[midPoint] iterationToken in Object Template
Ivan Noris
ivan.noris at evolveum.com
Thu Jun 23 21:13:44 CEST 2016
Hi Martin,
the sample referenced by Jason should work for having unique
emailAddress attribute and not doing anything with user/name. I have not
used this combination in my projects.
For defining emailAddress as unique: maybe this blog could help:
https://evolveum.com/blog/unique-e-mail-address-value/
See the mapping "My object template: Validate emailAddress uniqueness".
MidPoint will throw an exception whenever the new value of emailAddress
attribute is already used in other midPoint user. It's quite ugly, but
it works.
Regards,
Ivan
On 06/23/2016 04:59 PM, Martin Marchese wrote:
> To clarify, we are facing 2 different problems:
>
> - Defining emailAddress as unique within the MidPoint schema (is this
> possible?), to get MidPoint return an error whenever the emailAddress
> already exists.
>
> - Generating an unique emailAddress from the objectTemplate, but not
> the username.
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
> On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese
> <mmarchese at identicum.com <mailto:mmarchese at identicum.com>> wrote:
>
> Thanks Ivan,
>
> In fact, I just need to get uniqueness in the emailAddress (I've
> already have username uniqueness since it's a personal ID #). The
> emailAddress, has nothing to do with the username in our design.
> Is there another way to achieve a field uniqueness?
>
> Regards,
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris
> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi Martin,
>
> my guess is that you are using object template, where name is
> not generated using iterationToken. I have searched our
> samples for the object template you've pasted and found one -
> possibly the same.
>
> The iterationToken in emailAddress will be non-empty only if
> the iterator was used to generate the unique name.
> So, for example, if I tried to create one user called
> identicum01 (given: John, family: Smith) and another user
> called identicum02 (given: John, family: Smith), the usernames
> are unique, so the emailAddress attribute will both contain
> empty iterationToken, which is indeed not expected. The
> iterationToken is only used when you have configured the
> mapping for user/name attribute to use it. And then you can
> use iterationToken also in other mappings.
>
> If user/name is generated from given and family names,
> iterationToken would be used for both user/name values, and
> the same value would then be used in the emailAddress. The
> iterationToken is single-value attribute stored in User object
> and triggered only if the username is not unique and the
> mapping for user/name is using the iterationToken.
>
> See my attached object template; I've just tried it with the
> following use case:
> 1. create new user in midPoint, givenName: John, familyName:
> Smith, password: whatever. No name attribute filled. Save.
> Username JSmith was generated, emailAddress=JSmith at domain.com
> <mailto:emailAddress=JSmith at domain.com>
> 2. create new user in midPoint, givenName: John, familyName:
> Smith, password: whatever. No name attribute filled. Save.
> Username JSmith1 was generated,
> emailAddress=JSmith1 at domain.com
> <mailto:emailAddress=JSmith1 at domain.com>
>
> I think this is what you were trying to achieve.
> Of course you need to specify the mapping strength as normal
> or strong if you wish to generate new user/name and
> user/emailAddress whenever user is renamed. If you don't need
> this, and only wish to set it for the very first time, weak is OK.
>
> See also https://jira.evolveum.com/browse/MID-1977
>
> Regards,
> Ivan
>
> <objectTemplate
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
>
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3>
>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
> oid="c0c010c0-d34d-b33f-f00d-777222222333"
> version="1">
> <name>User Template CSV sync</name>
> <description>
> Alternative User Template Object.
> This object is used when creating a new account,
> to set it up as needed.
> </description>
> <metadata>
>
> <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
> <creatorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"><!-- administrator --></creatorRef>
>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
> </metadata>
> <iteration>
> <maxIterations>10</maxIterations>
> <tokenExpression>
> <script>
> <code>
> if (iteration == 0) {
> return "";
> } else {
> return ""+iteration;
> }
> </code>
> </script>
> </tokenExpression>
> </iteration>
> <mapping>
> <description>
> Property mapping.
> Defines how properties of user object are set up.
> This specific definition sets a full name as a
> concatenation
> of givenName and familyName.
> </description>
> <strength>weak</strength>
> <source>
> <c:path>$user/givenName</c:path>
> </source>
> <source>
> <c:path>$user/familyName</c:path>
> </source>
> <expression>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> <code>
> givenName + '
> ' + familyName
> </code>
> </script>
> </expression>
> <target>
> <c:path>fullName</c:path>
> </target>
> </mapping>
> <mapping>
> <strength>weak</strength>
> <source>
> <c:path>givenName</c:path>
> </source>
> <source>
> <c:path>familyName</c:path>
> </source>
> <expression>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> <code>
> def givenNameStr = ''+givenName
> givenNameStr.substring(0,1) + '' + familyName +
> iterationToken + '@domain.com <http://domain.com>'
> </code>
> </script>
> </expression>
> <target>
> <c:path>$user/emailAddress</c:path>
> </target>
> </mapping>
> <mapping>
> <strength>weak</strength>
> <source>
> <c:path>givenName</c:path>
> </source>
> <source>
> <c:path>familyName</c:path>
> </source>
> <expression>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> <code>
> def givenNameStr = ''+givenName
> givenNameStr.substring(0,1) + '' + familyName +
> iterationToken
> </code>
> </script>
> </expression>
> <target>
> <c:path>$user/name</c:path>
> </target>
> </mapping>
> </objectTemplate>
>
>
> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>> Hi all,
>>
>> I have an Object Template for users, and since I need email
>> to be unique, I defined an iteration on it:
>>
>> /<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">/
>> / <name>User Template CSV sync</name>/
>> / <iteration>/
>> / <maxIterations>10</maxIterations>/
>> / <tokenExpression>/
>> / <script>/
>> / <code>/
>> / if (iteration == 0) {/
>> / return "";/
>> / } else {/
>> / return ""+iteration;/
>> / }/
>> / </code>/
>> / </script>/
>> / </tokenExpression>/
>> / </iteration>/
>> /.../
>> /.../
>> /
>> /
>> And then within the emailAddress mapping:
>>
>> <mapping>
>> <strength>weak</strength>
>> <source>
>> <path>givenName</path>
>> </source>
>> <source>
>> <path>familyName</path>
>> </source>
>> <expression>
>> <script>
>>
>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>> <code>
>> def givenNameStr = ''+givenName
>> givenNameStr.substring(0,1) + '' + familyName +
>> iterationToken + '@domain.com <http://domain.com>'
>> </code>
>> </script>
>> </expression>
>> <target>
>> <path>$user/emailAddress</path>
>> </target>
>> </mapping>
>>
>> The problem is that whenever I create a user, the email is
>> always being set as if the iterationToken is '' and this
>> result on duplicate emailAddress attribute among users.
>>
>> Is there something I'm doing wrong?
>>
>> Thanks in Advance
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
>> www.identicum.com <http://www.identicum.com>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/5a91b5d7/attachment.htm>
More information about the midPoint
mailing list