[midPoint] 3.1 SNAPSHOT, Username Generation
Pavol Mederly
pavol.mederly at gmail.com
Thu Jan 15 17:52:46 CET 2015
On 15. 1. 2015 17:29, Jason Everling wrote:
> I see now, I need to go through other templates also and do this, I
> looked at a few others and I am chaining all over the place for other
> resources and it seems to be working for those but as you say it might
> now work at times.
>
> Thanks!
> JASON
I admit it is really ugly (code duplication is always bad). But
hopefully we'll fix it at most in 3.2.
Pavol
>
> On Thu, Jan 15, 2015 at 9:57 AM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Not exactly.
>
> I mean keeping the mapping that *computes* name property, i.e.
>
>
> <mapping>
> <name>Generate Username for CSV</name>
> <source>
> <name>tmpGivenName</name>
> <path>givenName</path>
> </source>
> <source>
> <name>tmpFamilyName</name>
> <path>familyName</path>
> </source>
> <!-- Will generate username in the filastname format with
> iterator,
> filastname
> filastname2
> -->
> <expression>
> <script>
> <code>
> tmpGivenNameInitial =
> basic.stringify(tmpGivenName)?.size() > 0 ?
> (basic.stringify(tmpGivenName)).substring(0,2) : ''
> if (iteration == 0) {
> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName))
> }
> else {
> basic.norm(basic.stringify(tmpGivenNameInitial + tmpFamilyName)) +
> iterationToken
> }
> </code>
> </script>
> </expression>
> <target>
> <path>name</path>
> </target>
> </mapping>
>
> And changing the mapping that *uses* the name property to compute
> emailAddress so that it would compute it from existing sources
> (givenName, familyName) by duplicating the code from the first
> mapping:
>
> <mapping>
> * <source>
> <name>tmpGivenName</name>
> <path>givenName</path>
> </source>
> <source>
> <name>tmpFamilyName</name>
> <path>familyName</path>
> </source>
> <expression>
> <script>
> <code>
> tmpGivenNameInitial =
> basic.stringify(tmpGivenName)?.size() > 0 ?
> (basic.stringify(tmpGivenName)).substring(0,2) : ''
> if (iteration == 0) {
> name = basic.norm(basic.stringify(tmpGivenNameInitial +
> tmpFamilyName))
> }
> else {
> name = basic.norm(basic.stringify(tmpGivenNameInitial +
> tmpFamilyName)) + iterationToken
> }
> * *name + '@bshp.edu <http://bshp.edu>'*
> </script>
> </expression>
> <target>
> <path>emailAddress</path>
> </target>
> </mapping>
>
> Green is the copied - and slightly changed - code, red is the code
> from the email address mapping.
>
> The same - but slightly more complicated - should be done for
> Assign Organization mapping, which would then look like this:
> (again, the duplicated code show in green)
>
> <mapping>
> <source>
> <path>costCenter</path>
> </source>
> <expression>
> <assignmentTargetSearch>
> <targetType>c:OrgType</targetType>
> <filter>
> <q:equal>
> <q:path>name</q:path>
> <expression>
> <script>
> <code>
> tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
> switch (costCenter) {
> case 'ASHIT':
> tmpOU = 'OU=AAS HIT,' + tmpOU
> break
> case 'ASIM':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'ASGA':
> tmpOU = 'OU=AAD,' + tmpOU
> break
> case 'ASGT':
> tmpOU = 'OU=DST,' + tmpOU
> break
> case 'BSHM':
> tmpOU = 'OU=BSHM,' + tmpOU
> break
> case 'CT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'GEN':
> tmpOU = 'OU=GENED,' + tmpOU
> break
> case 'LVRN':
> tmpOU = 'OU=LVRN,' + tmpOU
> break
> case 'MO':
> tmpOU = 'OU=LVRN,' + tmpOU
> break
> case 'MRI':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'AAD':
> tmpOU = 'OU=AAD,' + tmpOU
> break
> case 'ND':
> tmpOU = 'OU=DPN,' + tmpOU
> break
> case 'RT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'ST':
> tmpOU = 'OU=DST,' + tmpOU
> break
> case 'PO':
> tmpOU = 'OU=PNP,' + tmpOU
> break
> case 'PN':
> tmpOU = 'OU=DPN,' + tmpOU
> break
> case 'BSN':
> tmpOU = 'OU=BSN,' + tmpOU
> break
> case 'VT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'SO':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'VN':
> tmpOU = 'OU=DVN,' + tmpOU
> break
> default:
> tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
> }
> return tmpOU
> </code>
> </script>
> </expression>
> </q:equal>
> </filter>
> </assignmentTargetSearch>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> </mapping>
>
> Haven't tested it; but it should work.
