[midPoint] 3.1 SNAPSHOT, Username Generation
Jason Everling
jeverling at bshp.edu
Thu Jan 15 17:29:36 CET 2015
I see now, I need to go through other templates also and do this, I looked
at a few others and I am chaining all over the place for other resources
and it seems to be working for those but as you say it might now work at
times.
Thanks!
JASON
On Thu, Jan 15, 2015 at 9:57 AM, Pavol Mederly <mederly at evolveum.com> wrote:
> Not exactly.
>
> I mean keeping the mapping that *computes* name property, i.e.
>
>
> <mapping>
> <name>Generate Username for CSV</name>
> <source>
> <name>tmpGivenName</name>
> <path>givenName</path>
> </source>
> <source>
> <name>tmpFamilyName</name>
> <path>familyName</path>
> </source>
> <!-- Will generate username in the filastname format with iterator,
> filastname
> filastname2
> -->
> <expression>
> <script>
> <code>
> tmpGivenNameInitial =
> basic.stringify(tmpGivenName)?.size() > 0 ?
> (basic.stringify(tmpGivenName)).substring(0,2) : ''
> if (iteration == 0) {
> basic.norm(basic.stringify(tmpGivenNameInitial +
> tmpFamilyName))
> }
> else {
> basic.norm(basic.stringify(tmpGivenNameInitial +
> tmpFamilyName)) + iterationToken
> }
> </code>
> </script>
> </expression>
> <target>
> <path>name</path>
> </target>
> </mapping>
>
> And changing the mapping that *uses* the name property to compute
> emailAddress so that it would compute it from existing sources (givenName,
> familyName) by duplicating the code from the first mapping:
>
> <mapping>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> * <source> <name>tmpGivenName</name>
> <path>givenName</path> </source> <source>
> <name>tmpFamilyName</name> <path>familyName</path>
> </source> <expression> <script> <code>
> tmpGivenNameInitial =
> basic.stringify(tmpGivenName)?.size() > 0 ?
> (basic.stringify(tmpGivenName)).substring(0,2) : '' if
> (iteration == 0) { name =
> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
> } else { name =
> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName)) +
> iterationToken } * *name +
> '@bshp.edu <http://bshp.edu>'*
> </script>
> </expression>
> <target>
> <path>emailAddress</path>
> </target>
> </mapping>
>
> Green is the copied - and slightly changed - code, red is the code from
> the email address mapping.
>
> The same - but slightly more complicated - should be done for Assign
> Organization mapping, which would then look like this:
> (again, the duplicated code show in green)
>
> <mapping>
> <source>
> <path>costCenter</path>
> </source>
> <expression>
> <assignmentTargetSearch>
> <targetType>c:OrgType</targetType>
> <filter>
> <q:equal>
> <q:path>name</q:path>
> <expression>
> <script>
> <code>
> tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
> switch (costCenter) {
> case 'ASHIT':
> tmpOU = 'OU=AAS HIT,' + tmpOU
> break
> case 'ASIM':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'ASGA':
> tmpOU = 'OU=AAD,' + tmpOU
> break
> case 'ASGT':
> tmpOU = 'OU=DST,' + tmpOU
> break
> case 'BSHM':
> tmpOU = 'OU=BSHM,' + tmpOU
> break
> case 'CT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'GEN':
> tmpOU = 'OU=GENED,' + tmpOU
> break
> case 'LVRN':
> tmpOU = 'OU=LVRN,' + tmpOU
> break
> case 'MO':
> tmpOU = 'OU=LVRN,' + tmpOU
> break
> case 'MRI':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'AAD':
> tmpOU = 'OU=AAD,' + tmpOU
> break
> case 'ND':
> tmpOU = 'OU=DPN,' + tmpOU
> break
> case 'RT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'ST':
> tmpOU = 'OU=DST,' + tmpOU
> break
> case 'PO':
> tmpOU = 'OU=PNP,' + tmpOU
> break
> case 'PN':
> tmpOU = 'OU=DPN,' + tmpOU
> break
> case 'BSN':
> tmpOU = 'OU=BSN,' + tmpOU
> break
> case 'VT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'SO':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'VN':
> tmpOU = 'OU=DVN,' + tmpOU
> break
> default:
> tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
> }
> return tmpOU
> </code>
> </script>
> </expression>
> </q:equal>
> </filter>
> </assignmentTargetSearch>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> </mapping>
>
> Haven't tested it; but it should work.
