[midPoint] iterationToken in Object Template

Martin Marchese mmarchese at identicum.com
Thu Jun 23 16:00:08 CEST 2016


Thanks Ivan,

In fact, I just need to get uniqueness in the emailAddress (I've already
have username uniqueness since it's a personal ID #). The emailAddress, has
nothing to do with the username in our design. Is there another way to
achieve a field uniqueness?

Regards,

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com

On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris <ivan.noris at evolveum.com> wrote:

> Hi Martin,
>
> my guess is that you are using object template, where name is not
> generated using iterationToken. I have searched our samples for the object
> template you've pasted and found one - possibly the same.
>
> The iterationToken in emailAddress will be non-empty only if the iterator
> was used to generate the unique name.
> So, for example, if I tried to create one user called identicum01 (given:
> John, family: Smith) and another user called identicum02 (given: John,
> family: Smith), the usernames are unique, so the emailAddress attribute
> will both contain empty iterationToken, which is indeed not expected. The
> iterationToken is only used when you have configured the mapping for
> user/name attribute to use it. And then you can use iterationToken also in
> other mappings.
>
> If user/name is generated from given and family names, iterationToken
> would be used for both user/name values, and the same value would then be
> used in the emailAddress. The iterationToken is single-value attribute
> stored in User object and triggered only if the username is not unique and
> the mapping for user/name is using the iterationToken.
>
> See my attached object template; I've just tried it with the following use
> case:
> 1. create new user in midPoint, givenName: John, familyName: Smith,
> password: whatever. No name attribute filled. Save.
> Username JSmith was generated, emailAddress=JSmith at domain.com
> 2. create new user in midPoint, givenName: John, familyName: Smith,
> password: whatever. No name attribute filled. Save.
> Username JSmith1 was generated, emailAddress=JSmith1 at domain.com
>
> I think this is what you were trying to achieve.
> Of course you need to specify the mapping strength as normal or strong if
> you wish to generate new user/name and user/emailAddress whenever user is
> renamed. If you don't need this, and only wish to set it for the very first
> time, weak is OK.
>
> See also https://jira.evolveum.com/browse/MID-1977
>
> Regards,
> Ivan
>
> <objectTemplate xmlns=
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>                 xmlns:icfs=
> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>                 xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
>                 xmlns:c=
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>                 xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3>
>                 xmlns:ri=
> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>                 oid="c0c010c0-d34d-b33f-f00d-777222222333"
>                 version="1">
>    <name>User Template CSV sync</name>
>    <description>
>             Alternative User Template Object.
>             This object is used when creating a new account, to set it up
> as needed.
>                 </description>
>    <metadata>
>       <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"><!-- administrator --></creatorRef>
>       <createChannel>
> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
> </createChannel>
>    </metadata>
>    <iteration>
>       <maxIterations>10</maxIterations>
>       <tokenExpression>
>          <script>
>             <code>
>           if (iteration == 0) {
>             return "";
>           } else {
>             return ""+iteration;
>           }
>         </code>
>          </script>
>       </tokenExpression>
>    </iteration>
>    <mapping>
>       <description>
>                 Property mapping.
>                 Defines how properties of user object are set up.
>                 This specific definition sets a full name as a
> concatenation
>                 of givenName and familyName.
>                         </description>
>       <strength>weak</strength>
>       <source>
>          <c:path>$user/givenName</c:path>
>       </source>
>       <source>
>          <c:path>$user/familyName</c:path>
>       </source>
>       <expression>
>          <script>
>             <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>             <code>
>                                                 givenName + ' ' +
> familyName
>                                         </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>fullName</c:path>
>       </target>
>    </mapping>
>    <mapping>
>       <strength>weak</strength>
>       <source>
>          <c:path>givenName</c:path>
>       </source>
>       <source>
>          <c:path>familyName</c:path>
>       </source>
>       <expression>
>          <script>
>             <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>             <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName + iterationToken +
> '@domain.com'
>         </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>$user/emailAddress</c:path>
>       </target>
>    </mapping>
>    <mapping>
>       <strength>weak</strength>
>       <source>
>          <c:path>givenName</c:path>
>       </source>
>       <source>
>          <c:path>familyName</c:path>
>       </source>
>       <expression>
>          <script>
>             <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>             <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>         </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>$user/name</c:path>
>       </target>
>    </mapping>
> </objectTemplate>
>
>
> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>
> Hi all,
>
> I have an Object Template for users, and since I need email to be unique,
> I defined an iteration on it:
>
> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
> *  <name>User Template CSV sync</name>*
> *  <iteration>*
> *    <maxIterations>10</maxIterations>*
> *    <tokenExpression>*
> *      <script>*
> *        <code>*
> *          if (iteration == 0) {*
> *            return "";*
> *          } else {*
> *            return ""+iteration;*
> *          }*
> *        </code>*
> *      </script>*
> *    </tokenExpression>*
> *  </iteration>*
> *...*
> *...*
>
> And then within the emailAddress mapping:
>
> <mapping>
>     <strength>weak</strength>
>     <source>
>       <path>givenName</path>
>     </source>
>     <source>
>       <path>familyName</path>
>     </source>
>     <expression>
>       <script>
>         <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>         <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName + iterationToken +
> '@domain.com'
>         </code>
>       </script>
>     </expression>
>     <target>
>       <path>$user/emailAddress</path>
>     </target>
>   </mapping>
>
> The problem is that whenever I create a user, the email is always being
> set as if the iterationToken is '' and this result on duplicate
> emailAddress attribute among users.
>
> Is there something I'm doing wrong?
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/faca4607/attachment.htm>


More information about the midPoint mailing list