[midPoint] iterationToken in Object Template
Martin Marchese
mmarchese at identicum.com
Thu Jun 23 16:59:13 CEST 2016
To clarify, we are facing 2 different problems:
- Defining emailAddress as unique within the MidPoint schema (is this
possible?), to get MidPoint return an error whenever the emailAddress
already exists.
- Generating an unique emailAddress from the objectTemplate, but not the
username.
Thanks in Advance
*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com
On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese <mmarchese at identicum.com>
wrote:
> Thanks Ivan,
>
> In fact, I just need to get uniqueness in the emailAddress (I've already
> have username uniqueness since it's a personal ID #). The emailAddress, has
> nothing to do with the username in our design. Is there another way to
> achieve a field uniqueness?
>
> Regards,
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi Martin,
>>
>> my guess is that you are using object template, where name is not
>> generated using iterationToken. I have searched our samples for the object
>> template you've pasted and found one - possibly the same.
>>
>> The iterationToken in emailAddress will be non-empty only if the iterator
>> was used to generate the unique name.
>> So, for example, if I tried to create one user called identicum01 (given:
>> John, family: Smith) and another user called identicum02 (given: John,
>> family: Smith), the usernames are unique, so the emailAddress attribute
>> will both contain empty iterationToken, which is indeed not expected. The
>> iterationToken is only used when you have configured the mapping for
>> user/name attribute to use it. And then you can use iterationToken also in
>> other mappings.
>>
>> If user/name is generated from given and family names, iterationToken
>> would be used for both user/name values, and the same value would then be
>> used in the emailAddress. The iterationToken is single-value attribute
>> stored in User object and triggered only if the username is not unique and
>> the mapping for user/name is using the iterationToken.
>>
>> See my attached object template; I've just tried it with the following
>> use case:
>> 1. create new user in midPoint, givenName: John, familyName: Smith,
>> password: whatever. No name attribute filled. Save.
>> Username JSmith was generated, emailAddress=JSmith at domain.com
>> 2. create new user in midPoint, givenName: John, familyName: Smith,
>> password: whatever. No name attribute filled. Save.
>> Username JSmith1 was generated, emailAddress=JSmith1 at domain.com
>>
>> I think this is what you were trying to achieve.
>> Of course you need to specify the mapping strength as normal or strong if
>> you wish to generate new user/name and user/emailAddress whenever user is
>> renamed. If you don't need this, and only wish to set it for the very first
>> time, weak is OK.
>>
>> See also https://jira.evolveum.com/browse/MID-1977
>>
>> Regards,
>> Ivan
>>
>> <objectTemplate xmlns=
>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>> xmlns:icfs=
>> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>> <http://prism.evolveum.com/xml/ns/public/types-3>
>> xmlns:c=
>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>> <http://prism.evolveum.com/xml/ns/public/query-3>
>> xmlns:ri=
>> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>> oid="c0c010c0-d34d-b33f-f00d-777222222333"
>> version="1">
>> <name>User Template CSV sync</name>
>> <description>
>> Alternative User Template Object.
>> This object is used when creating a new account, to set it up
>> as needed.
>> </description>
>> <metadata>
>> <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> type="c:UserType"><!-- administrator --></creatorRef>
>> <createChannel>
>> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>> </createChannel>
>> </metadata>
>> <iteration>
>> <maxIterations>10</maxIterations>
>> <tokenExpression>
>> <script>
>> <code>
>> if (iteration == 0) {
>> return "";
>> } else {
>> return ""+iteration;
>> }
>> </code>
>> </script>
>> </tokenExpression>
>> </iteration>
>> <mapping>
>> <description>
>> Property mapping.
>> Defines how properties of user object are set up.
>> This specific definition sets a full name as a
>> concatenation
>> of givenName and familyName.
>> </description>
>> <strength>weak</strength>
>> <source>
>> <c:path>$user/givenName</c:path>
>> </source>
>> <source>
>> <c:path>$user/familyName</c:path>
>> </source>
>> <expression>
>> <script>
>> <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>> <code>
>> givenName + ' ' +
>> familyName
>> </code>
>> </script>
>> </expression>
>> <target>
>> <c:path>fullName</c:path>
>> </target>
>> </mapping>
>> <mapping>
>> <strength>weak</strength>
>> <source>
>> <c:path>givenName</c:path>
>> </source>
>> <source>
>> <c:path>familyName</c:path>
>> </source>
>> <expression>
>> <script>
>> <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>> <code>
>> def givenNameStr = ''+givenName
>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>> + '@domain.com'
>> </code>
>> </script>
>> </expression>
>> <target>
>> <c:path>$user/emailAddress</c:path>
>> </target>
>> </mapping>
>> <mapping>
>> <strength>weak</strength>
>> <source>
>> <c:path>givenName</c:path>
>> </source>
>> <source>
>> <c:path>familyName</c:path>
>> </source>
>> <expression>
>> <script>
>> <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>> <code>
>> def givenNameStr = ''+givenName
>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>> </code>
>> </script>
>> </expression>
>> <target>
>> <c:path>$user/name</c:path>
>> </target>
>> </mapping>
>> </objectTemplate>
>>
>>
>> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>
>> Hi all,
>>
>> I have an Object Template for users, and since I need email to be unique,
>> I defined an iteration on it:
>>
>> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
>> * <name>User Template CSV sync</name>*
>> * <iteration>*
>> * <maxIterations>10</maxIterations>*
>> * <tokenExpression>*
>> * <script>*
>> * <code>*
>> * if (iteration == 0) {*
>> * return "";*
>> * } else {*
>> * return ""+iteration;*
>> * }*
>> * </code>*
>> * </script>*
>> * </tokenExpression>*
>> * </iteration>*
>> *...*
>> *...*
>>
>> And then within the emailAddress mapping:
>>
>> <mapping>
>> <strength>weak</strength>
>> <source>
>> <path>givenName</path>
>> </source>
>> <source>
>> <path>familyName</path>
>> </source>
>> <expression>
>> <script>
>> <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>> <code>
>> def givenNameStr = ''+givenName
>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>> + '@domain.com'
>> </code>
>> </script>
>> </expression>
>> <target>
>> <path>$user/emailAddress</path>
>> </target>
>> </mapping>
>>
>> The problem is that whenever I create a user, the email is always being
>> set as if the iterationToken is '' and this result on duplicate
>> emailAddress attribute among users.
>>
>> Is there something I'm doing wrong?
>>
>> Thanks in Advance
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com
>> www.identicum.com
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer & IDM Architect
>> evolveum.com evolveum.com/blog/
>> ___________________________________________________
>> "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/f8a45eb3/attachment.htm>
More information about the midPoint
mailing list