>
> Best regards,
> Pavol
>
>
> On 15. 1. 2015 16:39, Jason Everling wrote:
>
> Ok thanks for the update,
>
> I am not sure though what you mean by duplicate code? Are you saying in
> the objectTemplate mapping add another email address mapping so that it
> would be something like this?
>
> <mapping>
> <source>
> <path>$user/name</path>
> </source>
> <expression>
> <script>
> <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
> <code>name + '@domain.com'</code>
> </script>
> </expression>
> <target>
> <path>emailAddress</path>
> </target>
> </mapping>
>
> <mapping>
> <source>
> <path>$user/name</path>
> </source>
> <expression>
> <script>
> <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
> <code>name + '@domain.com'</code>
> </script>
> </expression>
> <target>
> <path>emailAddress</path>
> </target>
> </mapping>
>
>
> JASON
>
> On Thu, Jan 15, 2015 at 9:18 AM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Jason,
>>
>> just before Christmas vacation, I've been looking at this issue. The
>> problem is in the chaining of mappings in the object template. In your
>> case, *name* is generated by the first mapping and then used for
>> computation of *emailAddress*. In a similar way, *organization* is
>> generated and then used to compute *assignment*.
>>
>> MidPoint does not support such a chaining in the current version. If it
>> works in some cases, it is more by chance than by design. I've created a
>> jira issue for that: https://jira.evolveum.com/browse/MID-2149.
>> Hopefully we'll fix that in 3.2.
>>
>> Fortunately, there is a simple (yet a bit ugly) workaround: duplicate
>> your code so that no mapping would depend on another.
>>
>> Best regards,
>> Pavol
>>
>>
>> On 10. 12. 2014 17:27, Jason Everling wrote:
>>
>> Almost toward the end of the log part, I see this
>>
>> ---[ EXECUTED delta of UserType ]---------------------
>> Channel:
>> http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync
>> Wave: 1
>>
>> ObjectDelta<UserType>(UserType:ab907de7-4302-47ef-8003-36959fc842ef,MODIFY):
>> emailAddress
>> REPLACE: null at domain.com
>>
>> On Wed, Dec 10, 2014 at 10:13 AM, Jason Everling <jeverling at bshp.edu>
>> wrote:
>>
>>> So I disabled or removed that template from the resource reactions, I
>>> set it as the default template is sysconfig.
>>>
>>> It still does it, <emailAddress>null at domain.com</emailAddress>
>>> seems to be affected,
>>>
>>> Wierd though, I turned on debugging,
>>>
>>> It shows the attribute being created correctly, you can see from the
>>> log but in the gui and in the user xml it is null at domain.com
>>>
>>>
>>> ObjectDelta<UserType>(UserType:ab907de7-4302-47ef-8003-36959fc842ef,ADD):
>>> user: (ab907de7-4302-47ef-8003-36959fc842ef, v0, UserType)
>>> extension:
>>> otherMailbox: [ hhernandez at local.org ]
>>> eduPersonAffiliation: [ student ]
>>> givenName: Herman
>>> familyName: Hernandes
>>> costCenter: PN
>>> employeeNumber: HE5019982
>>> credentials:
>>> password:
>>> value:
>>> ProtectedStringType(encrypted=EncryptedDataType(encryptionMethod=EncryptionMethodType(algorithm=
>>> http://www.w3.org/2001/04/xmlenc#aes128-cbc),
>>> keyInfo=KeyInfoType(keyName=HiCJvCmeUCWoiEl3d+uXyd2VeYs=),
>>> cipherData=CipherDataType(cipherValue=[32 bytes])))
>>> activation:
>>> administrativeStatus: ENABLED
>>> effectiveStatus: ENABLED
>>> enableTimestamp: 2014-12-10T10:07:21.502-06:00
>>> emailAddress: hehernandes at domain.com
>>> name: hehernandes
>>> employeeType: [ A2S ]
>>> locale: US
>>> organization: [ OU=DPN,OU=SHP Students,DC=TEST,DC=LOCAL ]
>>> locality: San Antonio
>>> fullName: Herman Hernandes
>>> iteration: 0
>>>
>>> On Wed, Dec 10, 2014 at 9:46 AM, Ivan Noris <ivan.noris at evolveum.com>
>>> wrote:
>>>
>>>> Jason,
>>>>
>>>> I believe I have seen this couple of weeks ago when debugging the
>>>> iterator problem... seems that I've forgotten about this.
