[midPoint] iterationToken in Object Template

Ivan Noris ivan.noris at evolveum.com
Thu Jun 23 08:23:45 CEST 2016


Hi Martin,

my guess is that you are using object template, where name is not
generated using iterationToken. I have searched our samples for the
object template you've pasted and found one - possibly the same.

The iterationToken in emailAddress will be non-empty only if the
iterator was used to generate the unique name.
So, for example, if I tried to create one user called identicum01
(given: John, family: Smith) and another user called identicum02 (given:
John, family: Smith), the usernames are unique, so the emailAddress
attribute will both contain empty iterationToken, which is indeed not
expected. The iterationToken is only used when you have configured the
mapping for user/name attribute to use it. And then you can use
iterationToken also in other mappings.

If user/name is generated from given and family names, iterationToken
would be used for both user/name values, and the same value would then
be used in the emailAddress. The iterationToken is single-value
attribute stored in User object and triggered only if the username is
not unique and the mapping for user/name is using the iterationToken.

See my attached object template; I've just tried it with the following
use case:
1. create new user in midPoint, givenName: John, familyName: Smith,
password: whatever. No name attribute filled. Save.
Username JSmith was generated, emailAddress=JSmith at domain.com
2. create new user in midPoint, givenName: John, familyName: Smith,
password: whatever. No name attribute filled. Save.
Username JSmith1 was generated, emailAddress=JSmith1 at domain.com

I think this is what you were trying to achieve.
Of course you need to specify the mapping strength as normal or strong
if you wish to generate new user/name and user/emailAddress whenever
user is renamed. If you don't need this, and only wish to set it for the
very first time, weak is OK.

See also https://jira.evolveum.com/browse/MID-1977

Regards,
Ivan

<objectTemplate
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
               
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
                xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
               
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
               
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
                oid="c0c010c0-d34d-b33f-f00d-777222222333"
                version="1">
   <name>User Template CSV sync</name>
   <description>
            Alternative User Template Object.
            This object is used when creating a new account, to set it
up as needed.
                </description>
   <metadata>
      <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
      <creatorRef oid="00000000-0000-0000-0000-000000000002"
type="c:UserType"><!-- administrator --></creatorRef>
     
<createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
   </metadata>
   <iteration>
      <maxIterations>10</maxIterations>
      <tokenExpression>
         <script>
            <code>
          if (iteration == 0) {
            return "";
          } else {
            return ""+iteration;
          }
        </code>
         </script>
      </tokenExpression>
   </iteration>
   <mapping>
      <description>
                Property mapping.
                Defines how properties of user object are set up.
                This specific definition sets a full name as a concatenation
                of givenName and familyName.
                        </description>
      <strength>weak</strength>
      <source>
         <c:path>$user/givenName</c:path>
      </source>
      <source>
         <c:path>$user/familyName</c:path>
      </source>
      <expression>
         <script>
           
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
            <code>
                                                givenName + ' ' + familyName
                                        </code>
         </script>
      </expression>
      <target>
         <c:path>fullName</c:path>
      </target>
   </mapping>
   <mapping>
      <strength>weak</strength>
      <source>
         <c:path>givenName</c:path>
      </source>
      <source>
         <c:path>familyName</c:path>
      </source>
      <expression>
         <script>
           
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
            <code>
          def givenNameStr = ''+givenName
          givenNameStr.substring(0,1) + '' + familyName + iterationToken
+ '@domain.com'
        </code>
         </script>
      </expression>
      <target>
         <c:path>$user/emailAddress</c:path>
      </target>
   </mapping>
   <mapping>
      <strength>weak</strength>
      <source>
         <c:path>givenName</c:path>
      </source>
      <source>
         <c:path>familyName</c:path>
      </source>
      <expression>
         <script>
           
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
            <code>
          def givenNameStr = ''+givenName
          givenNameStr.substring(0,1) + '' + familyName + iterationToken
        </code>
         </script>
      </expression>
      <target>
         <c:path>$user/name</c:path>
      </target>
   </mapping>
</objectTemplate>

On 06/22/2016 07:03 PM, Martin Marchese wrote:
> Hi all,
>
> I have an Object Template for users, and since I need email to be
> unique, I defined an iteration on it:
>
> /<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">/
> /  <name>User Template CSV sync</name>/
> /  <iteration>/
> /    <maxIterations>10</maxIterations>/
> /    <tokenExpression>/
> /      <script>/
> /        <code>/
> /          if (iteration == 0) {/
> /            return "";/
> /          } else {/
> /            return ""+iteration;/
> /          }/
> /        </code>/
> /      </script>/
> /    </tokenExpression>/
> /  </iteration>/
> /.../
> /.../
> /
> /
> And then within the emailAddress mapping:
>
> <mapping>
>     <strength>weak</strength>
>     <source>
>       <path>givenName</path>
>     </source>
>     <source>
>       <path>familyName</path>
>     </source>
>     <expression>
>       <script>
>        
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>         <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName +
> iterationToken + '@domain.com <http://domain.com>'
>         </code>
>       </script>
>     </expression>
>     <target>
>       <path>$user/emailAddress</path>
>     </target>
>   </mapping>
>
> The problem is that whenever I create a user, the email is always
> being set as if the iterationToken is '' and this result on duplicate
> emailAddress attribute among users.
>
> Is there something I'm doing wrong?
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/c143c233/attachment.htm>


More information about the midPoint mailing list