Wave: 1
>> ObjectDelta<UserType>(UserType:ab907de7-4302-47ef-8003-36959fc842ef,MODIFY):
>> emailAddress
>> REPLACE: null at domain.com <mailto:null at domain.com>
>>
>> On Wed, Dec 10, 2014 at 10:13 AM, Jason Everling
>> <jeverling at bshp.edu <mailto:jeverling at bshp.edu>> wrote:
>>
>> So I disabled or removed that template from the resource
>> reactions, I set it as the default template is sysconfig.
>>
>> It still does it, <emailAddress>null at domain.com
>> <mailto:null at domain.com></emailAddress> seems to be affected,
>>
>> Wierd though, I turned on debugging,
>>
>> It shows the attribute being created correctly, you can see
>> from the log but in the gui and in the user xml it is
>> null at domain.com <mailto:null at domain.com>
>>
>> ObjectDelta<UserType>(UserType:ab907de7-4302-47ef-8003-36959fc842ef,ADD):
>> user: (ab907de7-4302-47ef-8003-36959fc842ef, v0, UserType)
>> extension:
>> otherMailbox: [ hhernandez at local.org
>> <mailto:hhernandez at local.org> ]
>> eduPersonAffiliation: [ student ]
>> givenName: Herman
>> familyName: Hernandes
>> costCenter: PN
>> employeeNumber: HE5019982
>> credentials:
>> password:
>> value:
>> ProtectedStringType(encrypted=EncryptedDataType(encryptionMethod=EncryptionMethodType(algorithm=http://www.w3.org/2001/04/xmlenc#aes128-cbc),
>> keyInfo=KeyInfoType(keyName=HiCJvCmeUCWoiEl3d+uXyd2VeYs=),
>> cipherData=CipherDataType(cipherValue=[32 bytes])))
>> activation:
>> administrativeStatus: ENABLED
>> effectiveStatus: ENABLED
>> enableTimestamp: 2014-12-10T10:07:21.502-06:00
>> emailAddress: hehernandes at domain.com
>> <mailto:hehernandes at domain.com>
>> name: hehernandes
>> employeeType: [ A2S ]
>> locale: US
>> organization: [ OU=DPN,OU=SHP Students,DC=TEST,DC=LOCAL ]
>> locality: San Antonio
>> fullName: Herman Hernandes
>> iteration: 0
>>
>> On Wed, Dec 10, 2014 at 9:46 AM, Ivan Noris
>> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>>
>> Jason,
>>
>> I believe I have seen this couple of weeks ago when
>> debugging the iterator problem... seems that I've
>> forgotten about this.
>>
>> But as far I can remember, it has worked when the mapping
>> was in global system template instead of the
>> resource-referenced.
>>
>> If you can temporarily disable using of the template in
>> resource and set the same template in System
>> Configuration for UserType objects, can you please test
>> the behaviour?
>>
>> Anyway it seems to be a bug, so after you could confirm
>> the behaviour, I'd create a new issue.
>>
>> Thanks,
>> I.
>>
>>
>> On 12/10/2014 04:32 PM, Jason Everling wrote:
>>> Since I upgraded to 3.1 and I am not sure if this is
>>> related to the other CSV Resource issue.
>>>
>>> Here is the mapping for the template, it worked fine in
>>> 3.0.1 so I do not know if anything changed, the email
>>> address is built using name + '@domain.com
>>> <http://domain.com>' but when the user is created I get
>>> null at domain.com <mailto:null at domain.com>, like it is not
>>> picking up the username from the first mapping
>>>
>>> <mapping>
>>> <name>Generate Username for CSV</name>
>>> <source>
>>> <name>tmpGivenName</name>
>>> <path>givenName</path>
>>> </source>
>>> <source>
>>> <name>tmpFamilyName</name>
>>> <path>familyName</path>
>>> </source>
>>> <!-- Will generate username in the filastname
>>> format with iterator,
>>> filastname
>>> filastname2
>>> -->
>>> <expression>
>>> <script>
>>> <code>
>>> tmpGivenNameInitial =
>>> basic.stringify(tmpGivenName)?.size() > 0 ?
>>> (basic.stringify(tmpGivenName)).substring(0,2) : ''
>>> if (iteration == 0) {
>>> basic.norm(basic.stringify(tmpGivenNameInitial +
>>> tmpFamilyName))
>>> }
>>> else {
>>> basic.norm(basic.stringify(tmpGivenNameInitial +
>>> tmpFamilyName)) + iterationToken
>>> }
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <path>name</path>
>>> </target>
>>> </mapping>
>>>
>>> <iteration>
>>> <maxIterations>25</maxIterations>
>>> <tokenExpression>
>>> <script>
>>> <code>
>>> if (iteration == 0) {
>>> return "";
>>> } else {
>>> return "" + (iteration+1)
>>> }
>>> </code>
>>> </script>
>>> </tokenExpression>
>>> </iteration>
>>>
>>> <mapping>
>>> <source>
>>> <path>$user/name</path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>>> <code>name + '@domain.com <http://domain.com>'</code>
>>> </script>
>>> </expression>
>>> <target>
>>> <path>emailAddress</path>
>>> </target>
>>> </mapping>
>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary
>>> and confidential; intended for only the recipient(s)
>>> named above and may contain information that is
>>> privileged. You should not retain, copy or use this
>>> e-mail or any attachments for any purpose, or disclose
>>> all or any part of the contents to any person. Any views
>>> or opinions expressed in this e-mail are those of the
>>> author and do not represent those of the Baptist School
>>> of Health Professions. If you have received this e-mail
>>> in error, or are not the named recipient(s), you are
>>> hereby notified that any review, dissemination,
>>> distribution or copying of this communication is
>>> prohibited by the sender and to do so might constitute a
>>> violation of the Electronic Communications Privacy Act,
>>> 18 U.S.C. section 2510-2521. Please immediately notify
>>> the sender and delete this e-mail and any attachments
>>> from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer
>> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
>> _____________________________________________
>> "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150115/fa2decfa/attachment.htm>
More information about the midPoint
mailing list