>
> Best regards,
> Pavol
>
>
> On 15. 1. 2015 16:39, Jason Everling wrote:
>> Ok thanks for the update,
>>
>> I am not sure though what you mean by duplicate code? Are you
>> saying in the objectTemplate mapping add another email address
>> mapping so that it would be something like this?
>>
>> <mapping>
>> <source>
>> <path>$user/name</path>
>> </source>
>> <expression>
>> <script>
>>
>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>> <code>name + '@domain.com <http://domain.com>'</code>
>> </script>
>> </expression>
>> <target>
>> <path>emailAddress</path>
>> </target>
>> </mapping>
>>
>> <mapping>
>> <source>
>> <path>$user/name</path>
>> </source>
>> <expression>
>> <script>
>>
>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>> <code>name + '@domain.com <http://domain.com>'</code>
>> </script>
>> </expression>
>> <target>
>> <path>emailAddress</path>
>> </target>
>> </mapping>
>>
>>
>> JASON
>>
>> On Thu, Jan 15, 2015 at 9:18 AM, Pavol Mederly
>> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>> Hello Jason,
>>
>> just before Christmas vacation, I've been looking at this
>> issue. The problem is in the chaining of mappings in the
>> object template. In your case, *name* is generated by the
>> first mapping and then used for computation of
>> *emailAddress*. In a similar way, *organization* is generated
>> and then used to compute *assignment*.
>>
>> MidPoint does not support such a chaining in the current
>> version. If it works in some cases, it is more by chance than
>> by design. I've created a jira issue for that:
>> https://jira.evolveum.com/browse/MID-2149. Hopefully we'll
>> fix that in 3.2.
>>
>> Fortunately, there is a simple (yet a bit ugly) workaround:
>> duplicate your code so that no mapping would depend on another.
>>
>> Best regards,
>> Pavol
>>
>>
>> On 10. 12. 2014 17:27, Jason Everling wrote:
>>> Almost toward the end of the log part, I see this
>>>
>>> ---[ EXECUTED delta of UserType ]---------------------
>>> Channel:
>>> http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync
>>> Wave: 1
>>> ObjectDelta<UserType>(UserType:ab907de7-4302-47ef-8003-36959fc842ef,MODIFY):
>>> emailAddress
>>> REPLACE: null at domain.com <mailto:null at domain.com>
>>>
>>> On Wed, Dec 10, 2014 at 10:13 AM, Jason Everling
>>> <jeverling at bshp.edu <mailto:jeverling at bshp.edu>> wrote:
>>>
>>> So I disabled or removed that template from the resource
>>> reactions, I set it as the default template is sysconfig.
>>>
>>> It still does it, <emailAddress>null at domain.com
>>> <mailto:null at domain.com></emailAddress> seems to be
>>> affected,
>>>
>>> Wierd though, I turned on debugging,
>>>
>>> It shows the attribute being created correctly, you can
>>> see from the log but in the gui and in the user xml it
>>> is null at domain.com <mailto:null at domain.com>
>>>
>>> ObjectDelta<UserType>(UserType:ab907de7-4302-47ef-8003-36959fc842ef,ADD):
>>> user: (ab907de7-4302-47ef-8003-36959fc842ef, v0, UserType)
>>> extension:
>>> otherMailbox: [ hhernandez at local.org
>>> <mailto:hhernandez at local.org> ]
>>> eduPersonAffiliation: [ student ]
>>> givenName: Herman
>>> familyName: Hernandes
>>> costCenter: PN
>>> employeeNumber: HE5019982
>>> credentials:
>>> password:
>>> value:
>>> ProtectedStringType(encrypted=EncryptedDataType(encryptionMethod=EncryptionMethodType(algorithm=http://www.w3.org/2001/04/xmlenc#aes128-cbc),
>>> keyInfo=KeyInfoType(keyName=HiCJvCmeUCWoiEl3d+uXyd2VeYs=),
>>> cipherData=CipherDataType(cipherValue=[32 bytes])))
>>> activation:
>>> administrativeStatus: ENABLED
>>> effectiveStatus: ENABLED
>>> enableTimestamp: 2014-12-10T10:07:21.502-06:00
>>> emailAddress: hehernandes at domain.com
>>> <mailto:hehernandes at domain.com>
>>> name: hehernandes
>>> employeeType: [ A2S ]
>>> locale: US
>>> organization: [ OU=DPN,OU=SHP
>>> Students,DC=TEST,DC=LOCAL ]
>>> locality: San Antonio
>>> fullName: Herman Hernandes
>>> iteration: 0
>>>
>>> On Wed, Dec 10, 2014 at 9:46 AM, Ivan Noris
>>> <ivan.noris at evolveum.com
>>> <mailto:ivan.noris at evolveum.com>> wrote:
>>>
>>> Jason,
>>>
>>> I believe I have seen this couple of weeks ago when
>>> debugging the iterator problem... seems that I've
>>> forgotten about this.
