[midPoint] Case sensitive matching rule
Jan Kaspar
Caspi at seznam.cz
Sun Dec 10 20:36:54 CET 2017
Hi All,
I have another question for setup. I have two sources CSV and AD LDAP.
I am creating users from CSV in MidPoint and then I am matching it with
existing accounts in AD.
Currently i am expiriencing problem with case sensitivity in correlation
rule.
Template user (generating username)
<mapping>
<source>
<c:path>$user/givenName</c:path>
</source>
<source>
<c:path>$user/familyName</c:path>
</source>
<expression>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>(givenName == null ? '' : givenName) + ' ' + (familyName =
= null ? '' : familyName)</code>
</script>
</expression>
<target>
<c:path>fullName</c:path>
</target>
</mapping>
Attirbute sAMAccountName in AD-LDAP
<attribute>
<c:ref>ri:sAMAccountName</c:ref>
<displayName>Login name</displayName>
<matchingRule xmlns:gen68="http://prism.evolveum.com/xml/ns/
public/matching-rule-3">gen68:stringIgnoreCase</matchingRule>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$user/name</c:path>
</source>
</outbound>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path>$focus/name</c:path>
</target>
</inbound>
</attribute>
Sync of accounts:
<synchronization>
<objectSynchronization>
<name>Account sync</name>
<objectClass>ri:user</objectClass>
<kind>account</kind>
<intent>default</intent>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:matching>polyStringNorm</q:matching>
<q:path>c:name</q:path>
<expression xmlns="">
<path>$shadow/attributes/sAMAccountName</path>
</expression>
</q:equal>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<action ref="http://midpoint.evolveum.com/xml/ns/public/model/
action-3#unlink"/>
</reaction>
<reaction>
<situation>unlinked</situation>
<action ref="http://midpoint.evolveum.com/xml/ns/public/model/
action-3#link"/>
</reaction>
<reaction>
<situation>unmatched</situation>
<action ref="http://midpoint.evolveum.com/xml/ns/public/model/
action-3#addFocus"/>
</reaction>
</objectSynchronization>
For some users I am getting following error:
SystemException: Schema violation during processing shadow: shadow: CN=
Gilbert Stephens,OU=Users,OU=CZ,DC=HELL,DC=LOCAL (OID:afefb716-7cab-4d0f-bd5
e-c74bf0e868df): Schema violation: Value of attribute '__NAME__' must be a
single value, but it has 0values: Schema violation during processing shadow:
shadow: CN=Gilbert Stephens,OU=Users,OU=CZ,DC=HELL,DC=LOCAL (OID:afefb716-7
cab-4d0f-bd5e-c74bf0e868df): Schema violation: Value of attribute '__NAME__'
must be a single value, but it has 0values: Schema violation during
processing shadow: shadow: CN=Gilbert Stephens,OU=Users,OU=CZ,DC=HELL,DC=
LOCAL (OID:afefb716-7cab-4d0f-bd5e-c74bf0e868df): Schema violation: Value of
attribute '__NAME__' must be a single value, but it has 0values: Schema
violation during processing shadow: shadow: CN=Gilbert Stephens,OU=Users,OU=
CZ,DC=HELL,DC=LOCAL (OID:afefb716-7cab-4d0f-bd5e-c74bf0e868df): Schema
violation: Value of attribute '__NAME__' must be a single value, but it has
0values
It can be easily solved by changing samaccountname in AD from "gilbert.
stephens" to "Gilbert.Stephens".
How hadle that? how to prevent to that behaviour?
Thanks Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171210/baa3d885/attachment.htm>
More information about the midPoint
mailing list