[midPoint] iterationToken in Object Template
Martin Marchese
mmarchese at identicum.com
Thu Jun 23 22:22:59 CEST 2016
Thanks both,
We tried that example and worked like charm!
Regards
*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com
On Thu, Jun 23, 2016 at 4:13 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:
> Hi Martin,
>
> the sample referenced by Jason should work for having unique emailAddress
> attribute and not doing anything with user/name. I have not used this
> combination in my projects.
>
> For defining emailAddress as unique: maybe this blog could help:
> https://evolveum.com/blog/unique-e-mail-address-value/
>
> See the mapping "My object template: Validate emailAddress uniqueness".
> MidPoint will throw an exception whenever the new value of emailAddress
> attribute is already used in other midPoint user. It's quite ugly, but it
> works.
>
> Regards,
> Ivan
>
>
> On 06/23/2016 04:59 PM, Martin Marchese wrote:
>
> To clarify, we are facing 2 different problems:
>
> - Defining emailAddress as unique within the MidPoint schema (is this
> possible?), to get MidPoint return an error whenever the emailAddress
> already exists.
>
> - Generating an unique emailAddress from the objectTemplate, but not the
> username.
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
> On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese <mmarchese at identicum.com
> > wrote:
>
>> Thanks Ivan,
>>
>> In fact, I just need to get uniqueness in the emailAddress (I've already
>> have username uniqueness since it's a personal ID #). The emailAddress, has
>> nothing to do with the username in our design. Is there another way to
>> achieve a field uniqueness?
>>
>> Regards,
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com
>> www.identicum.com
>>
>> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris < <ivan.noris at evolveum.com>
>> ivan.noris at evolveum.com> wrote:
>>
>>> Hi Martin,
>>>
>>> my guess is that you are using object template, where name is not
>>> generated using iterationToken. I have searched our samples for the object
>>> template you've pasted and found one - possibly the same.
>>>
>>> The iterationToken in emailAddress will be non-empty only if the
>>> iterator was used to generate the unique name.
>>> So, for example, if I tried to create one user called identicum01
>>> (given: John, family: Smith) and another user called identicum02 (given:
>>> John, family: Smith), the usernames are unique, so the emailAddress
>>> attribute will both contain empty iterationToken, which is indeed not
>>> expected. The iterationToken is only used when you have configured the
>>> mapping for user/name attribute to use it. And then you can use
>>> iterationToken also in other mappings.
>>>
>>> If user/name is generated from given and family names, iterationToken
>>> would be used for both user/name values, and the same value would then be
>>> used in the emailAddress. The iterationToken is single-value attribute
>>> stored in User object and triggered only if the username is not unique and
>>> the mapping for user/name is using the iterationToken.
>>>
>>> See my attached object template; I've just tried it with the following
>>> use case:
>>> 1. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith was generated, <emailAddress=JSmith at domain.com>
>>> emailAddress=JSmith at domain.com
>>> 2. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith1 was generated, <emailAddress=JSmith1 at domain.com>
>>> emailAddress=JSmith1 at domain.com
>>>
>>> I think this is what you were trying to achieve.
>>> Of course you need to specify the mapping strength as normal or strong
>>> if you wish to generate new user/name and user/emailAddress whenever user
>>> is renamed. If you don't need this, and only wish to set it for the very
>>> first time, weak is OK.
>>>
>>> See also https://jira.evolveum.com/browse/MID-1977
>>>
>>> Regards,
>>> Ivan
>>>
>>> <objectTemplate xmlns=
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> xmlns:icfs=
>>> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>>> xmlns:t=
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>> "http://prism.evolveum.com/xml/ns/public/types-3"
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>> xmlns:c=
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> xmlns:q=
>>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>> "http://prism.evolveum.com/xml/ns/public/query-3"
>>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>> xmlns:ri=
>>> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>>> oid="c0c010c0-d34d-b33f-f00d-777222222333"
>>> version="1">
>>> <name>User Template CSV sync</name>
>>> <description>
>>> Alternative User Template Object.