>>>
>>> But as far I can remember, it has worked when the
>>> mapping was in global system template instead of the
>>> resource-referenced.
>>>
>>> If you can temporarily disable using of the template
>>> in resource and set the same template in System
>>> Configuration for UserType objects, can you please
>>> test the behaviour?
>>>
>>> Anyway it seems to be a bug, so after you could
>>> confirm the behaviour, I'd create a new issue.
>>>
>>> Thanks,
>>> I.
>>>
>>>
>>> On 12/10/2014 04:32 PM, Jason Everling wrote:
>>>> Since I upgraded to 3.1 and I am not sure if this
>>>> is related to the other CSV Resource issue.
>>>>
>>>> Here is the mapping for the template, it worked
>>>> fine in 3.0.1 so I do not know if anything changed,
>>>> the email address is built using name +
>>>> '@domain.com <http://domain.com>' but when the user
>>>> is created I get null at domain.com
>>>> <mailto:null at domain.com>, like it is not picking up
>>>> the username from the first mapping
>>>>
>>>> <mapping>
>>>> <name>Generate Username for CSV</name>
>>>> <source>
>>>> <name>tmpGivenName</name>
>>>> <path>givenName</path>
>>>> </source>
>>>> <source>
>>>> <name>tmpFamilyName</name>
>>>> <path>familyName</path>
>>>> </source>
>>>> <!-- Will generate username in the filastname
>>>> format with iterator,
>>>> filastname
>>>> filastname2
>>>> -->
>>>> <expression>
>>>> <script>
>>>> <code>
>>>> tmpGivenNameInitial =
>>>> basic.stringify(tmpGivenName)?.size() > 0 ?
>>>> (basic.stringify(tmpGivenName)).substring(0,2) : ''
>>>> if (iteration == 0) {
>>>> basic.norm(basic.stringify(tmpGivenNameInitial +
>>>> tmpFamilyName))
>>>> }
>>>> else {
>>>> basic.norm(basic.stringify(tmpGivenNameInitial +
>>>> tmpFamilyName)) + iterationToken
>>>> }
>>>> </code>
>>>> </script>
>>>> </expression>
>>>> <target>
>>>> <path>name</path>
>>>> </target>
>>>> </mapping>
>>>>
>>>> <iteration>
>>>> <maxIterations>25</maxIterations>
>>>> <tokenExpression>
>>>> <script>
>>>> <code>
>>>> if (iteration == 0) {
>>>> return "";
>>>> } else {
>>>> return "" + (iteration+1)
>>>> }
>>>> </code>
>>>> </script>
>>>> </tokenExpression>
>>>> </iteration>
>>>>
>>>> <mapping>
>>>> <source>
>>>> <path>$user/name</path>
>>>> </source>
>>>> <expression>
>>>> <script>
>>>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>>>> <code>name + '@domain.com <http://domain.com>'</code>
>>>> </script>
>>>> </expression>
>>>> <target>
>>>> <path>emailAddress</path>
>>>> </target>
>>>> </mapping>
>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is
>>>> proprietary and confidential; intended for only the
>>>> recipient(s) named above and may contain
>>>> information that is privileged. You should not
>>>> retain, copy or use this e-mail or any attachments
>>>> for any purpose, or disclose all or any part of the
>>>> contents to any person. Any views or opinions
>>>> expressed in this e-mail are those of the author
>>>> and do not represent those of the Baptist School of
>>>> Health Professions. If you have received this
>>>> e-mail in error, or are not the named recipient(s),
>>>> you are hereby notified that any review,
>>>> dissemination, distribution or copying of this
>>>> communication is prohibited by the sender and to do
>>>> so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section
>>>> 2510-2521. Please immediately notify the sender and
>>>> delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> --
>>> Ing. Ivan Noris
>>> Senior Identity Management Engineer
>>> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
>>> _____________________________________________
>>> "Semper Id(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above
>>> and may contain information that is privileged. You should
>>> not retain, copy or use this e-mail or any attachments for
>>> any purpose, or disclose all or any part of the contents to
>>> any person. Any views or opinions expressed in this e-mail
>>> are those of the author and do not represent those of the
>>> Baptist School of Health Professions. If you have received
>>> this e-mail in error, or are not the named recipient(s), you
>>> are hereby notified that any review, dissemination,
>>> distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of
>>> the Electronic Communications Privacy Act, 18 U.S.C. section
>>> 2510-2521. Please immediately notify the sender and delete
>>> this e-mail and any attachments from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150115/752a12be/attachment.htm>
More information about the midPoint
mailing list