[midPoint] iterationToken in Object Template
Jason Everling
jeverling at bshp.edu
Thu Jun 23 17:42:07 CEST 2016
We generate both email and username with iterationToken so it would not
apply to you but I did find the below, looks sort of like yours but also
has a few extra,
https://github.com/Evolveum/midpoint/blob/master/model/model-intest/src/test/resources/iteration/user-template-iteration-unique-email.xml
JASON
On Thu, Jun 23, 2016 at 9:59 AM, Martin Marchese <mmarchese at identicum.com>
wrote:
> To clarify, we are facing 2 different problems:
>
> - Defining emailAddress as unique within the MidPoint schema (is this
> possible?), to get MidPoint return an error whenever the emailAddress
> already exists.
>
> - Generating an unique emailAddress from the objectTemplate, but not the
> username.
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
> On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese <mmarchese at identicum.com
> > wrote:
>
>> Thanks Ivan,
>>
>> In fact, I just need to get uniqueness in the emailAddress (I've already
>> have username uniqueness since it's a personal ID #). The emailAddress, has
>> nothing to do with the username in our design. Is there another way to
>> achieve a field uniqueness?
>>
>> Regards,
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com
>> www.identicum.com
>>
>> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris <ivan.noris at evolveum.com>
>> wrote:
>>
>>> Hi Martin,
>>>
>>> my guess is that you are using object template, where name is not
>>> generated using iterationToken. I have searched our samples for the object
>>> template you've pasted and found one - possibly the same.
>>>
>>> The iterationToken in emailAddress will be non-empty only if the
>>> iterator was used to generate the unique name.
>>> So, for example, if I tried to create one user called identicum01
>>> (given: John, family: Smith) and another user called identicum02 (given:
>>> John, family: Smith), the usernames are unique, so the emailAddress
>>> attribute will both contain empty iterationToken, which is indeed not
>>> expected. The iterationToken is only used when you have configured the
>>> mapping for user/name attribute to use it. And then you can use
>>> iterationToken also in other mappings.
>>>
>>> If user/name is generated from given and family names, iterationToken
>>> would be used for both user/name values, and the same value would then be
>>> used in the emailAddress. The iterationToken is single-value attribute
>>> stored in User object and triggered only if the username is not unique and
>>> the mapping for user/name is using the iterationToken.
>>>
>>> See my attached object template; I've just tried it with the following
>>> use case:
>>> 1. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith was generated, emailAddress=JSmith at domain.com
>>> 2. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith1 was generated, emailAddress=JSmith1 at domain.com
>>>
>>> I think this is what you were trying to achieve.
>>> Of course you need to specify the mapping strength as normal or strong
>>> if you wish to generate new user/name and user/emailAddress whenever user
>>> is renamed. If you don't need this, and only wish to set it for the very
>>> first time, weak is OK.
>>>
>>> See also https://jira.evolveum.com/browse/MID-1977
>>>
>>> Regards,
>>> Ivan
>>>
>>> <objectTemplate xmlns=
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> xmlns:icfs=
>>> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>>> xmlns:t=
>>> "http://prism.evolveum.com/xml/ns/public/types-3"
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>> xmlns:c=
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> xmlns:q=
>>> "http://prism.evolveum.com/xml/ns/public/query-3"
>>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>> xmlns:ri=
>>> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>>> oid="c0c010c0-d34d-b33f-f00d-777222222333"
>>> version="1">
>>> <name>User Template CSV sync</name>
>>> <description>
>>> Alternative User Template Object.
>>> This object is used when creating a new account, to set it
>>> up as needed.
>>> </description>
>>> <metadata>
>>> <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>>> type="c:UserType"><!-- administrator --></creatorRef>
>>> <createChannel>
>>> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>>> </createChannel>
>>> </metadata>
>>> <iteration>
>>> <maxIterations>10</maxIterations>
>>> <tokenExpression>
>>> <script>
>>> <code>
>>> if (iteration == 0) {
>>> return "";
>>> } else {
>>> return ""+iteration;
>>> }
>>> </code>
>>> </script>
>>> </tokenExpression>
>>> </iteration>
>>> <mapping>
>>> <description>
>>> Property mapping.
>>> Defines how properties of user object are set up.
>>> This specific definition sets a full name as a
>>> concatenation
>>> of givenName and familyName.
>>> </description>
>>> <strength>weak</strength>
>>> <source>
>>> <c:path>$user/givenName</c:path>
>>> </source>
>>> <source>
>>> <c:path>$user/familyName</c:path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> givenName + ' ' +
>>> familyName
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <c:path>fullName</c:path>
>>> </target>
>>> </mapping>
>>> <mapping>
>>> <strength>weak</strength>
>>> <source>
>>> <c:path>givenName</c:path>
>>> </source>
>>> <source>
>>> <c:path>familyName</c:path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> def givenNameStr = ''+givenName
>>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <c:path>$user/emailAddress</c:path>
>>> </target>
>>> </mapping>
>>> <mapping>
>>> <strength>weak</strength>
>>> <source>
>>> <c:path>givenName</c:path>
>>> </source>
>>> <source>
>>> <c:path>familyName</c:path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> def givenNameStr = ''+givenName
>>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <c:path>$user/name</c:path>
>>> </target>
>>> </mapping>
>>> </objectTemplate>
>>>
>>>
>>> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>>
>>> Hi all,
>>>
>>> I have an Object Template for users, and since I need email to be
>>> unique, I defined an iteration on it:
>>>
>>> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
>>> * <name>User Template CSV sync</name>*
>>> * <iteration>*
>>> * <maxIterations>10</maxIterations>*
>>> * <tokenExpression>*
>>> * <script>*
>>> * <code>*
>>> * if (iteration == 0) {*
>>> * return "";*
>>> * } else {*
>>> * return ""+iteration;*
>>> * }*
>>> * </code>*
>>> * </script>*
>>> * </tokenExpression>*
>>> * </iteration>*
>>> *...*
>>> *...*
>>>
>>> And then within the emailAddress mapping:
>>>
>>> <mapping>
>>> <strength>weak</strength>
>>> <source>
>>> <path>givenName</path>
>>> </source>
>>> <source>
>>> <path>familyName</path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> def givenNameStr = ''+givenName
>>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <path>$user/emailAddress</path>
>>> </target>
>>> </mapping>
>>>
>>> The problem is that whenever I create a user, the email is always being
>>> set as if the iterationToken is '' and this result on duplicate
>>> emailAddress attribute among users.
>>>
>>> Is there something I'm doing wrong?
>>>
>>> Thanks in Advance
>>>
>>> *Ing. Martín Marchese*
>>> Identicum S.A.
>>> Anchorena 1357 PB
>>> Tel: +54 (11) 3526.5509
>>> mmarchese at identicum.com
>>> www.identicum.com
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>> Ing. Ivan Noris
>>> Senior Identity Management Engineer & IDM Architect
>>> evolveum.com evolveum.com/blog/
>>> ___________________________________________________
>>> "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail are those of the
author and do not represent those of the Baptist School of Health
Professions. If you have received this e-mail in error, or are not the
named recipient(s), you are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited by the sender
and to do so might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/52a12433/attachment.htm>
More information about the midPoint
mailing list