>>> This object is used when creating a new account, to set it
>>> up as needed.
>>> </description>
>>> <metadata>
>>> <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>>> type="c:UserType"><!-- administrator --></creatorRef>
>>> <createChannel>
>>> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>>> </createChannel>
>>> </metadata>
>>> <iteration>
>>> <maxIterations>10</maxIterations>
>>> <tokenExpression>
>>> <script>
>>> <code>
>>> if (iteration == 0) {
>>> return "";
>>> } else {
>>> return ""+iteration;
>>> }
>>> </code>
>>> </script>
>>> </tokenExpression>
>>> </iteration>
>>> <mapping>
>>> <description>
>>> Property mapping.
>>> Defines how properties of user object are set up.
>>> This specific definition sets a full name as a
>>> concatenation
>>> of givenName and familyName.
>>> </description>
>>> <strength>weak</strength>
>>> <source>
>>> <c:path>$user/givenName</c:path>
>>> </source>
>>> <source>
>>> <c:path>$user/familyName</c:path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> givenName + ' ' +
>>> familyName
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <c:path>fullName</c:path>
>>> </target>
>>> </mapping>
>>> <mapping>
>>> <strength>weak</strength>
>>> <source>
>>> <c:path>givenName</c:path>
>>> </source>
>>> <source>
>>> <c:path>familyName</c:path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> def givenNameStr = ''+givenName
>>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <c:path>$user/emailAddress</c:path>
>>> </target>
>>> </mapping>
>>> <mapping>
>>> <strength>weak</strength>
>>> <source>
>>> <c:path>givenName</c:path>
>>> </source>
>>> <source>
>>> <c:path>familyName</c:path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> def givenNameStr = ''+givenName
>>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <c:path>$user/name</c:path>
>>> </target>
>>> </mapping>
>>> </objectTemplate>
>>>
>>>
>>> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>>
>>> Hi all,
>>>
>>> I have an Object Template for users, and since I need email to be
>>> unique, I defined an iteration on it:
>>>
>>> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
>>> * <name>User Template CSV sync</name>*
>>> * <iteration>*
>>> * <maxIterations>10</maxIterations>*
>>> * <tokenExpression>*
>>> * <script>*
>>> * <code>*
>>> * if (iteration == 0) {*
>>> * return "";*
>>> * } else {*
>>> * return ""+iteration;*
>>> * }*
>>> * </code>*
>>> * </script>*
>>> * </tokenExpression>*
>>> * </iteration>*
>>> *...*
>>> *...*
>>>
>>> And then within the emailAddress mapping:
>>>
>>> <mapping>
>>> <strength>weak</strength>
>>> <source>
>>> <path>givenName</path>
>>> </source>
>>> <source>
>>> <path>familyName</path>
>>> </source>
>>> <expression>
>>> <script>
>>> <language>
>>> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>> <code>
>>> def givenNameStr = ''+givenName
>>> givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>> </code>
>>> </script>
>>> </expression>
>>> <target>
>>> <path>$user/emailAddress</path>
>>> </target>
>>> </mapping>
>>>
>>> The problem is that whenever I create a user, the email is always being
>>> set as if the iterationToken is '' and this result on duplicate
>>> emailAddress attribute among users.
>>>
>>> Is there something I'm doing wrong?
>>>
>>> Thanks in Advance
>>>
>>> *Ing. Martín Marchese*
>>> Identicum S.A.
>>> Anchorena 1357 PB
>>> Tel: +54 (11) 3526.5509
>>> mmarchese at identicum.com
>>> www.identicum.com
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>> Ing. Ivan Noris
>>> Senior Identity Management Engineer & IDM Architect
>>> evolveum.com evolveum.com/blog/
>>> ___________________________________________________
>>> "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/f5a05ff8/attachment.htm>
More information about the midPoint
mailing list