>>>>
>>>> But as far I can remember, it has worked when the mapping was in global
>>>> system template instead of the resource-referenced.
>>>>
>>>> If you can temporarily disable using of the template in resource and
>>>> set the same template in System Configuration for UserType objects, can you
>>>> please test the behaviour?
>>>>
>>>> Anyway it seems to be a bug, so after you could confirm the behaviour,
>>>> I'd create a new issue.
>>>>
>>>> Thanks,
>>>> I.
>>>>
>>>>
>>>> On 12/10/2014 04:32 PM, Jason Everling wrote:
>>>>
>>>> Since I upgraded to 3.1 and I am not sure if this is related to the
>>>> other CSV Resource issue.
>>>>
>>>> Here is the mapping for the template, it worked fine in 3.0.1 so I do
>>>> not know if anything changed, the email address is built using name + '@
>>>> domain.com' but when the user is created I get null at domain.com, like
>>>> it is not picking up the username from the first mapping
>>>>
>>>> <mapping>
>>>> <name>Generate Username for CSV</name>
>>>> <source>
>>>> <name>tmpGivenName</name>
>>>> <path>givenName</path>
>>>> </source>
>>>> <source>
>>>> <name>tmpFamilyName</name>
>>>> <path>familyName</path>
>>>> </source>
>>>> <!-- Will generate username in the filastname format with
>>>> iterator,
>>>> filastname
>>>> filastname2
>>>> -->
>>>> <expression>
>>>> <script>
>>>> <code>
>>>> tmpGivenNameInitial =
>>>> basic.stringify(tmpGivenName)?.size() > 0 ?
>>>> (basic.stringify(tmpGivenName)).substring(0,2) : ''
>>>> if (iteration == 0) {
>>>> basic.norm(basic.stringify(tmpGivenNameInitial +
>>>> tmpFamilyName))
>>>> }
>>>> else {
>>>> basic.norm(basic.stringify(tmpGivenNameInitial +
>>>> tmpFamilyName)) + iterationToken
>>>> }
>>>> </code>
>>>> </script>
>>>> </expression>
>>>> <target>
>>>> <path>name</path>
>>>> </target>
>>>> </mapping>
>>>>
>>>> <iteration>
>>>> <maxIterations>25</maxIterations>
>>>> <tokenExpression>
>>>> <script>
>>>> <code>
>>>> if (iteration == 0) {
>>>> return "";
>>>> } else {
>>>> return "" + (iteration+1)
>>>> }
>>>> </code>
>>>> </script>
>>>> </tokenExpression>
>>>> </iteration>
>>>>
>>>> <mapping>
>>>> <source>
>>>> <path>$user/name</path>
>>>> </source>
>>>> <expression>
>>>> <script>
>>>> <language>
>>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>>> </language>
>>>> <code>name + '@domain.com'</code>
>>>> </script>
>>>> </expression>
>>>> <target>
>>>> <path>emailAddress</path>
>>>> </target>
>>>> </mapping>
>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>> --
>>>> Ing. Ivan Noris
>>>> Senior Identity Management Engineer
>>>> evolveum.com evolveum.com/blog/
>>>> _____________________________________________
>>>> "Semper Id(e)M Vix."
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail are those of the
author and do not represent those of the Baptist School of Health
Professions. If you have received this e-mail in error, or are not the
named recipient(s), you are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited by the sender
and to do so might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150115/d64b9c55/attachment.htm>
More information about the midPoint
mailing list