[midPoint] HA: Can't generate unique username while importing from resource
Алексей Ващенков
a.vashchenkov at solarsecurity.ru
Tue May 12 12:17:52 CEST 2015
I understend that it must be inbound mappings in resource configuration. Here it is.
<schemaHandling>
<objectType>
<kind>account</kind>
<displayName>Пользователь</displayName>
<default>true</default>
<objectClass xmlns:qn761="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn761:AccountObjectClass</objectClass>
<attribute>
<ref xmlns:schemaRef="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">schemaRef:uid</ref>
<displayName>Идентификатор</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>true</tolerant>
<inbound>
<name>Идентификатор</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/employeeNumber</c:path>
</target>
</inbound>
</attribute>
<attribute>
<ref xmlns:qn936="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn936:last_name</ref>
<displayName>Фамилия</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>true</tolerant>
<inbound>
<name>Фамилия</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/familyName</c:path>
</target>
</inbound>
</attribute>
<attribute>
<ref xmlns:qn969="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn969:middle_name</ref>
<displayName>Отчество</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>true</tolerant>
<inbound>
<name>Отчество</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/additionalName</c:path>
</target>
</inbound>
</attribute>
<attribute>
<ref xmlns:qn652="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn652:first_name</ref>
<displayName>Имя</displayName>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>true</tolerant>
<inbound>
<name>Имя</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/givenName</c:path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
In my case all the records in DB contains nonnull three columns first_name, last_name and middle_name.
It seems if I set order to *before*, in this case attributes givenName, familyName, and additionalName is not set when user instance is creating. And in generation method they are comming sa nulls.
________________________________________
От: midPoint [midpoint-bounces at lists.evolveum.com] от имени Ivan Noris [ivan.noris at evolveum.com]
Отправлено: 12 мая 2015 г. 12:15
Кому: midpoint at lists.evolveum.com
Тема: Re: [midPoint] Can't generate unique username while importing from resource
Hi Alexej,
in object template you can only use midPoint (user) attributes.
So, please check that you first define inbound mappings for your
firstname, lastname, additionalname attributes and then you use them in
object templates.
So the point is, you first have the attributes in user object (in
memory, because it's being created at the same time) and object template
can use them to generate user's name attribute.
The problem may be caused by your second question regarding correlation
- there is no correlation expression defined in your code. Please see
any of our resource examples with "-sync" in name. E.g.:
. . .
<correlation>
<q:description>
Correlation rule for default accounts where
userPrincipalName matches $user/name in midPoint
</q:description>
<q:equal>
<q:matching>polyStringNorm</q:matching>
<q:path>c:name</q:path>
<expression>
<description>Matches using
userPrincipalName</description>
<path>
declare namespace
ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
$account/attributes/ri:userPrincipalName
</path>
</expression>
</q:equal>
</correlation>
. . .
Regards,
Ivan
On 05/12/2015 10:25 AM, Алексей Ващенков wrote:
> Hello. I've configuared resource with next syncronization block.
> <synchronization>
> <objectSynchronization>
> <name>Sync account</name>
> <objectClass xmlns:qn835="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn835:AccountObjectClass</objectClass>
> <kind>account</kind>
> <focusType>UserType</focusType>
> <enabled>true</enabled>
> <reconcile>true</reconcile>
> <opportunistic>false</opportunistic>
> <reaction>
> <name>Add user</name>
> <situation>unmatched</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> <action>
> <name>Add user</name>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
> <order>before</order>
> <objectTemplateRef oid="4e7290dd-2fd3-4559-a6bc-aeae11da608c"/>
> </action>
> </reaction>
> <reaction>
> <name>Synchronize</name>
> <situation>linked</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> </reaction>
> </objectSynchronization>
> </synchronization>
> And I have next template object
> <objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> oid="c0c010c0-d34d-b33f-f00d-777222222334"
> version="19">
> <name>Инициализация пользователя</name>
> <description>
> </description>
> <metadata>
> <createTimestamp>2015-05-08T12:08:08.644+03:00</createTimestamp>
> <creatorRef oid="00000000-0000-0000-0000-000000000002" type="UserType"><!-- administrator --></creatorRef>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
> </metadata>
> <iteration>
> <maxIterations>9999</maxIterations>
> </iteration>
> <mapping>
> <source>
> <name>familyName</name>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/familyName</c:path>
> </source>
> <source>
> <name>givenName</name>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/givenName</c:path>
> </source>
> <source>
> <name>additionalName</name>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/additionalName</c:path>
> </source>
> <expression>
> <script>
> <code>import com.evolveum.midpoint.common.policy.StringPolicyUtils;
> StringPolicyUtils.transliterateFullName(givenName, familyName, additionalName) +iteration
> </code>
> </script>
> </expression>
> <target>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/name</c:path>
> </target>
> </mapping>
> </objectTemplate>
> If I use order set to before, then I have givenName, familyName, additionalName all are null. If I set order to after, then I have warning Correlation rule for resource 'resource:f01e18f2-3d14-4c25-bea0-268c209f1091(???????????? ? HR)' doesn't contain query, returning empty list of users.
>
> How can I properly configure generating username?
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list